CVE-2026-14960
Description
Pegatron `Tdelo64.sys` improperly exposes privileged hardware access functionality through the `\\.\TdeIo` device interface. IOCTL handlers including `TDE_IOCTL_INDEXIO_READ` and `TDE_IOCTL_INDEXIO_WRITE` permit unprivileged user-mode callers to perform arbitrary hardware I/O port reads and writes without authorization checks. A local attacker can abuse this functionality to manipulate hardware registers, tamper with firmware-related interfaces, cause system instability, or establish persistent low-level compromise.
Metadata
Severity & Metrics
No CVSS data available.
Affected products (1)
| Vendor | Product | Platform | Versions |
|---|---|---|---|
| Pegatron Corp. | Tdelo64.sys | — | 02-17-2025 ≤ 02-17-2025 |
Weakness (CWE)
| CWE | Source | Description |
|---|---|---|
| — | cna | CWE-284 Improper Access Control |
| — | cna | CWE-668 Exposure of Resource to Wrong Sphere |
| — | cna | CWE-269 Improper Privilege Management |
References (1)