Hundreds of millions of Dell computers are affected by a 12-year-old vulnerability that affects version 2.3 of the Dell BIOS driver.
The flaw could lead to increased privileges on the system and was discovered by researchers from SentinelLabs.
It is estimated that hundreds of millions of Dell computers, from desktops and laptops to tablets, received the vulnerable driver through BIOS updates.
A collection of five flaws, collectively tracked as CVE-2021-21551, was discovered in DBUtil, a driver from that Dell machines install and load during the BIOS update process and is unloaded at the next reboot.
Kasif Dekel, a security researcher at SentinelOne, found that it can be exploited “to escalate privileges from a non-administrator user to kernel mode privileges.”
An attacker running with this level of permissions would have unrestricted access to all hardware available on the system, including referencing any memory address.
This type of vulnerability is not considered critical because it requires an attacker to compromise the computer beforehand. But it permits threat actors and malware to gain persistence on the infected system.
The five flaws, most of them leading to privilege escalation and one code logic issue that leads to denial of service are
- CVE-2021-21551: Local Elevation Of Privileges #1 – Memory corruption
- CVE-2021-21551: Local Elevation Of Privileges #2 – Memory corruption
- CVE-2021-21551: Local Elevation Of Privileges #3 – Lack of input validation
- CVE-2021-21551: Local Elevation Of Privileges #4 – Lack of input validation
- CVE-2021-21551: Denial Of Service – Code logic issue
The researcher plans to share proof-of-concept exploit code on June 1st.
Dell has prepared a security advisory for this vulnerability. The remedy is a fixed driver but as of now, the company had not revoked the certificate for the vulnerable driver, which means that an adversary on the network can still use it in an attack.
So far, there are no indicators of these vulnerabilities being exploited in the wild.