Skip to main content

Dynabook IO Driver EUVDEUVD-2026-39190

| CVE-2026-56129 MEDIUM
Exposed IOCTL with Insufficient Access Control (CWE-782)
2026-06-25 jpcert GHSA-62xh-mjg9-8qhv
6.8
CVSS 4.0 · Vendor: jpcert
Share

Severity by source

Vendor (jpcert) PRIMARY
6.8 MEDIUM
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vuln.today AI
7.1 HIGH

Physical memory access enables both read and write; C:H added to correct apparent understatement of vendor C:N, all other metrics align with the provided vector.

3.1 AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
4.0 AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

Primary rating from Vendor (jpcert).

CVSS VectorVendor: jpcert

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

2
CVSS changed
Jun 25, 2026 - 08:22 NVD
5.5 (MEDIUM) 6.8 (MEDIUM)
Analysis Generated
Jun 25, 2026 - 08:16 vuln.today

DescriptionCVE.org

Generic IO & Memory Access driver for PCs provided by TOSHIBA CORPORATION and Dynabook Inc. exposes its IOCTL with insufficient access control. A logged-in user with no administrative privilege may access physical memory.

AnalysisAI

Physical memory exposure in the Generic IO & Memory Access Driver for Toshiba and Dynabook PCs allows any locally logged-in user - without administrative privileges - to access physical memory by invoking an insufficiently access-controlled IOCTL interface. Physical memory access of this kind typically enables both reading sensitive in-memory data (credentials, encryption keys, kernel structures) and writing to arbitrary memory addresses, making the effective impact broader than the vendor CVSS C:N rating suggests. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Obtain low-privileged local session
Delivery
Open driver device handle
Exploit
Issue unrestricted IOCTL call
Execution
Map or read physical memory
Persist
Extract in-memory credentials or kernel structures
Impact
Escalate to administrator

Vulnerability AssessmentAI

Exploitation Exploitation requires an interactive local session as any standard (non-administrator) user on a Windows PC with the Generic IO & Memory Access Driver installed - this is the only prerequisite. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The vendor-assigned CVSS 3.1 vector (AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N, score 5.5) reflects a local, low-privilege, low-complexity attack with high integrity impact but zero confidentiality impact. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker who has obtained a standard (non-admin) user session on a Dynabook or Toshiba laptop - through phishing, a shared machine, or as a low-privileged employee - opens the exposed driver device handle and sends a crafted IOCTL call that maps or reads a target region of physical memory. With read access to physical memory, the attacker can extract LSASS credentials or other in-memory secrets, escalating to full domain or local administrator control. …
Remediation Consult the Sharp/Dynabook security advisory at https://global.sharp/corporate/info/product-security/advisory-list/2026-003/ for the exact patched driver version; the input data does not specify a fixed version number, so a precise upgrade target cannot be confirmed independently. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

EUVD-2026-39190 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy