Man
Professional
- Messages
- 3,077
- Reaction score
- 614
- Points
- 113
The vulnerability remained invisible for a whole year until Realtek caught on.
Serious vulnerabilities have been discovered in SD card readers from Realtek that threaten the security of laptops from the world's leading manufacturers, including Dell and Lenovo. The problems are related to the «RtsPer.sys" driver, which allows non-Windows admin attackers to read and write to the device's physical memory, as well as gain access to the system kernel.
The vulnerabilities were first discovered in January 2022 during device analysis in the Windows Object Manager system. The driver was characterized by too open access rights, which made it possible to study its vulnerabilities more deeply. In April 2022, Realtek released the first patched version, but one of the key issues with DMA controller access went unnoticed. This omission was discovered only a year later during a second inspection.
The issue affects a number of SD card reader models, including RTS5260 and RTS5228, and is also used in laptops from manufacturers such as Dell, HP, Lenovo, and MSI. Among other things, the vulnerabilities allow attackers to extract data from the kernel, manipulate memory, and bypass operating system defenses.
Although Realtek announced back in 2022 that it had fixed five vulnerabilities at once (CVE-2022-25476, CVE-2022-25477, CVE-2022-25478, CVE-2022-25479, and CVE-2022-25480), the CVE-2022-25476 vulnerability was not fully resolved until a recent patch was released. Along with it, two more new vulnerabilities were fixed: CVE-2024-40431 and CVE-2024-40432.
One of the most dangerous bugs was CVE-2022-25479, a data leak from the kernel that paves the way for further attacks on the system. Other vulnerabilities, such as CVE-2022-25480 and CVE-2024-40431, allow data to be written to arbitrary kernel addresses, making it possible to take over the system. These issues seriously increase the risk of exploitation, especially on systems where the driver has not been updated to version 10.0.26100.21374 or higher.
Initially, the researcher responsible for discovering these vulnerabilities planned to provide full information about the fixes, including the exact release date, download links, and other useful information. However, over time, interaction with Realtek became extremely difficult: the company began to respond more slowly and less willingly, which is why it was decided to abandon the collection of this information.
Users are strongly advised to check for the latest updates for their devices. If the SD card reader is controlled via «RtsPer.sys", it is important to install the latest driver to avoid possible attacks.
Source
Serious vulnerabilities have been discovered in SD card readers from Realtek that threaten the security of laptops from the world's leading manufacturers, including Dell and Lenovo. The problems are related to the «RtsPer.sys" driver, which allows non-Windows admin attackers to read and write to the device's physical memory, as well as gain access to the system kernel.
The vulnerabilities were first discovered in January 2022 during device analysis in the Windows Object Manager system. The driver was characterized by too open access rights, which made it possible to study its vulnerabilities more deeply. In April 2022, Realtek released the first patched version, but one of the key issues with DMA controller access went unnoticed. This omission was discovered only a year later during a second inspection.
The issue affects a number of SD card reader models, including RTS5260 and RTS5228, and is also used in laptops from manufacturers such as Dell, HP, Lenovo, and MSI. Among other things, the vulnerabilities allow attackers to extract data from the kernel, manipulate memory, and bypass operating system defenses.
Although Realtek announced back in 2022 that it had fixed five vulnerabilities at once (CVE-2022-25476, CVE-2022-25477, CVE-2022-25478, CVE-2022-25479, and CVE-2022-25480), the CVE-2022-25476 vulnerability was not fully resolved until a recent patch was released. Along with it, two more new vulnerabilities were fixed: CVE-2024-40431 and CVE-2024-40432.
One of the most dangerous bugs was CVE-2022-25479, a data leak from the kernel that paves the way for further attacks on the system. Other vulnerabilities, such as CVE-2022-25480 and CVE-2024-40431, allow data to be written to arbitrary kernel addresses, making it possible to take over the system. These issues seriously increase the risk of exploitation, especially on systems where the driver has not been updated to version 10.0.26100.21374 or higher.
Initially, the researcher responsible for discovering these vulnerabilities planned to provide full information about the fixes, including the exact release date, download links, and other useful information. However, over time, interaction with Realtek became extremely difficult: the company began to respond more slowly and less willingly, which is why it was decided to abandon the collection of this information.
Users are strongly advised to check for the latest updates for their devices. If the SD card reader is controlled via «RtsPer.sys", it is important to install the latest driver to avoid possible attacks.
Source
