Description
An Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Portwell Engineering Toolkits version 4.8.2 could allow a local authenticated attacker to read and write to arbitrary memory via the Portwell Engineering Toolkits driver. Successful exploitation of this vulnerability could result in escalation of privileges or cause a denial-of-service condition.
Published: 2026-03-03
Score: 9.3 Critical
EPSS: < 1% Very Low
KEV: No
Impact: Privilege Escalation
Action: Immediate Patch
AI Analysis

Impact

An improper boundary restriction in the Portwell Engineering Toolkits driver allows a local authenticated attacker to read and write arbitrary memory. The buffer overflow can be used to modify critical kernel structures, leading to privilege escalation or a denial‑of‑service event. The flaw is a classic memory buffer overflow (CWE‑119) that does not require remote access and can compromise the entire system.

Affected Systems

Portwell Engineering Toolkits version 4.8.2 is the only affected release. The vulnerability is tied to the Portwell Engineering Toolkits driver and is present in any installation running this specific version. No other version or vendor is listed as impacted.

Risk and Exploitability

The CVSS score of 9.3 indicates high severity. With an EPSS below 1% and no listing in the CISA KEV catalog, observed exploitation remains low. The vulnerability requires a locally authenticated attacker with access to the Portwell Engineering Toolkit driver; under those conditions the risk is significant but limited to local environments. Successful exploitation can lead to privilege escalation or denial of service, potentially compromising the entire system.

Generated by OpenCVE AI on April 17, 2026 at 13:21 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade to a patched or newer version of Portwell Engineering Toolkits that resolves the driver overflow.
  • Apply least‑privilege permissions to local users and services that load the affected driver.
  • Monitor system logs for abnormal memory or driver activity and enforce driver signing or integrity checks.

Generated by OpenCVE AI on April 17, 2026 at 13:21 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 05 Mar 2026 21:45:00 +0000

Type Values Removed Values Added
First Time appeared Portwell engineering Toolkits
CPEs cpe:2.3:a:portwell:engineering_toolkits:4.8.2:*:*:*:*:*:*:*
Vendors & Products Portwell engineering Toolkits
Metrics cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

Wed, 04 Mar 2026 15:00:00 +0000

Type Values Removed Values Added
First Time appeared Portwell
Portwell portwell Engineering Toolkits
Vendors & Products Portwell
Portwell portwell Engineering Toolkits

Tue, 03 Mar 2026 20:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Tue, 03 Mar 2026 18:00:00 +0000

Type Values Removed Values Added
Description An Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Portwell Engineering Toolkits version 4.8.2 could allow a local authenticated attacker to read and write to arbitrary memory via the Portwell Engineering Toolkits driver. Successful exploitation of this vulnerability could result in escalation of privileges or cause a denial-of-service condition.
Title Improper Restriction of Operations within the Bounds of a Memory Buffer in Portwell Engineering Toolkits
Weaknesses CWE-119
References
Metrics cvssV4_0

{'score': 9.3, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H'}

Subscriptions

Portwell Engineering Toolkits Portwell Engineering Toolkits
cve-icon MITRE

Status: PUBLISHED

Assigner: icscert

Published:

Updated: 2026-03-03T19:02:29.314Z

Reserved: 2026-03-02T13:08:19.404Z

Link: CVE-2026-3437

cve-icon Vulnrichment

Updated: 2026-03-03T19:02:18.205Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-03T18:16:25.953

Modified: 2026-03-05T21:38:07.330

Link: CVE-2026-3437

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-17T13:30:19Z

Weaknesses