CVE-2026-35553
Stack-Based Buffer Overflow in Dynabook Bluetooth ACPI Drivers
Publication date: 2026-04-13
Last updated on: 2026-04-13
Assigner: JPCERT/CC
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| dynabook | bluetooth_acpi_drivers | to 11.0.0.0 (exc) |
| dynabook | bluetooth_acpi_drivers | 11.0.2.3 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-121 | A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function). |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-35553 is a stack-based buffer overflow vulnerability found in Dynabook Inc.'s Bluetooth ACPI drivers, specifically affecting the TOSRFEC.SYS driver (all versions) and DRFEC.SYS driver version 11.0.0.0 and earlier.
This vulnerability allows an attacker who already has high privileges and local access to the system to execute arbitrary code by modifying certain registry values.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability affects Dynabook Inc.'s Bluetooth ACPI drivers, specifically TOSRFEC.SYS (all versions) and DRFEC.SYS version 11.0.0.0 and earlier. Detection involves identifying the presence and version of these drivers on your system.
You can check the driver versions on a Windows system using the following commands:
- Open an elevated Command Prompt or PowerShell and run: 1) To list the driver files and their versions: - `wmic sysdriver where "name like '%DRFEC%' or name like '%TOSRFEC%'" get name,pathname,displayname,started,state` - `powershell "Get-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Services\DRFEC' | Select-Object -Property ImagePath,DisplayName"`
- Alternatively, use Device Manager to locate the Bluetooth ACPI driver and check its properties for the driver version.
If the driver version is 11.0.0.0 or earlier for DRFEC.SYS, or any version for TOSRFEC.SYS, the system is vulnerable.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, you should update the affected Bluetooth ACPI drivers to a safe version.
- Update the DRFEC.SYS driver to version 11.0.2.3 or later as provided by Dynabook Inc.
- If TOSRFEC.SYS is installed, updating it will automatically replace it with the DRFEC.SYS driver.
- Use Windows Update or the Dynabook support website to obtain and install the updated drivers.
Applying these updates will prevent attackers with high privileges from exploiting the stack-based buffer overflow vulnerability to execute arbitrary code.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided information does not specify how the CVE-2026-35553 vulnerability affects compliance with common standards and regulations such as GDPR or HIPAA.
How can this vulnerability impact me? :
An attacker with high privileges and local access can exploit this vulnerability to execute arbitrary code on the affected system without user interaction.
This can lead to full compromise of the system, including unauthorized control over system functions, data modification, or disruption of services.