dpmemio.sys
Direct physical-memory and port-access driver (Clevo laptop utilities)
dpmemio.sys is a 'direct physical memory and port access' driver signed by ET&T Technology. In practice, gamers most often have it from a Clevo-built laptop. Clevo is the manufacturer behind a large share of boutique gaming notebooks sold under other brands (Sager, XMG, and many whitebook and system-integrator names), and its embedded-controller and fan-control utilities bundle this driver to reach the hardware directly.
It is on the public LOLDrivers list for what its name says it does: a signed driver that grants direct access to physical memory and I/O ports. That is the access a fan-curve or EC-tuning tool needs, and it is also exactly the primitive the bring-your-own-vulnerable-driver pattern looks for. No CVE is assigned; it is listed on the strength of that capability, not a specific reported flaw, and no named public incident is tied to it.
If you have a Clevo-based gaming laptop and installed the vendor's fan or EC control software, this driver is expected. If you are not running that tooling, identify and remove the utility that placed it. Microsoft's Vulnerable Driver Blocklist blocks known-bad builds from loading.
dpmemio.sys is listed as a known-vulnerable driver on the public LOLDrivers project. 2 distinct binary hashes matching this filename are on record, meaning multiple versions of the file have been observed.
Status data comes from the public LOLDrivers project, a community-curated registry of drivers known to be vulnerable or malicious. The snapshot Vera uses was refreshed July 10, 2026. CVE links go to the NIST National Vulnerability Database.
Vera Project. “dpmemio.sys.” Vera Field Guide (Driver). The Vera Project. https://www.veraproject.xyz/field-guide/drivers/dpmemio-sys
