Realtek RTL8811AU Out-of-Bounds Read Vulnerability in rtwlanu.sys Allowing Information Disclosure
Vulnerability
An out-of-bounds read vulnerability has been identified in the Realtek RTL8811AU wireless driver, specifically within the rtwlanu.sys file. This vulnerability allows local attackers to disclose sensitive information by exploiting the N6CQueryInformationHandleCustomized11nOids function. The issue arises from inadequate validation of user-supplied data, leading to unauthorized reading beyond the limits of an allocated buffer. To exploit this vulnerability, an attacker must first have the ability to execute low-privileged code on the target system. Additionally, this vulnerability could be leveraged alongside others to execute arbitrary code in the kernel context.
Impact
Exploitation of this vulnerability could lead to unauthorized information disclosure, with the potential for local attackers to execute arbitrary code in the kernel context, especially when combined with other vulnerabilities.
Remediation
Users are advised to update to Realtek RTL8811AU version 1030.44.1204.2024.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.