CVE-2022-25477

MEDIUM

Realtek RtsPer < 10.0.22000.21355 and RtsUer < 10.0.22000.31274 - Kernel Address Leak via Driver Logs

Title source: llm

Description

Vulnerability in Realtek RtsPer driver for PCIe Card Reader (RtsPer.sys) before 10.0.22000.21355 and Realtek RtsUer driver for USB Card Reader (RtsUer.sys) before 10.0.22000.31274 leaks driver logs that contain addresses of kernel mode objects, weakening KASLR.

References (4)

Core 4

Core References

Various Sources

https://zwclose.github.io/2024/10/14/rtsper1.html

Broken Link

http://realtek.com

Third Party Advisory

https://gist.github.com/zwclose/feb16f1424779a61cb1d9f6d5681408a

Vendor Advisory

https://www.realtek.com/images/safe-report/Realtek_RtsPer_RtsUer_Security_Advisory_Report.pdf

Scores

CVSS v3 5.5

EPSS 0.0018

EPSS Percentile 7.8%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-532

Status published

Products (2)

realtek/rtsper < 10.0.22000.21355

realtek/rtsuer < 10.0.22000.31274

Published Jul 02, 2024

Tracked Since Feb 18, 2026