← All drivers
vulnerable
Driver

winiodrv.sys

WinIO direct port I/O library driver

From Yariv Kaplan (open source)
Status
On a known-vulnerable list
Known variants
3 distinct hashes
Field notes

winiodrv.sys is the kernel driver for WinIO, an open-source library that allows user-mode applications to perform direct I/O port operations on Windows. Like WinRing0, it is embedded by many small third-party hardware utilities, LED controllers, and custom tools.

Its presence on the LOLDrivers list reflects its design: any caller on the system gets direct port access. Identify which utility installed it and check for updates.

What the record shows

winiodrv.sys is listed as a known-vulnerable driver on the public LOLDrivers project. 3 distinct binary hashes matching this filename are on record, meaning multiple versions of the file have been observed.

What this means, plainly
Presence is not proof of misuse. Driver files on the LOLDrivers list commonly ship with legitimate hardware tools, gaming software, or vendor utilities. Their presence is recorded as evidence on a record. It is never treated as a verdict about a person.
Source

Status data comes from the public LOLDrivers project, a community-curated registry of drivers known to be vulnerable or malicious. The snapshot Vera uses was refreshed July 10, 2026. CVE links go to the NIST National Vulnerability Database.

Cite this entry

Vera Project. “winiodrv.sys.” Vera Field Guide (Driver). The Vera Project. https://www.veraproject.xyz/field-guide/drivers/winiodrv-sys