PT-2022-7669 · Realtek · Realtek Rtsuer Driver
Published
2022-05-05
·
Updated
2024-11-04
·
CVE-2022-25478
CVSS v3.1
7.8
High
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Realtek RtsPer driver for PCIe Card Reader versions prior to 10.0.22000.21355
Realtek RtsUer driver for USB Card Reader versions prior to 10.0.22000.31274
Description
The issue is related to insufficient input validation in the Realtek SD card reader device drivers, specifically RtsPer.sys and RtsUer.sys. This allows an attacker to gain read and write access to the PCI configuration space of the device.
Recommendations
For Realtek RtsPer driver for PCIe Card Reader versions prior to 10.0.22000.21355, update to version 10.0.22000.21355 or later.
For Realtek RtsUer driver for USB Card Reader versions prior to 10.0.22000.31274, update to version 10.0.22000.31274 or later.
Fix
RCE
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Realtek Rtsuer Driver