CVE-2021-36922

Name of the Vulnerable Software and Affected Versions Realtek RtsUpx USB Utility Driver for Camera/Hub/Audio versions 1.14.0.0 and earlier

Description The issue allows local low-privileged users to achieve unauthorized access to USB devices, potentially leading to escalation of privileges, denial of service, code execution, and information disclosure. This can be achieved via a crafted Device IO Control packet to a device.

Recommendations For versions 1.14.0.0 and earlier, update to a version later than 1.14.0.0 to resolve the issue. As a temporary workaround, consider restricting access to the RtsUpx.sys driver to minimize the risk of exploitation.