GHSA-vgx6-wf36-3h9hunknown

Pegatron `Tdelo64.sys` improperly exposes privileged hardware access functionality through the `\...

Published
July 15, 2026
Last Modified
July 15, 2026

🔗 CVE IDs covered (1)

📋 Description

Pegatron Tdelo64.sys improperly exposes privileged hardware access functionality through the \\.\TdeIo device interface. IOCTL handlers including TDE_IOCTL_INDEXIO_READ and TDE_IOCTL_INDEXIO_WRITE permit unprivileged user-mode callers to perform arbitrary hardware I/O port reads and writes without authorization checks. A local attacker can abuse this functionality to manipulate hardware registers, tamper with firmware-related interfaces, cause system instability, or establish persistent low-level compromise.

🔗 References (3)