{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-35553", "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "state": "PUBLISHED", "assignerShortName": "jpcert", "dateReserved": "2026-04-03T08:21:59.910Z", "datePublished": "2026-04-13T04:03:43.009Z", "dateUpdated": "2026-04-13T15:00:22.042Z"}, "containers": {"cna": {"affected": [{"vendor": "Dynabook Inc.", "product": "TOSRFEC.SYS", "versions": [{"version": "all versions", "status": "affected"}]}, {"vendor": "Dynabook Inc.", "product": "DRFEC.SYS", "versions": [{"version": "v11.0.0.0 and earlier", "status": "affected"}]}], "descriptions": [{"lang": "en", "value": "Bluetooth ACPI Drivers provided by Dynabook Inc. contain a stack-based buffer overflow vulnerability. An attacker may execute arbitrary code by modifying certain registry values."}], "problemTypes": [{"descriptions": [{"description": "Stack-based buffer overflow", "lang": "en-US", "cweId": "CWE-121", "type": "CWE"}]}], "references": [{"url": "https://global.sharp/corporate/info/product-security/advisory-list/2026-001/"}, {"url": "https://corporate.jp.sharp/info/product-security/advisory-list/2026-001/"}, {"url": "https://jvn.jp/en/vu/JVNVU96334293/"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en-US", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "baseSeverity": "MEDIUM", "baseScore": 6.7, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"}}, {"format": "CVSS", "scenarios": [{"lang": "en-US", "value": "GENERAL"}], "cvssV4_0": {"version": "4.0", "baseSeverity": "HIGH", "baseScore": 8.4, "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"}}], "providerMetadata": {"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "shortName": "jpcert", "dateUpdated": "2026-04-13T04:03:43.009Z"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-13T15:00:14.215479Z", "id": "CVE-2026-35553", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-13T15:00:22.042Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-35553", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-04-13T15:00:14.215479Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-13T15:00:18.138Z"}}], "cna": {"metrics": [{"format": "CVSS", "cvssV3_1": {"version": "3.1", "baseScore": 6.7, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"}, "scenarios": [{"lang": "en-US", "value": "GENERAL"}]}, {"format": "CVSS", "cvssV4_0": {"version": "4.0", "baseScore": 8.4, "baseSeverity": "HIGH", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"}, "scenarios": [{"lang": "en-US", "value": "GENERAL"}]}], "affected": [{"vendor": "Dynabook Inc.", "product": "TOSRFEC.SYS", "versions": [{"status": "affected", "version": "all versions"}]}, {"vendor": "Dynabook Inc.", "product": "DRFEC.SYS", "versions": [{"status": "affected", "version": "v11.0.0.0 and earlier"}]}], "references": [{"url": "https://global.sharp/corporate/info/product-security/advisory-list/2026-001/"}, {"url": "https://corporate.jp.sharp/info/product-security/advisory-list/2026-001/"}, {"url": "https://jvn.jp/en/vu/JVNVU96334293/"}], "descriptions": [{"lang": "en", "value": "Bluetooth ACPI Drivers provided by Dynabook Inc. contain a stack-based buffer overflow vulnerability. An attacker may execute arbitrary code by modifying certain registry values."}], "problemTypes": [{"descriptions": [{"lang": "en-US", "type": "CWE", "cweId": "CWE-121", "description": "Stack-based buffer overflow"}]}], "providerMetadata": {"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "shortName": "jpcert", "dateUpdated": "2026-04-13T04:03:43.009Z"}}}, "cveMetadata": {"cveId": "CVE-2026-35553", "state": "PUBLISHED", "dateUpdated": "2026-04-13T15:00:22.042Z", "dateReserved": "2026-04-03T08:21:59.910Z", "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "datePublished": "2026-04-13T04:03:43.009Z", "assignerShortName": "jpcert"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Bluetooth ACPI Drivers provided by Dynabook Inc. contain a stack-based buffer overflow vulnerability. An attacker may execute arbitrary code by modifying certain registry values."