← All drivers
vulnerable
Driver

wdtkernel.sys

Dell Watchdog Timer driver

From Dell Technologies
Part of the Dell family
Status
On a known-vulnerable list
Known variants
2 distinct hashes
Field notes

wdtkernel.sys is a kernel driver from Dell for watchdog timer management, distributed through the Microsoft Update Catalog. Despite being WHQL-signed as recently as September 2024, it exposes IOCTLs for arbitrary physical memory read/write and direct I/O port access.

It is on the public LOLDrivers list because those primitives make it usable as a BYOVD target. The driver illustrates that WHQL signing does not mean a driver is safe from abuse: the Windows Hardware Quality Labs program validates compatibility, not the security implications of the IOCTL surface.

If you have a Dell system, the driver may be expected. Check Dell's support site for an updated version.

What the record shows

wdtkernel.sys is listed as a known-vulnerable driver on the public LOLDrivers project. 2 distinct binary hashes matching this filename are on record, meaning multiple versions of the file have been observed.

What this means, plainly
Presence is not proof of misuse. Driver files on the LOLDrivers list commonly ship with legitimate hardware tools, gaming software, or vendor utilities. Their presence is recorded as evidence on a record. It is never treated as a verdict about a person.
Related drivers

Other drivers in the Dell family. See the whole family →

Source

Status data comes from the public LOLDrivers project, a community-curated registry of drivers known to be vulnerable or malicious. The snapshot Vera uses was refreshed July 10, 2026. CVE links go to the NIST National Vulnerability Database.

Cite this entry

Vera Project. “wdtkernel.sys.” Vera Field Guide (Driver). The Vera Project. https://www.veraproject.xyz/field-guide/drivers/wdtkernel-sys