Published:2026/04/13 Last Updated:2026/04/13
JVNVU#96334293
Stack-based buffer overflow vulnerability in Dynabook Bluetooth ACPI Drivers
Overview
Bluetooth ACPI Drivers provided by Dynabook Inc. contain a stack-based buffer overflow vulnerability.
Products Affected
The following Bluetooth ACPI drivers are affected by this vulnerability.
- TOSRFEC.SYS all versions
- DRFEC.SYS v11.0.0.0 and earlier
Description
Bluetooth ACPI Drivers provided by Dynabook Inc. contain the following vulnerability.
- Stack-based buffer overflow (CWE-121)
- CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N Base Score 8.4
- CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H Base Score 6.7
- CVE-2026-35553
Impact
An attacker may execute arbitrary code by modifying certain registry values.
Solution
Update the Driver
Update the driver to DRFEC.SYS v11.0.2.3 or later according to the information provided by the developer.
Vendor Status
| Vendor | Status | Last Update | Vendor Notes |
|---|---|---|---|
| Dynabook Inc. | Vulnerable | 2026/04/13 | Dynabook Inc. website |
References
JPCERT/CC Addendum
Vulnerability Analysis by JPCERT/CC
Credit
Andrea Monzani, Antonio Parata, and Davide Netti of University of Milan reported this vulnerability to JPCERT/CC.
JPCERT/CC coordinated with the developer.
Other Information
| JPCERT Alert |
|
| JPCERT Reports |
|
| CERT Advisory |
|
| CPNI Advisory |
|
| TRnotes |
|
| CVE |
CVE-2026-35553 |
| JVN iPedia |
|