HarborGuardharborguardDatabase
Back to search
HIGHCVE-2026-12217Published Modified CNA VulDB

CVE-2026-12217: DVDFab Virtual Drive Signed Kernel Driver dvdfabio.sys privileges management

A security vulnerability has been detected in DVDFab Virtual Drive 2.0.0.5. Impacted is an unknown function in the library dvdfabio.sys of the component Signed Kernel Driver. The manipulation leads to improper privilege management. An attack has to be approached locally. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Metrics

CVSS v4.0
8.5
Severity
HIGH
Fixed in
Affected Products
1

Get notified

Email me when this CVE is updated: new fix versions, severity changes, or any record change.

HarborGuard Analysis

Synopsis

An improper privilege management vulnerability exists in DVDFab Virtual Drive 2.0.0.5, specifically within the signed kernel driver component dvdfabio.sys. The vulnerability is exploited locally by an attacker who already holds a low-privilege account on the affected system, requiring no interaction from another user. Successful exploitation allows the attacker to read sensitive data, tamper with system state, and crash or destabilize the host. No fix version has been published; HarborGuard is tracking the advisory for patch availability.

HarborGuard Coverage

Detection

Detection of CVE-2026-12217 is available across every HarborGuard environment - the CVE is ingested from upstream vulnerability feeds within minutes of publication and matched against customer images, including custom-built images that bundle DVDFab Virtual Drive 2.0.0.5 or the dvdfabio.sys driver. Any registry or pipeline image carrying the affected component surfaces as a finding automatically.

Available
Triage

HarborGuard is capable of scoring this finding at CVSS 8.5 (High) and weighting it against each environment's compliance policy to determine urgency and routing. Triage output is available for delivery to the appropriate team inbox within each customer organization based on their configured notification rules.

Available
Patch

Because no upstream fix version has been published, HarborGuard re-checks the advisory on every ingest cycle and will make a patched-image rebuild available the moment an upstream fix is released. In the interim, HarborGuard surfaces the affected images and can trigger compensating-control workflows where customers have remediation policies configured.

Pending upstream

Exploit Conditions

  • Network reachabilityNot required

    The attacker needs an existing shell or process on the host; no network-facing exposure is required to reach the vulnerable driver.

  • AuthenticationRequired

    Any low-privilege local account is sufficient to attempt exploitation; administrative credentials are not needed.

  • Victim interactionNot required

    The exploit executes without requiring any action from another user on the system.

  • Attack complexityDetail

    The exploit is reliable and condition-free; no race conditions, memory-layout dependencies, or special environmental factors are required.

Blast Radius

  • A successful attacker reads sensitive data accessible to the kernel driver, including credentials, tokens, or process memory from other applications running on the host.
  • The attacker modifies kernel-level or system state, enabling persistence, privilege escalation to SYSTEM, or tampering with security controls on the host.
  • The attacker crashes or destabilizes the host system, causing a denial of service that affects all workloads running on that machine.
  • Because the vulnerable component is a signed kernel driver, exploitation bypasses user-mode security boundaries entirely, giving the attacker a foothold at the kernel layer.

How HarborGuard Handles This

Available on HarborGuard: images containing DVDFab Virtual Drive 2.0.0.5 or the dvdfabio.sys driver are flagged as soon as they appear in a customer registry or pipeline scan. Because no vendor patch exists at this time, HarborGuard monitors the advisory on every ingest cycle and will make a patched-image rebuild available automatically the moment an upstream fix is published. For customers who opt into auto-remediation, that rebuild will be followed by a regression-test run and a PR opened against affected workloads with no manual intervention required. While the advisory remains unpatched, HarborGuard recommends applying compensating controls where compliance policy permits: restricting the deployment of images containing dvdfabio.sys to workloads that explicitly require it, enforcing least-privilege container runtime policies to limit local account access, and using network-policy isolation to reduce the attack surface of hosts running the affected driver. HarborGuard continues to ingest VulDB and upstream advisory updates so customers receive a finding update the moment the vendor publishes a fix.

See how HarborGuard automates this
Affected packages
  • DVDFab / Virtual Drive
    2.0.0.5
CVSS Vector
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P
References