CVE-2022-25479

{"id": "CVE-2022-25479", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.8}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.1, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 4.2, "exploitabilityScore": 1.8}]}, "published": "2024-07-02T19:15:11.957", "references": [{"url": "http://realtek.com", "tags": ["Broken Link"], "source": "cve@mitre.org"}, {"url": "https://gist.github.com/zwclose/feb16f1424779a61cb1d9f6d5681408a", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.realtek.com/images/safe-report/Realtek_RtsPer_RtsUer_Security_Advisory_Report.pdf", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://zwclose.github.io/2024/10/14/rtsper1.html", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-401"}]}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-401"}]}], "descriptions": [{"lang": "en", "value": "Vulnerability in Realtek RtsPer driver for PCIe Card Reader (RtsPer.sys) before 10.0.22000.21355 and Realtek RtsUer driver for USB Card Reader (RtsUer.sys) before 10.0.22000.31274 allows for the leakage of kernel memory from both the stack and the heap."}, {"lang": "es", "value": "Una vulnerabilidad en el controlador Realtek RtsPer para lector de tarjetas PCIe (RtsPer.sys) anterior a 10.0.22000.21355 y el controlador Realtek RtsUer para lector de tarjetas USB (RtsUer.sys) anterior a 10.0.22000.31274 permite la p\u00e9rdida de memoria del kernel tanto de la pila como del mont\u00f3n."}], "lastModified": "2024-10-28T19:35:02.130", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:realtek:rtsper:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "126006F2-0655-4EAB-AD95-87AADA0C8F8E", "versionEndExcluding": "10.0.22000.21355"}, {"criteria": "cpe:2.3:a:realtek:rtsuer:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B45E5C60-6DE7-4324-84A0-5F4270C6ACA0", "versionEndExcluding": "10.0.22000.31274"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}