JVNVU#91051826
Generic IO & Memory Access driver for TOSHIBA and Dynabook PCs exposes its IOCTL with insufficient access control
Overview
Generic IO & Memory Access driver for PCs provided by TOSHIBA CORPORATION and Dynabook Inc. exposes its IOCTL with insufficient access control.
Products Affected
- Generic IO & Memory Access driver all versions
Description
Generic IO & Memory Access driver is part of a utility to configure BIOS/Supervisor passwords from within Windows. This driver is installed on PCs provided by TOSHIBA CORPORATION and Dynabook Inc. between 2009 and 2016.
The driver contains the following vulnerability.
- Exposed IOCTL with Insufficient Access Control (CWE-782)
- CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N Base Score 6.8
- CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N Base Score 5.5
- CVE-2026-56129
- The CVSS assessment above assumes that a user with no administrative privilege accesses physical memory.
Impact
A logged-in user with no administrative privilege may access physical memory.
Solution
Stop using the products and Use alternative methods
No update will be provided for this driver.
Delete the affected driver and use the BIOS setup function to configure BIOS/Supervisor passwords.
For more information, refer to the information provided by the developer.
Vendor Status
| Vendor | Status | Last Update | Vendor Notes |
|---|---|---|---|
| Dynabook Inc. | Vulnerable | 2026/06/25 | Dynabook Inc. website |
References
JPCERT/CC Addendum
Vulnerability Analysis by JPCERT/CC
Credit
Akshit Yadav (valium) reported this vulnerability to the developer. The developer reported the case to JPCERT/CC to notify users of the solution through JVN.
Other Information
| JPCERT Alert |
|
| JPCERT Reports |
|
| CERT Advisory |
|
| CPNI Advisory |
|
| TRnotes |
|
| CVE |
CVE-2026-56129 |
| JVN iPedia |
|