Is Stack Overflow affected by EUVD-2026-21848?

CVE-2026-35553 is a stack-based buffer overflow in Dynabook Bluetooth ACPI drivers that allows local administrators to execute arbitrary code and achieve complete system compromise.

EUVD-2026-21848

| CVE-2026-35553 HIGH

2026-04-13 jpcert

GHSA-gp9q-xqfw-39jw

8.4

CVSS 4.0

CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Local

Attack Complexity

Low

Privileges Required

High

User Interaction

None

Scope

Lifecycle Timeline

Analysis Generated

Apr 13, 2026 - 05:26 vuln.today

Severity Changed

Apr 13, 2026 - 05:22 NVD

MEDIUM HIGH

CVSS Changed

Apr 13, 2026 - 05:22 NVD

6.7 (MEDIUM) 8.4 (HIGH)

Description

Bluetooth ACPI Drivers provided by Dynabook Inc. contain a stack-based buffer overflow vulnerability. An attacker may execute arbitrary code by modifying certain registry values.

Analysis

Stack-based buffer overflow in Dynabook Bluetooth ACPI drivers (tosrfec.sys, drfec.sys) allows local administrators to execute arbitrary code by manipulating specific registry values. This CVSS 8.4 vulnerability requires high privileges (administrative access) but enables complete system compromise with low attack complexity. …

Remediation

Within 24 hours: Identify all Dynabook systems with tosrfec.sys or drfec.sys drivers installed using hardware inventory tools and isolate any critical systems from general user access. Within 7 days: Contact Dynabook for patch availability timeline and implement compensating controls (see below). …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.0

CVSS: +42

POC: 0

EUVD-2026-21848 vulnerability details – vuln.today

Back

EUVD-2026-21848

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Remediation

Analysis

Full analysis requires sign-in

Priority Score

Share

EUVD-2026-21848

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Remediation

Full analysis requires sign-in

Priority Score

Share

External POC / Exploit Code