PT-2020-9222 · Realtek · Realtek Ndis Driver

Published

2020-02-12

Updated

2020-02-25

CVE-2019-11867

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Realtek NDIS driver rt640x64.sys version 10.1.505.2015

Description The issue arises from the driver's failure to perform size checking on an input buffer from user space, assuming it has a size greater than zero bytes. An attacker can exploit this by sending an IRP with a system buffer size of 0.

Recommendations For Realtek NDIS driver rt640x64.sys version 10.1.505.2015, consider disabling the driver until a patch is available to prevent exploitation.

Fix

NULL Pointer Dereference

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-476

Related Identifiers

CVE-2019-11867

Affected Products

Realtek Ndis Driver

PT-2020-9222 · Realtek · Realtek Ndis Driver

CVE-2019-11867

Weakness Enumeration

Related Identifiers

Affected Products

References · 4