Vulnerabilities > CVE-2019-11867 - NULL Pointer Dereference vulnerability in Realtek Ndis 10.1.505.2015

CVSS 5.5 - MEDIUM

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

local

low complexity

realtek

CWE-476

NVD

Published: 2020-02-12

Updated: 2020-02-25

Summary

Realtek NDIS driver rt640x64.sys, file version 10.1.505.2015, fails to do any size checking on an input buffer from user space, which the driver assumes has a size greater than zero bytes. To exploit this vulnerability, an attacker must send an IRP with a system buffer size of 0.

Vulnerable Configurations

Part	Description	Count
Application	Realtek Realtek Ndis 10.1.505.2015	1

Common Weakness Enumeration (CWE)

CWE-476 - NULL Pointer Dereference

References

https://www.realtek.cz/realtek-network-drivers.html
https://downwithup.github.io/CVEPosts.html