Product Security Advisory

The Generic IO & Memory Access drivers included in the affected products contain a vulnerability that allows a non-privileged user to access physical memory.

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N Base Score 6.8

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N Base Score 5.5

CVE-ID: CVE-2026-56129

CWE-ID: Exposed IOCTL with Insufficient Access Control Weakness (CWE-782)

By accessing the driver with a malicious program on the affected product, a non-privileged user can gain arbitrary access to physical memory.

Customers using the affected product are requested to uninstall (remove) the driver if it is installed.

Please note that, after uninstalling the driver, it will no longer be possible to configure the password using the Password Utility.

If you need to set a password, please configure the BIOS password from “Security” in the BIOS Setup Utility.

For instructions on how to start the BIOS Setup Utility, please refer to the following information:

For detailed update procedures and region-specific information, please refer to the corresponding local product support pages listed below.

Japan:
https://dynabook.com/assistpc/info/2026/20260619_security.htm

United States:
https://support.dynabook.com/support/viewContentDetail?contentId=4016224

Europe:
https://aps2.support.emea.dynabook.com/kb0/TSB6503YI0000R01.htm

China:
https://www.dynabook-china.com/support/

Taiwan:
https://tw.dynabook.com/support/

The CVE ID is provided in the "Vulnerability Description" section above.

This vulnerability was discovered through a report from Akshit Yadav (valium).
We would like to express our sincere appreciation for the disclosure responsible.

June 19, 2026: Initial release of this vulnerability information.

June 22, 2026: URLs for each region have been added.

June 24, 2026: The Vulnerability Description and References have been updated.