CVE-2024-40432

Name of the Vulnerable Software and Affected Versions: Realtek SD card reader driver versions before 10.0.26100.21374

Description: The issue is related to a lack of input validation in the Realtek SD card reader driver, specifically through the implementation of the IOCTL SFFDISK DEVICE COMMAND control. This allows a privileged attacker to crash the OS. Additionally, there is a buffer overflow vulnerability in the RtsPer.sys driver, which can be exploited to write data to kernel memory beyond the system buffer IRP.

Recommendations: For versions before 10.0.26100.21374, update to a version 10.0.26100.21374 or later to resolve the issue. As a temporary workaround, consider restricting access to the IOCTL SFFDISK DEVICE COMMAND control to minimize the risk of exploitation. Avoid using the RtsPer.sys driver until the issue is resolved, if possible.