CVE Catalog

CVE-2026-12166

MediumCVSS 5.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.17%

7th percentile — higher than 7% of all known CVEs

Summary

A NULL pointer dereference vulnerability in the `GFAC_Sys_x64.sys` driver of Little Orbit GFAC allows a local attacker to cause a denial of service via crafted requests that trigger a system crash.

Risk Assessment

The risk involves a local attacker being able to perform a DoS attack, potentially disrupting critical systems and causing downtime.

Recommendation

It is recommended to immediately update the `GFAC_Sys_x64.sys` driver to the latest version provided by the vendor and restrict local system access to trusted users only.

Original NVD description (English source)

A NULL pointer dereference vulnerability for driver `GFAC_Sys_x64.sys` in Little Orbit GFAC allows a local attacker to cause a denial of service via crafted requests that trigger a system crash.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS