Firmware and driver flaws continue to expose kernel and physical-memory abuse paths
Several low-level vulnerabilities showed how drivers and firmware can grant attackers dangerous kernel capabilities. CERT published a Pegatron tdeio64.sys issue that allowed arbitrary kernel read and write through an unprotected IOCTL interface, and another report covered ASUS bsitf.sys enabling physical-memory mapping via unvalidated IOCTLs. A Realtek driver flaw similarly allowed DMA controller abuse from user mode, showing that vendor-supplied hardware components can undermine system boundaries. These flaws matter because once an attacker gets kernel-level access, EDR bypass, credential theft, persistence, and rootkit installation become much easier. Firmware and driver issues are especially risky because they often survive ordinary reinstallation or are trusted by the operating system. The takeaway is that platform vendors still ship code with extremely powerful privileges and incomplete validation.
Sources
- VU#529388: Privilege escalation vulnerability via unprotected IOCTL interface in Pegatron Tdelo64.sys — CERT Vulnerability Notes
- ASUS bsitf.sys (CVE-2026-13585): Arbitrary Physical Memory Mapping via Unvalidated IOCTL — /r/netsec
- Vulnerability in Realtek driver allows DMA controller abuse from user mode with no additional hardware or driver — /r/netsec
- Proof of concept for CVE-2026-58635 LPE in Windows Braille Narrator service — /r/cybersecurity


Leave a Reply