CVE-2024-40431

EUVD-2024-38454
A lack of input validation in Realtek SD card reader driver before 10.0.26100.21374 through the implementation of the IOCTL_SCSI_PASS_THROUGH control of the SD card reader driver allows an attacker to write to predictable kernel memory locations, even as a low-privileged user.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
8.8 HIGH
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 96%
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
realteksd_card_reader_driver
𝑥
< 10.0.26100.21374
ADP
References
https://zwclose.github.io/2024/10/14/rtsper1.html