CVE-2022-25477: 
Realtek RtsPer Card Reader Driver vulnerability analysis and mitigation

CVE-2022-25477 is a vulnerability in Realtek RtsPer driver for PCIe Card Reader (RtsPer.sys) before version 10.0.22000.21355 and Realtek RtsUer driver for USB Card Reader (RtsUer.sys) before version 10.0.22000.31274. The vulnerability leaks driver logs containing addresses of kernel mode objects, which weakens Kernel Address Space Layout Randomization (KASLR). This affects multiple laptop manufacturers including Dell, Lenovo, and others using Realtek SD card readers (Realtek Blog).

The vulnerability exists in the driver's logging functionality, which extensively logs addresses of kernel mode objects. The driver logs various information including addresses of kernel modules, device extensions, and IRPs being handled. Due to permissive Access Control Lists (ACL) on the device object, any user can access these logs. The vulnerability affects multiple SD card reader models including RTS5227, RTS5228, RTS522A, RTS5249, RTS524A, RTS5250, RTS525A, RTS5287, RTS5260, RTS5261, and RTS5264. The CVSS score is 5.5 MEDIUM (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N) (NVD).

The vulnerability weakens KASLR by exposing kernel mode object addresses through driver logs. This information disclosure can be leveraged by attackers to bypass security mechanisms and potentially facilitate other attacks. The widespread use of Realtek SD card readers across major OEMs including Dell, Lenovo, HP, and MSI amplifies the potential impact (Realtek Blog).

The vulnerability has been fixed in RtsPer.sys version 10.0.26100.21374 or higher, released in July-August 2023. In the fixed version, the driver logs are encrypted to prevent unauthorized access. Users and administrators should ensure their Realtek SD card reader drivers are updated to the latest version (Realtek Blog).