CVE-2022-25480

Vulnerability in Realtek RtsPer driver for PCIe Card Reader (RtsPer.sys) before 10.0.22000.21355 and Realtek RtsUer driver for USB Card Reader (RtsUer.sys) before 10.0.22000.31274 allows writing to kernel memory beyond the SystemBuffer of the IRP.

CVSS v3 7.8 HIGH

7.8^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
http://realtek.com	Broken Link
https://gist.github.com/zwclose/feb16f1424779a61cb1d9f6d5681408a	Third Party Advisory
https://www.realtek.com/images/safe-report/Realtek_RtsPer_RtsUer_Security_Advisory_Report.pdf	Vendor Advisory
https://zwclose.github.io/2024/10/14/rtsper1.html
http://realtek.com	Broken Link
https://gist.github.com/zwclose/feb16f1424779a61cb1d9f6d5681408a	Third Party Advisory
https://www.realtek.com/images/safe-report/Realtek_RtsPer_RtsUer_Security_Advisory_Report.pdf	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:realtek:rtsper::::::::
	cpe:2.3:a:realtek:rtsuer::::::::

History

21 Nov 2024, 06:52

Type	Values Removed	Values Added
References	~~() http://realtek.com - Broken Link~~	() http://realtek.com - Broken Link
References	~~() https://gist.github.com/zwclose/feb16f1424779a61cb1d9f6d5681408a - Third Party Advisory~~	() https://gist.github.com/zwclose/feb16f1424779a61cb1d9f6d5681408a - Third Party Advisory
References	~~() https://www.realtek.com/images/safe-report/Realtek_RtsPer_RtsUer_Security_Advisory_Report.pdf - Vendor Advisory~~	() https://www.realtek.com/images/safe-report/Realtek_RtsPer_RtsUer_Security_Advisory_Report.pdf - Vendor Advisory

24 Oct 2024, 17:15

Type	Values Removed	Values Added
References		() https://zwclose.github.io/2024/10/14/rtsper1.html -

21 Aug 2024, 15:57

Type	Values Removed	Values Added
CPE	cpe:2.3:o:realtek:rtsuer.sys_firmware:::::::: cpe:2.3:h:realtek:rtsuer.sys:-:::::::* cpe:2.3:h:realtek:rtsper.sys:-:::::::* cpe:2.3:o:realtek:rtsper.sys_firmware::::::::	cpe:2.3:a:realtek:rtsper:::::::: cpe:2.3:a:realtek:rtsuer::::::::
CWE	~~NVD-CWE-noinfo~~	CWE-787
First Time		Realtek rtsuer Realtek rtsper

21 Aug 2024, 15:24

Type	Values Removed	Values Added
CPE		cpe:2.3:o:realtek:rtsuer.sys_firmware:::::::: cpe:2.3:h:realtek:rtsuer.sys:-:::::::* cpe:2.3:h:realtek:rtsper.sys:-:::::::* cpe:2.3:o:realtek:rtsper.sys_firmware::::::::
First Time		Realtek rtsuer.sys Realtek Realtek rtsper.sys Realtek rtsuer.sys Firmware Realtek rtsper.sys Firmware
References	~~() http://realtek.com -~~	() http://realtek.com - Broken Link
References	~~() https://gist.github.com/zwclose/feb16f1424779a61cb1d9f6d5681408a -~~	() https://gist.github.com/zwclose/feb16f1424779a61cb1d9f6d5681408a - Third Party Advisory
References	~~() https://www.realtek.com/images/safe-report/Realtek_RtsPer_RtsUer_Security_Advisory_Report.pdf -~~	() https://www.realtek.com/images/safe-report/Realtek_RtsPer_RtsUer_Security_Advisory_Report.pdf - Vendor Advisory
CWE		NVD-CWE-noinfo
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 7.8

03 Jul 2024, 12:53

Type	Values Removed	Values Added
Summary		(es) Una vulnerabilidad en el controlador Realtek RtsPer para lector de tarjetas PCIe (RtsPer.sys) anterior a 10.0.22000.21355 y el controlador Realtek RtsUer para lector de tarjetas USB (RtsUer.sys) anterior a 10.0.22000.31274 permite escribir en la memoria del kernel más allá del SystemBuffer del IRP.

02 Jul 2024, 19:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-07-02 19:15

Updated : 2025-03-25 18:15

NVD link : CVE-2022-25480

Mitre link : CVE-2022-25480

CVE.ORG link : CVE-2022-25480

JSON object : View

Products Affected

realtek

rtsper
rtsuer

CWE

CWE-787

Out-of-bounds Write

{"id": "CVE-2022-25480", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}]}, "published": "2024-07-02T19:15:12.037", "references": [{"url": "http://realtek.com", "tags": ["Broken Link"], "source": "cve@mitre.org"}, {"url": "https://gist.github.com/zwclose/feb16f1424779a61cb1d9f6d5681408a", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.realtek.com/images/safe-report/Realtek_RtsPer_RtsUer_Security_Advisory_Report.pdf", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://zwclose.github.io/2024/10/14/rtsper1.html", "source": "cve@mitre.org"}, {"url": "http://realtek.com", "tags": ["Broken Link"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://gist.github.com/zwclose/feb16f1424779a61cb1d9f6d5681408a", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.realtek.com/images/safe-report/Realtek_RtsPer_RtsUer_Security_Advisory_Report.pdf", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-787"}]}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-787"}]}], "descriptions": [{"lang": "en", "value": "Vulnerability in Realtek RtsPer driver for PCIe Card Reader (RtsPer.sys) before 10.0.22000.21355 and Realtek RtsUer driver for USB Card Reader (RtsUer.sys) before 10.0.22000.31274 allows writing to kernel memory beyond the SystemBuffer of the IRP."}, {"lang": "es", "value": "Una vulnerabilidad en el controlador Realtek RtsPer para lector de tarjetas PCIe (RtsPer.sys) anterior a 10.0.22000.21355 y el controlador Realtek RtsUer para lector de tarjetas USB (RtsUer.sys) anterior a 10.0.22000.31274 permite escribir en la memoria del kernel m\u00e1s all\u00e1 del SystemBuffer del IRP."}], "lastModified": "2025-03-25T18:15:28.733", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:realtek:rtsper:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "126006F2-0655-4EAB-AD95-87AADA0C8F8E", "versionEndExcluding": "10.0.22000.21355"}, {"criteria": "cpe:2.3:a:realtek:rtsuer:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B45E5C60-6DE7-4324-84A0-5F4270C6ACA0", "versionEndExcluding": "10.0.22000.31274"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}

7.8 /10