CVE-2022-25479

MEDIUM

Realtek RtsPer/RtsUer Kernel Memory Leak via PCIe/USB Drivers

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2022-25479. PoCs published by SpiralBL0CK.

AI-analyzed exploit summary This repository contains a proof-of-concept exploit for chaining CVE-2024-40431 and CVE-2022-25479 to achieve a data-only attack leading to elevation of privilege (EOP). The exploit leverages SCSI commands and PCI configuration reads/writes to manipulate kernel memory.

Description

Vulnerability in Realtek RtsPer driver for PCIe Card Reader (RtsPer.sys) before 10.0.22000.21355 and Realtek RtsUer driver for USB Card Reader (RtsUer.sys) before 10.0.22000.31274 allows for the leakage of kernel memory from both the stack and the heap.

Exploits (1)

nomisec WORKING POC 45 stars
by SpiralBL0CK · poc
https://github.com/SpiralBL0CK/CVE-2024-40431-CVE-2022-25479-EOP-CHAIN

This repository contains a proof-of-concept exploit for chaining CVE-2024-40431 and CVE-2022-25479 to achieve a data-only attack leading to elevation of privilege (EOP). The exploit leverages SCSI commands and PCI configuration reads/writes to manipulate kernel memory.

Classification
Working Poc 90%
Attack Type
Lpe
Complexity
Complex
Reliability
Reliable
Target: Windows kernel (Realtek driver vulnerability)
No auth needed
Prerequisites: Presence of vulnerable Realtek driver · Local access to the target system
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4

Scores

CVSS v3 5.5
EPSS 0.0063
EPSS Percentile 45.4%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact partial

Details

CWE
CWE-401
Status published
Products (2)
realtek/rtsper < 10.0.22000.21355
realtek/rtsuer < 10.0.22000.31274
Published Jul 02, 2024
Tracked Since Feb 18, 2026