CVE-2026-29923
Privilege Escalation in PowerStrip pstrip64.sys via IOCTL Memory Mapping
Publication date: 2026-04-09
Last updated on: 2026-04-14
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| entech_taiwan | powerstrip | 3.90.736 |
| entech_taiwan | powerstrip | to 3.90.736 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-269 | The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
The vulnerability exists in the pstrip64.sys driver of EnTech Taiwan PowerStrip versions up to 3.90.736. It allows local users to escalate their privileges to SYSTEM level by sending a specially crafted IOCTL request. This request enables unprivileged users to map arbitrary physical memory into their address space and modify critical kernel structures.
How can this vulnerability impact me? :
This vulnerability can allow an attacker with local access to gain SYSTEM-level privileges on the affected system. With SYSTEM privileges, the attacker can execute arbitrary code with the highest level of permissions, potentially leading to full system compromise, unauthorized access to sensitive data, and the ability to disable security controls.