First published: Tue Nov 02 2021(Updated: )
RtsUpx.sys in Realtek RtsUpx USB Utility Driver for Camera/Hub/Audio through 1.14.0.0 allows local low-privileged users to achieve an arbitrary read or write operation from/to physical memory (leading to Escalation of Privileges, Denial of Service, Code Execution, and Information Disclosure) via a crafted Device IO Control packet to a device.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Realtek RtsUpx USB Utility Driver | <=1.14.0.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2021-36925 is a vulnerability in the Realtek RtsUpx USB Utility Driver that allows local low-privileged users to achieve an arbitrary read or write operation from/to physical memory.
CVE-2021-36925 has a severity rating of 7.8, which is considered high.
CVE-2021-36925 can lead to Escalation of Privileges, Denial of Service, Code Execution, and Information Disclosure on the affected system.
The Realtek RtsUpx USB Utility Driver versions up to and including 1.14.0.0 are affected by CVE-2021-36925.
To fix CVE-2021-36925, users should update their Realtek RtsUpx USB Utility Driver to a version that is not affected by the vulnerability.