"The following OEMs equip some of their laptop series with SD card readers manufactured by Realtek:<p>- Dell<p>- HP<p>- Lenovo<p>- MSI<p>The list may be incomplete. Basically, if your laptop or desktop has a card reader managed by RtsPer.sys, make sure that the driver is up to date."<p>...<p>"The version of RtsPer.sys that is free from all these vulnerabilities is 10.0.26100.21374 or higher."<p>The article goes into depth and shows proof of concept for the following:<p>- CVE-2022-25477: leaking driver logs<p>- CVE-2022-25478: accessing PCI config space<p>- CVE-2022-25479: leaking kernel pool and stack<p>- CVE-2022-25480: writing beyond IRP::SystemBuffer<p>- CVE-2024-40432: writing beyond IRP::SystemBuffer<p>- CVE-2024-40431: writing to arbitrary kernel address