Severity by source
CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
6DescriptionCVE.org
Bluetooth ACPI Drivers provided by Dynabook Inc. contain a stack-based buffer overflow vulnerability. An attacker may execute arbitrary code by modifying certain registry values.
AnalysisAI
Stack-based buffer overflow in Dynabook Bluetooth ACPI drivers (tosrfec.sys, drfec.sys) allows local administrators to execute arbitrary code by manipulating specific registry values. This CVSS 8.4 vulnerability requires high privileges (administrative access) but enables complete system compromise with low attack complexity. No public exploit identified at time of analysis, though the attack surface is limited to users who already possess elevated credentials.
Technical ContextAI
This vulnerability affects Dynabook Inc.'s Bluetooth ACPI drivers, specifically tosrfec.sys and drfec.sys kernel-mode components. The flaw is a CWE-121 stack-based buffer overflow, a class of memory corruption where user-controllable data exceeds allocated stack buffer boundaries. The attack vector involves modifying Windows registry values that are processed by these drivers without proper bounds checking. When the driver reads the malicious registry data, it overflows a stack buffer, allowing attackers to overwrite return addresses or other critical stack data structures. As kernel-mode drivers operate at Ring 0 with full system privileges, successful exploitation grants attackers complete control over the operating system. ACPI (Advanced Configuration and Power Interface) drivers interact with hardware power management, making them privileged components with deep system access. The registry-based attack surface is characteristic of Windows driver vulnerabilities where configuration parameters lack input validation.
RemediationAI
Apply vendor-provided security updates from Dynabook Inc. as detailed in Sharp Corporation's security advisories at https://global.sharp/corporate/info/product-security/advisory-list/2026-001/ (English) and https://corporate.jp.sharp/info/product-security/advisory-list/2026-001/ (Japanese). Consult JPCERT coordination notice at https://jvn.jp/en/vu/JVNVU96334293/ for comprehensive technical guidance and patch availability confirmation. Organizations should prioritize patching on systems where administrative access controls are weakest or where defense-in-depth protections against privilege escalation are critical. As an interim mitigation where patching is delayed, implement strict registry access controls using Windows ACLs to prevent unauthorized modification of registry keys processed by tosrfec.sys and drfec.sys drivers, though this workaround requires identifying the specific registry locations involved and may impact legitimate driver functionality. Monitor administrative account usage and registry modification events for suspicious activity targeting Bluetooth ACPI driver configuration paths.
Same weakness CWE-121 – Stack-based Buffer Overflow
View allSame technique Stack Overflow
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-21848
GHSA-gp9q-xqfw-39jw