Privilege Escalation Vulnerability in Tdelo64.sys by Pegatron
CVE-2026-14961
Currently unrated
What is CVE-2026-14961?
The Pegatron Tdelo64.sys driver exposes an insecure privileged device interface that allows local attackers to exploit its IOCTL functionality. This vulnerability arises from the lack of proper validation for caller privileges and user-supplied memory addresses. By crafting specific IOCTL requests, an attacker can execute arbitrary memory operations, leading to unauthorized access at the highest system privilege level, potential credential theft, and system compromises.
Affected Version(s)
Tdelo64.sys 02-17-2025