}], "id": "CVE-2026-35553", "lastModified": "2026-04-13T15:01:43.663", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 0.8, "impactScore": 5.9, "source": "vultures@jpcert.or.jp", "type": "Secondary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "availabilityRequirement": "NOT_DEFINED", "baseScore": 8.4, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "HIGH", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "vultures@jpcert.or.jp", "type": "Secondary"}]}, "published": "2026-04-13T05:16:04.693", "references": [{"source": "vultures@jpcert.or.jp", "url": "https://corporate.jp.sharp/info/product-security/advisory-list/2026-001/"}, {"source": "vultures@jpcert.or.jp", "url": "https://global.sharp/corporate/info/product-security/advisory-list/2026-001/"}, {"source": "vultures@jpcert.or.jp", "url": "https://jvn.jp/en/vu/JVNVU96334293/"}], "sourceIdentifier": "vultures@jpcert.or.jp", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-121"}], "source": "vultures@jpcert.or.jp", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[0,v11.0.0.0]"}}], "enrichment": {"confidence": 100.0, "confidence_source": "manual", "scores": [{"score": 100.0, "source": "manual"}]}, "original": {"product": "DRFEC.SYS", "source": "cna", "vendor": "Dynabook Inc."}, "product": "drfec.sys", "vendor": "dynabook"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[0,*]"}}], "enrichment": {"confidence": 100.0, "confidence_source": "manual", "scores": [{"score": 100.0, "source": "manual"}]}, "original": {"product": "TOSRFEC.SYS", "source": "cna", "vendor": "Dynabook Inc."}, "product": "tosrfec.sys", "vendor": "dynabook"}], "analysis": {"en": {"generated_at": "2026-04-13T06:25:24.071326+00:00", "value": {"mitigation_remediation": ["Apply the latest driver or firmware update released by Dynabook or Sharp that addresses the Bluetooth ACPI buffer overflow.", "Ensure that registry values for the Bluetooth ACPI driver cannot be modified by non\u2011privileged users or untrusted applications.", "If an update is unavailable, temporarily disable the Bluetooth ACPI driver or turn off Bluetooth functionality until a fix is applied.", "Continuously monitor system logs for unexpected registry changes or anomalous driver activity to detect potential exploitation attempts."], "summary": {"action": "Patch Immediately", "impact": "Remote Code Execution"}, "threat_synthesis": {"affected_systems": "The vulnerability affects Dynabook Inc. products DRFEC.SYS and TOSRFEC.SYS. No specific version ranges are listed, so any device running these drivers that has not applied an available update is potentially vulnerable.", "description_and_impact": "The Bluetooth ACPI Drivers supplied by Dynabook contain a stack\u2011based buffer overflow that is triggered by modifying specific registry values. Improper bounds checking during registry processing allows an attacker to overflow the stack, enabling arbitrary code execution. This flaw jeopardises the confidentiality, integrity, and availability of the affected device by allowing execution of attacker\u2011controlled code.", "risk_and_exploitability": "With a CVSS base score of 8.4 the issue is classified as High severity. EPSS information is not available and the vulnerability is not listed in the CISA KEV catalog. Exploitation requires the ability to alter registry settings, which may be achievable locally or via remote services with registry modification capabilities. The absence of publicly known exploits means the risk depends on an attacker\u2019s ability to change those registry values, but the high CVSS score indicates a need for prompt attention."}}}}, "created": "2026-04-13T12:37:32.170975+00:00", "title": "Bluetooth ACPI Driver Buffer Overflow Allows Code Execution Through Modified Registry Values", "updated": "2026-04-13T12:53:20.039291+00:00", "vendors": ["dynabook", "dynabook$PRODUCT$drfec.sys", "dynabook$PRODUCT$tosrfec.sys"]}