CVE-2022-25479
Summary
| CVE | CVE-2022-25479 |
|---|---|
| State | PUBLISHED |
| Assigner | mitre |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2024-07-02 19:15:11 UTC |
| Updated | 2026-07-09 01:17:20 UTC |
| Description | Vulnerability in Realtek RtsPer driver for PCIe Card Reader (RtsPer.sys) before 10.0.22000.21355 and Realtek RtsUer driver for USB Card Reader (RtsUer.sys) before 10.0.22000.31274 allows for the leakage of kernel memory from both the stack and the heap. |
Risk And Classification
Primary CVSS: v3.1 5.5 MEDIUM from [email protected]
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
EPSS: 0.006310000 probability, percentile 0.460160000 (date 2026-07-13)
Problem Types: CWE-401 | n/a | CWE-401 CWE-401 Missing Release of Memory after Effective Lifetime
| Version | Source | Type | Score | Severity | Vector |
|---|---|---|---|---|---|
| 3.1 | [email protected] | Primary | 5.5 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
| 3.1 | ADP | DECLARED | 6.1 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H |
| 3.1 | 134c704f-9b21-4f2e-91b3-4a467353bcc0 | Secondary | 6.1 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H |
CVSS v3.1 Breakdown
Attack Vector
LocalAttack Complexity
LowPrivileges Required
LowUser Interaction
NoneScope
UnchangedConfidentiality
NoneIntegrity
NoneAvailability
HighCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
NVD Known Affected Configurations (CPE 2.3)
Vendor Declared Affected Products
| Source | Vendor | Product | Version | Platforms |
|---|---|---|---|---|
| CNA | Na | N/a | affected n/a | Not specified |
| ADP | Realtek | Rtsper Pcie Card Reader Driver | affected 10.0.22000.21355 custom | Not specified |
| ADP | Realtek | Rtsper Usb Card Reader Driver | affected 10.0.22000.31274 custom | Not specified |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| gist.github.com/zwclose/feb16f1424779a61cb1d9f6d5681408a | af854a3a-2127-422b-91ae-364da2661108 | gist.github.com | Third Party Advisory |
| zwclose.github.io/2024/10/14/rtsper1.html | [email protected] | zwclose.github.io | |
| www.realtek.com/images/safe-report/Realtek_RtsPer_RtsUer_Security_Advisory_Re... | af854a3a-2127-422b-91ae-364da2661108 | www.realtek.com | Vendor Advisory |
| realtek.com | MITRE | realtek.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.