EUVD-2026-21848
GHSA-gp9q-xqfw-39jw
CVSS VectorNVD
CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
6DescriptionNVD
Bluetooth ACPI Drivers provided by Dynabook Inc. contain a stack-based buffer overflow vulnerability. An attacker may execute arbitrary code by modifying certain registry values.
AnalysisAI
Stack-based buffer overflow in Dynabook Bluetooth ACPI drivers (tosrfec.sys, drfec.sys) allows local administrators to execute arbitrary code by manipulating specific registry values. This CVSS 8.4 vulnerability requires high privileges (administrative access) but enables complete system compromise with low attack complexity. …
Sign in for full analysis, threat intelligence, and remediation guidance.
RemediationAI
Within 24 hours: Identify all Dynabook systems with tosrfec.sys or drfec.sys drivers installed using hardware inventory tools and isolate any critical systems from general user access. Within 7 days: Contact Dynabook for patch availability timeline and implement compensating controls (see below). …
Sign in for detailed remediation steps.
Share
External POC / Exploit Code
Leaving vuln.today