Back to overview

CVE-2026-14960

Description
Pegatron `Tdelo64.sys` improperly exposes privileged hardware access functionality through the `\\.\TdeIo` device interface. IOCTL handlers including `TDE_IOCTL_INDEXIO_READ` and `TDE_IOCTL_INDEXIO_WRITE` permit unprivileged user-mode callers to perform arbitrary hardware I/O port reads and writes without authorization checks. A local attacker can abuse this functionality to manipulate hardware registers, tamper with firmware-related interfaces, cause system instability, or establish persistent low-level compromise.

Metadata

CVE ID
CVE-2026-14960
State
PUBLISHED
Assigner
certcc
Reserved
2026-07-07 14:25 UTC
Published
2026-07-15 17:08 UTC
Last updated
2026-07-15 17:09 UTC
Vendor / Product
Pegatron Corp. / Tdelo64.sys
Sources
cve.org  ·  NVD

Severity & Metrics

No CVSS data available.

Affected products (1)
VendorProductPlatformVersions
Pegatron Corp. Tdelo64.sys 02-17-2025 ≤ 02-17-2025
Weakness (CWE)
CWESourceDescription
cna CWE-284 Improper Access Control
cna CWE-668 Exposure of Resource to Wrong Sphere
cna CWE-269 Improper Privilege Management
Back to overview