PT-2024-25160 · Realtek Semiconductor · Realtek Lo Driver

Published

2024-05-22

Updated

2025-03-13

CVE-2024-33224

CVSS v3.1

8.4

High

Vector

AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Realtek lO Driver version 1.008.0823.2017

Description An issue in the component rtkio64.sys of Realtek Semiconductor Corp Realtek lO Driver allows attackers to escalate privileges and execute arbitrary code via sending crafted IOCTL requests.

Recommendations For Realtek lO Driver version 1.008.0823.2017, consider disabling the rtkio64.sys component as a temporary workaround until a patch is available. Restrict access to the vulnerable component to minimize the risk of exploitation. Avoid using crafted IOCTL requests in the affected component until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Improper Privilege Management

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-269

Related Identifiers

CVE-2024-33224

Affected Products

Realtek Lo Driver

PT-2024-25160 · Realtek Semiconductor · Realtek Lo Driver

CVE-2024-33224

Weakness Enumeration

Related Identifiers

Affected Products

References · 8