CVE-2022-25478
First published: Tue Jul 02 2024(Updated: )
Vulnerability in Realtek RtsPer driver for PCIe Card Reader (RtsPer.sys) before 10.0.22000.21355 and Realtek RtsUer driver for USB Card Reader (RtsUer.sys) before 10.0.22000.31274 provides read and write access to the PCI configuration space of the device.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Realtek RtsPer | <10.0.22000.21355 | |
| Realtek RTSUER | <10.0.22000.31274 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2022-25478?
CVE-2022-25478 has a critical severity level due to its potential to allow unauthorized read and write access to the device's PCI configuration space.
How do I fix CVE-2022-25478?
To fix CVE-2022-25478, update the Realtek RtsPer driver to version 10.0.22000.21355 or higher and the Realtek RtsUer driver to version 10.0.22000.31274 or higher.
What devices are affected by CVE-2022-25478?
CVE-2022-25478 affects devices using the Realtek RtsPer driver for PCIe Card Reader and Realtek RtsUer driver for USB Card Reader.
What are the potential risks associated with CVE-2022-25478?
The risks of CVE-2022-25478 include unauthorized access to sensitive data and control over the device, leading to further attacks.
When was CVE-2022-25478 disclosed?
CVE-2022-25478 was disclosed as part of a series of security advisories by Realtek, highlighting vulnerabilities in their drivers.
- agent/type
- agent/description
- agent/first-publish-date
- agent/author
- agent/event
- agent/severity
- agent/references
- agent/last-modified-date
- collector/mitre-cve
- source/MITRE
- agent/source
- agent/tags
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- agent/softwarecombine
- vendor/realtek
- canonical/realtek rtsper
- canonical/realtek rtsuer