Description
Pegatron `Tdelo64.sys` improperly exposes privileged hardware access functionality through the `\\.\TdeIo` device interface. IOCTL handlers including `TDE_IOCTL_INDEXIO_READ` and `TDE_IOCTL_INDEXIO_WRITE` permit unprivileged user-mode callers to perform arbitrary hardware I/O port reads and writes without authorization checks. A local attacker can abuse this functionality to manipulate hardware registers, tamper with firmware-related interfaces, cause system instability, or establish persistent low-level compromise.
Published:
2026-07-15
Score:
n/a
EPSS:
n/a
KEV:
No
Impact:
n/a
Action:
n/a
Analysis and contextual insights are available on OpenCVE Cloud.
Remediation
No vendor fix or workaround currently provided.
Additional remediation guidance may be available on OpenCVE Cloud.
Tracking
Sign in to view the affected projects.
Advisories
No advisories yet.
References
| Link | Providers |
|---|---|
| https://kb.cert.org/vuls/id/529388 |
|
History
Wed, 15 Jul 2026 17:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | Pegatron `Tdelo64.sys` improperly exposes privileged hardware access functionality through the `\\.\TdeIo` device interface. IOCTL handlers including `TDE_IOCTL_INDEXIO_READ` and `TDE_IOCTL_INDEXIO_WRITE` permit unprivileged user-mode callers to perform arbitrary hardware I/O port reads and writes without authorization checks. A local attacker can abuse this functionality to manipulate hardware registers, tamper with firmware-related interfaces, cause system instability, or establish persistent low-level compromise. | |
| Title | CVE-2026-14960 | |
| References |
|
Subscriptions
No data.
Status: PUBLISHED
Assigner: certcc
Published:
Updated: 2026-07-15T17:09:41.473Z
Reserved: 2026-07-07T14:25:40.813Z
Link: CVE-2026-14960
No data.
No data.
No data.
OpenCVE Enrichment
No data.
Weaknesses
No weakness.