CVE-2024-40431

8.8 HIGH

Published: October 23, 2024 Modified: April 15, 2026

Description

A lack of input validation in Realtek SD card reader driver before 10.0.26100.21374 through the implementation of the IOCTL_SCSI_PASS_THROUGH control of the SD card reader driver allows an attacker to write to predictable kernel memory locations, even as a low-privileged user.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

CVSS v3.x Details

0.0 Low Medium High Critical 10.0

Vector String

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory

https://zwclose.github.io/2024/10/14/rtsper1.html

Source: cve@mitre.org

1 reference(s) from NVD

Quick Stats

CVSS v3 Score

8.8 / 10.0

EPSS (Exploit Probability)

24.8%

96th percentile

Exploitation Status

Not in CISA KEV