Product Security Advisory

Publication Date: April 13, 2026

Security Vulnerability in TOSHIBA / Dynabook Drivers

Thank you for using Dynabook products. Dynabook has identified security vulnerability in the Bluetooth ACPI drivers installed on certain TOSHIBA / Dynabook PCs manufactured between 2017 and April 2022. As customers using the affected PCs, we kindly request updating the relevant drivers by following the instructions provided below. We apologize for any inconvenience this issue may cause to our customers.

Affected models and firmware version	Affected Bluetooth ACPI drivers installed on the products Please see the "List of Affected Models" below. Driver names and affected versions TOSRFEC.SYS: All versions DRFEC.SYS: Versions v11.0.0.0 and earlier
Vulnerability Description	The Bluetooth ACPI drivers TOSRFEC.SYS and DRFEC.SYS included in the affected products contain a stack-based buffer overflow vulnerability. CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N Base Score 8.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H Base Score 6.7 CVE-ID: CVE-2026-35553 CWE-ID: Stack-based Buffer Overflow (CWE-121)
Possible impacts	An attacker may execute arbitrary code on the affected system, by modifying specific registry values.
Countermeasure	Please run Windows Update on the affected products and update the Bluetooth ACPI driver to the latest version. Please apply the following countermeasures: TOSRFEC.SYS: Update to DRFEC.SYS v11.0.2.3 or later (*) Updating TOSRFEC.SYS will automatically replace it with DRFEC.SYS. DRFEC.SYS: Update to v11.0.2.3 or later For detailed instructions, please refer to the product support information listed under "Reference" below.
References	For detailed update procedures and region-specific information, please refer to the corresponding local product support pages listed below. United States: https://support.dynabook.com/support/viewContentDetail?contentId=4019157 Canada: https://support.dynabook.com/support/viewContentDetail?contentId=4019157 Germany: https://aps2.support.emea.dynabook.com/kb/100/TSB6203XR0000R01.htm Australia: https://serviceportal.anz.dynabook.com/supportlists Singapore: https://support.dynabook.com/support/viewContentDetail?contentId=4019157 Taiwan: https://tw.dynabook.com/support/ China: https://www.dynabook-china.com/support/ The CVE ID is provided in the "Vulnerability Description" section above. JVNVU#96334293: Stack-based buffer overflow vulnerability in Dynabook Bluetooth ACPI Drivers https://jvn.jp/en/vu/JVNVU96334293/
Acknowledgment	This vulnerability was discovered through a report, coordinated via JPCERT/CC, from the following researchers at the University of Milan: Andrea Monzani Antonio Parata Davide Netti We would like to express our sincere appreciation for the responsible disclosure.
Revision History	April 13, 2026: Initial release of this vulnerability information.

List of Affected Models (Part numbers starting with 5 digits as below)
PLR31 / PLR33 / PLR34 / PMR30 / PMR31 / PMR33 / PMZ10 / PMZ11 / PMZ12 / PRT20 / PRT22 / PRT23 / PRT24 / PS591 / PS592 / PS595 / PS596 / PS597 / PS599 / PS59A / PS59B / PS59M / PS5A1 / PSZ10 / PSZ11 / PSZ12 / PSZ14 / PT17A / PT17C / PT17D / PT17E / PT17G / PT281 / PT282 / PT284 / PT291 / PT293 / PT294 / PT295 / PT296 / PT297 / PT2A1 / PT2A2 / PT2A3 / PT481 / PT482 / PT484 / PT591 / PT592 / PT593 / PT5A1 / PT5A2 / PT5A3 / PUR30 / PUR31 / PUR33 / PUR34

List of Affected Models (Part numbers starting with 5 digits as below)

PLR31 / PLR33 / PLR34 / PMR30 / PMR31 / PMR33 / PMZ10 / PMZ11 / PMZ12 / PRT20 / PRT22 / PRT23 / PRT24 / PS591 / PS592 / PS595 / PS596 / PS597 / PS599 / PS59A / PS59B / PS59M / PS5A1 / PSZ10 / PSZ11 / PSZ12 / PSZ14 / PT17A / PT17C / PT17D / PT17E / PT17G / PT281 / PT282 / PT284 / PT291 / PT293 / PT294 / PT295 / PT296 / PT297 / PT2A1 / PT2A2 / PT2A3 / PT481 / PT482 / PT484 / PT591 / PT592 / PT593 / PT5A1 / PT5A2 / PT5A3 / PUR30 / PUR31 / PUR33 / PUR34