CVE-2026-56129
MediumCVSS 5.5Exploitation Probability (EPSS)
Low risk2th percentile — higher than 2% of all known CVEs
Summary
The generic IO & Memory Access driver for PCs provided by TOSHIBA CORPORATION and Dynabook Inc. exposes its IOCTL with insufficient access control. A logged-in user without administrative privileges may access physical memory.
Risk Assessment
Insufficient access control may lead to unauthorized access to physical memory, posing a risk of data leakage or system manipulation by unauthorized users.
Recommendation
It is recommended to implement appropriate access control mechanisms for IOCTL to restrict access to physical memory only to users with the necessary privileges.
Original NVD description (English source)
Generic IO & Memory Access driver for PCs provided by TOSHIBA CORPORATION and Dynabook Inc. exposes its IOCTL with insufficient access control. A logged-in user with no administrative privilege may access physical memory.

