← All drivers
vulnerable
Driver

nchgbios2x64.sys

Toshiba BIOS update driver (BIOS Package, 'ChgBios' family)

From Toshiba Corporation
Part of the Toshiba family
Status
On a known-vulnerable list
Known variants
1 distinct hashes
Field notes

nchgbios2x64.sys is a kernel driver shipped inside Toshiba's BIOS Package utility for x64 Windows laptops, used to push firmware updates from inside a running OS. Like the AMI, Phoenix, and Insyde BIOS-tool drivers already on the LOLDrivers list, it works by exposing very low-level hardware access (physical memory, port I/O, PCI configuration) to user-mode tooling.

No CVE is assigned. It is on the list for the shape of the interface, not for a specific patched bug. The same primitives that let a firmware update happen are the ones a kernel-level attacker would want.

If you have a Toshiba laptop and ran a BIOS update at some point, the driver is expected as a leftover. If you are not on Toshiba hardware, you have no reason to have it; investigate what put it there. Microsoft's Vulnerable Driver Blocklist blocks the older signed builds from loading.

What the record shows

nchgbios2x64.sys is listed as a known-vulnerable driver on the public LOLDrivers project. One distinct binary hash matching this filename is on record.

What this means, plainly
Presence is not proof of misuse. Driver files on the LOLDrivers list commonly ship with legitimate hardware tools, gaming software, or vendor utilities. Their presence is recorded as evidence on a record. It is never treated as a verdict about a person.
Source

Status data comes from the public LOLDrivers project, a community-curated registry of drivers known to be vulnerable or malicious. The snapshot Vera uses was refreshed July 10, 2026. CVE links go to the NIST National Vulnerability Database.

Cite this entry

Vera Project. “nchgbios2x64.sys.” Vera Field Guide (Driver). The Vera Project. https://www.veraproject.xyz/field-guide/drivers/nchgbios2x64-sys