CVE Vulnerabilities

CVE-2026-14960

Improper Privilege Management

Published: Jul 15, 2026 | Modified: Jul 16, 2026
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
RedHat/V2
RedHat/V3
Ubuntu
root.io logo minimus.io logo echo.ai logo

Pegatron Tdelo64.sys improperly exposes privileged hardware access functionality through the .TdeIo device interface. IOCTL handlers including TDE_IOCTL_INDEXIO_READ and TDE_IOCTL_INDEXIO_WRITE permit unprivileged user-mode callers to perform arbitrary hardware I/O port reads and writes without authorization checks. A local attacker can abuse this functionality to manipulate hardware registers, tamper with firmware-related interfaces, cause system instability, or establish persistent low-level compromise.

Weakness

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

Potential Mitigations

References