Primary

Context

Dynabook Bluetooth ACPI Drivers Stack-Based Buffer Overflow Vulnerability Allowing Arbitrary Code Execution

Vulnerability

A stack-based buffer overflow vulnerability has been identified in the Bluetooth ACPI drivers TOSRFEC.SYS (all versions) and DRFEC.SYS (versions prior to 11.0.0.0) provided by Dynabook Inc. This vulnerability allows an attacker to execute arbitrary code by modifying specific registry values.

Impact

Exploitation of this vulnerability could lead to arbitrary code execution on the affected system.

Remediation

Users are advised to update the Bluetooth ACPI driver to the latest version. For TOSRFEC.SYS, update to DRFEC.SYS version 11.0.2.3 or later. Note that updating TOSRFEC.SYS will automatically replace it with DRFEC.SYS. For DRFEC.SYS, update to version 11.0.2.3 or later.

Added: Apr 13, 2026, 5:22 AM

Updated: Apr 13, 2026, 5:22 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

2.2

remediation

0.0

relevance

5.8

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

2.2

remediation

0.0

relevance

5.8

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Dynabook Bluetooth ACPI Drivers Stack-Based Buffer Overflow Vulnerability Allowing Arbitrary Code Execution

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating