CVE-2022-25479

MEDIUM

Realtek Rtsper < 10.0.22000.21355 - Memory Leak

Title source: rule

Description

Vulnerability in Realtek RtsPer driver for PCIe Card Reader (RtsPer.sys) before 10.0.22000.21355 and Realtek RtsUer driver for USB Card Reader (RtsUer.sys) before 10.0.22000.31274 allows for the leakage of kernel memory from both the stack and the heap.

Exploits (1)

nomisec WORKING POC 45 stars

by SpiralBL0CK · poc

https://github.com/SpiralBL0CK/CVE-2024-40431-CVE-2022-25479-EOP-CHAIN

View Code ZIP pw:eip

References (4)

[Various Sources] https://zwclose.github.io/2024/10/14/rtsper1.html

[Broken Link] http://realtek.com

[Third Party Advisory] https://gist.github.com/zwclose/feb16f1424779a61cb1d9f6d5681408a

[Vendor Advisory] https://www.realtek.com/images/safe-report/Realtek_RtsPer_RtsUer_Security_Advisory_Report.pdf

Scores

CVSS v3 5.5

EPSS 0.0280

EPSS Percentile 85.9%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Classification

CWE

CWE-401

Status published

Affected Products (2)

realtek/rtsper < 10.0.22000.21355

realtek/rtsuer < 10.0.22000.31274

Timeline

Published Jul 02, 2024

Tracked Since Feb 18, 2026