Is Stack Overflow affected by CVE-2026-35553?

CVE-2026-35553 is a stack-based buffer overflow in Dynabook Bluetooth ACPI drivers that allows local administrators to execute arbitrary code and achieve complete system compromise.

CVE-2026-35553

EUVD-2026-21848 HIGH

2026-04-13 jpcert

GHSA-gp9q-xqfw-39jw

8.4

CVSS 4.0

CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Local

Attack Complexity

Low

Privileges Required

High

User Interaction

None

Scope

Lifecycle Timeline

Analysis Generated

Apr 13, 2026 - 05:26 vuln.today

Severity Changed

Apr 13, 2026 - 05:22 NVD

MEDIUM HIGH

CVSS Changed

Apr 13, 2026 - 05:22 NVD

6.7 (MEDIUM) 8.4 (HIGH)

Description

Bluetooth ACPI Drivers provided by Dynabook Inc. contain a stack-based buffer overflow vulnerability. An attacker may execute arbitrary code by modifying certain registry values.

Analysis

Stack-based buffer overflow in Dynabook Bluetooth ACPI drivers (tosrfec.sys, drfec.sys) allows local administrators to execute arbitrary code by manipulating specific registry values. This CVSS 8.4 vulnerability requires high privileges (administrative access) but enables complete system compromise with low attack complexity. …

Remediation

Within 24 hours: Identify all Dynabook systems with tosrfec.sys or drfec.sys drivers installed using hardware inventory tools and isolate any critical systems from general user access. Within 7 days: Contact Dynabook for patch availability timeline and implement compensating controls (see below). …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.0

CVSS: +42

POC: 0

CVE-2026-35553 vulnerability details – vuln.today

Back

CVE-2026-35553

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Remediation

Analysis

Full analysis requires sign-in

Priority Score

Share

CVE-2026-35553

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Remediation

Full analysis requires sign-in

Priority Score

Share

External POC / Exploit Code