PT-2022-7670 · Realtek · Realtek Rtsuer Driver
Published
2022-05-05
·
Updated
2024-11-04
·
CVE-2022-25477
CVSS v3.1
5.5
Medium
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Realtek RtsPer driver for PCIe Card Reader versions prior to 10.0.22000.21355
Realtek RtsUer driver for USB Card Reader versions prior to 10.0.22000.31274
Description
The issue is related to insufficient protection of registration data in the Realtek SD card reader drivers, specifically RtsPer.sys and RtsUer.sys. This weakness can be exploited to gain access to driver logs, which contain addresses of kernel mode objects, thereby weakening KASLR.
Recommendations
For Realtek RtsPer driver for PCIe Card Reader versions prior to 10.0.22000.21355, update to version 10.0.22000.21355 or later.
For Realtek RtsUer driver for USB Card Reader versions prior to 10.0.22000.31274, update to version 10.0.22000.31274 or later.
Fix
Insertion into Log File
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Realtek Rtsuer Driver