Description
Generic IO & Memory Access driver for PCs provided by TOSHIBA CORPORATION and Dynabook Inc. exposes its IOCTL with insufficient access control. A logged-in user with no administrative privilege may access physical memory.
Published: 2026-06-25
Score: 6.8 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A driver provided by TOSHIBA CORPORATION and Dynabook Inc. exposes an IOCTL with insufficient access control, allowing a logged‑in user without administrative privilege to read arbitrary physical memory. The flaw, identified as CWE‑782, permits extraction of sensitive data such as passwords or cryptographic keys, leading to a confidentiality breach. No write or execution privileges are granted by the driver, so the issue does not enable direct code execution.

Affected Systems

The Generic IO & Memory Access driver for PCs from TOSHIBA CORPORATION and Dynabook Inc. is affected. All PC models that ship with this driver are potentially vulnerable; no specific version information is provided.

Risk and Exploitability

The CVSS score of 6.8 indicates moderate severity. No EPSS data is available, so the likelihood of exploitation is unknown, but the flaw can be leveraged by any local user who is logged in. The vulnerability is not listed in the CISA KEV catalog. It represents a local attack vector that can compromise confidentiality by reading physical memory.

Generated by OpenCVE AI on June 25, 2026 at 09:20 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Contact TOSHIBA or Dynabook support to request an updated driver that fixes the access control issue.
  • Apply any available driver update that addresses the flaw.
  • If no patch is provided, consider disabling or uninstalling the Generic IO & Memory Access driver on machines where it is not required, or upgrade to a platform that does not use this driver.

Generated by OpenCVE AI on June 25, 2026 at 09:20 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 25 Jun 2026 09:30:00 +0000

Type Values Removed Values Added
Title Insufficient IOCTL Access Control Exposes Physical Memory to Non-Admin Users

Thu, 25 Jun 2026 08:00:00 +0000

Type Values Removed Values Added
Description Generic IO & Memory Access driver for PCs provided by TOSHIBA CORPORATION and Dynabook Inc. exposes its IOCTL with insufficient access control. A logged-in user with no administrative privilege may access physical memory.
Weaknesses CWE-782
References
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N'}

cvssV4_0

{'score': 6.8, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: jpcert

Published:

Updated: 2026-06-25T07:03:51.101Z

Reserved: 2026-06-19T02:06:36.536Z

Link: CVE-2026-56129

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-25T09:30:06Z

Weaknesses
  • CWE-782

    Exposed IOCTL with Insufficient Access Control