[Japanese]

JVNDB-2026-010851

Stack-based buffer overflow vulnerability in Dynabook Bluetooth ACPI Drivers

Overview

Bluetooth ACPI Drivers provided by Dynabook Inc. contain the following vulnerability.
  • Stack-based buffer overflow (CWE-121) - CVE-2026-35553
Andrea Monzani, Antonio Parata, and Davide Netti of University of Milan reported this vulnerability to JPCERT/CC.
JPCERT/CC coordinated with the developer.
CVSS Severity (What is CVSS?)

CVSS V3 Severity:
Base Metrics 6.7 (Medium) [Other]
  • Attack Vector: Local
  • Attack Complexity: Low
  • Privileges Required: High
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: High
Affected Products

The following Bluetooth ACPI drivers are affected by this vulnerability.

Dynabook Inc.
  • DRFEC.SYS v11.0.0.0 and earlier
  • TOSRFEC.SYS all versions

For products that have these drivers installed, please refer to the information provided by the developer.
Impact

An attacker may execute arbitrary code by modifying certain registry values.
Solution

[Update the Driver]
Update the driver to DRFEC.SYS v11.0.2.3 or later according to the information provided by the developer.
Vendor Information

Dynabook Inc.
CWE (What is CWE?)

  1. Stack-based Buffer Overflow(CWE-121) [Other]
CVE (What is CVE?)

  1. CVE-2026-35553
References

  1. JVN : JVNVU#96334293
Revision History

  • [2026/04/14]
      Web page was published

Date Public2026/04/13
Date First Published2026/04/14
Date Last Updated2026/04/14