CVE Catalog

CVE-2026-56129

MediumCVSS 5.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.12%

2th percentile — higher than 2% of all known CVEs

Summary

The generic IO & Memory Access driver for PCs provided by TOSHIBA CORPORATION and Dynabook Inc. exposes its IOCTL with insufficient access control. A logged-in user without administrative privileges may access physical memory.

Risk Assessment

Insufficient access control may lead to unauthorized access to physical memory, posing a risk of data leakage or system manipulation by unauthorized users.

Recommendation

It is recommended to implement appropriate access control mechanisms for IOCTL to restrict access to physical memory only to users with the necessary privileges.

Original NVD description (English source)

Generic IO & Memory Access driver for PCs provided by TOSHIBA CORPORATION and Dynabook Inc. exposes its IOCTL with insufficient access control. A logged-in user with no administrative privilege may access physical memory.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS