CVE-2023-35841

Name of the Vulnerable Software and Affected Versions WinFlash Driver versions prior to 4.5.0.0 TdkLib64.sys (affected versions not specified)

Description The issue is related to insufficient access control in the Phoenix WinFlash Driver on Windows, allowing privilege escalation and modification of system firmware. This is due to exposed IOCTL with insufficient access control. The vulnerability may allow an attacker to read, modify, or delete data.

Recommendations For WinFlash Driver versions prior to 4.5.0.0, update to version 4.5.0.0 or later to resolve the issue. For TdkLib64.sys, at the moment, there is no information about a newer version that contains a fix for this vulnerability.