CVE-2026-14960
N/A
N/A
Summary
Pegatron Tdelo64.sys improperly exposes privileged hardware access functionality through the \\.\TdeIo device interface. IOCTL handlers including TDE_IOCTL_INDEXIO_READ and TDE_IOCTL_INDEXIO_WRITE permit unprivileged user-mode callers to perform arbitrary hardware I/O port reads and writes without authorization checks. A local attacker can abuse this functionality to manipulate hardware registers, tamper with firmware-related interfaces, cause system instability, or establish persistent low-level compromise.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Pegatron Corp. | Tdelo64.sys | 02-17-2025 <= 02-17-2025 | affected |
Weaknesses
- CWE-284 Improper Access Control
- CWE-668 Exposure of Resource to Wrong Sphere
- CWE-269 Improper Privilege Management
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.