A lack of input validation in Realtek SD card reader driver before 10.0.26100.21374 through the implementation of the IOCTL_SCSI_PASS_THROUGH control of the SD card reader driver allows an attacker to write to predictable kernel memory locations, even as a low-privileged user.
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://zwclose.github.io/2024/10/14/rtsper1.html |
History
Thu, 24 Oct 2024 18:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Realtek
Realtek sd Card Reader Driver |
|
CPEs | cpe:2.3:a:realtek:sd_card_reader_driver:*:*:*:*:*:*:*:* | |
Vendors & Products |
Realtek
Realtek sd Card Reader Driver |
|
Metrics |
cvssV3_1
|
Wed, 23 Oct 2024 21:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | A lack of input validation in Realtek SD card reader driver before 10.0.26100.21374 through the implementation of the IOCTL_SCSI_PASS_THROUGH control of the SD card reader driver allows an attacker to write to predictable kernel memory locations, even as a low-privileged user. | |
References |
|
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2024-10-23T00:00:00
Updated: 2024-10-24T17:43:32.664Z
Reserved: 2024-07-05T00:00:00
Link: CVE-2024-40431
Vulnrichment
Updated: 2024-10-24T17:43:27.488Z
NVD
Status : Awaiting Analysis
Published: 2024-10-23T22:15:02.340
Modified: 2024-10-25T12:56:07.750
Link: CVE-2024-40431
Redhat
No data.