{"dataType": "CVE_RECORD", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2026-29923", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2026-04-09T19:25:32.138Z", "dateReserved": "2026-03-04T00:00:00.000Z", "datePublished": "2026-04-09T00:00:00.000Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-04-09T19:25:32.138Z"}, "descriptions": [{"lang": "en", "value": "The pstrip64.sys driver in EnTech Taiwan PowerStrip <=3.90.736 allows local users to escalate privileges to SYSTEM via a crafted IOCTL request enabling unprivileged users to map arbitrary physical memory into their address space and modify critical kernel structures."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://entechtaiwan.com/util/ps.shtm"}, {"url": "https://packetstorm.news/files/id/218394/"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}}, "dataVersion": "5.2"}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The pstrip64.sys driver in EnTech Taiwan PowerStrip <=3.90.736 allows local users to escalate privileges to SYSTEM via a crafted IOCTL request enabling unprivileged users to map arbitrary physical memory into their address space and modify critical kernel structures."}], "id": "CVE-2026-29923", "lastModified": "2026-04-09T20:16:24.693", "metrics": {}, "published": "2026-04-09T20:16:24.693", "references": [{"source": "cve@mitre.org", "url": "https://entechtaiwan.com/util/ps.shtm"}, {"source": "cve@mitre.org", "url": "https://packetstorm.news/files/id/218394/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Received"}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,3.90.736]"}}], "enrichment": {"confidence": 80.0, "confidence_source": "inferred", "scores": [{"score": 80.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "n/a", "source": "cna", "vendor": "n/a"}, "product": "powerstrip", "vendor": "entechtaiwan"}], "analysis": {"en": {"generated_at": "2026-04-09T21:25:38.546889+00:00", "value": {"mitigation_remediation": ["Update the EnTech Taiwan PowerStrip driver to a version newer than 3.90.736 if available.", "If an update is not available, uninstall or disable the PowerStrip driver to eliminate the attack vector.", "Restrict local user privileges and enforce least\u2011privilege policies to reduce the potential for exploitation.", "Monitor for suspicious physical memory mapping activities and apply system hardening measures."], "summary": {"action": "Immediate Patch", "impact": "Privilege Escalation to SYSTEM"}, "threat_synthesis": {"affected_systems": "EnTech Taiwan PowerStrip driver versions up to and including 3.90.736 are affected. Versions beyond 3.90.736 are not reported as vulnerable.", "description_and_impact": "The EnTech Taiwan PowerStrip driver contains a flaw that allows a local user to send a specially crafted IOCTL request to pstrip64.sys. This request enables the user to map arbitrary physical memory into their address space and modify critical kernel structures, resulting in a full elevation to SYSTEM privileges. The impact is that an attacker gains unrestricted control over the affected system, compromising confidentiality, integrity, and availability.", "risk_and_exploitability": "The vulnerability is local and does not require network access, making it highly exploitable by anyone with local access. No EPSS score is available and the issue is not listed in CISA\u2019s KEV catalog. The straightforward exploitation path\u2014sending a crafted IOCTL to map physical memory\u2014suggests a high risk: an attacker can execute code locally, abuse the driver, and gain SYSTEM level access."}}}}, "created": "2026-04-10T08:53:57.611501+00:00", "title": "Privilege Escalation via Unrestricted Physical Memory Mapping in EnTech Taiwan PowerStrip Driver", "updated": "2026-04-10T09:33:07.588035+00:00", "vendors": ["entechtaiwan", "entechtaiwan$PRODUCT$powerstrip"], "weaknesses": ["CWE-284", "CWE-788"]}