CVE-2022-25480

HIGH

Realtek RtsPer < 10.0.22000.21355 and RtsUer < 10.0.22000.31274 - Out-of-bounds Write in IRP SystemBuffer

Title source: llm
STIX 2.1

Description

Vulnerability in Realtek RtsPer driver for PCIe Card Reader (RtsPer.sys) before 10.0.22000.21355 and Realtek RtsUer driver for USB Card Reader (RtsUer.sys) before 10.0.22000.31274 allows writing to kernel memory beyond the SystemBuffer of the IRP.

Scores

CVSS v3 7.8
EPSS 0.0019
EPSS Percentile 9.0%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact total

Details

CWE
CWE-787
Status published
Products (2)
realtek/rtsper < 10.0.22000.21355
realtek/rtsuer < 10.0.22000.31274
Published Jul 02, 2024
Tracked Since Feb 18, 2026