Researchers discovered five vulnerabilities in a component of firmware update packages, DBUtil BIOS, used in Dell’s devices running Windows.
- The component – the dbutil_2_3.sys module – is installed and loaded on-demand by initiating the firmware update process and then unloaded after a system reboot.
- The cause of the flaws, collectively tracked as CVE-2021-21551 and assigned a score of 8.8, is an insufficient access control which could enable a threat actor to escalate privileges to kernel mode, trigger denial of service or information disclosure.
- Dell issued an advisory with technical details and remediation steps to patch the flaws.
- We recommend removing and/or remediating the vulnerable driver before June 1, when a proof-of-concept for these vulnerabilities is scheduled for release.
- Follow the remediation steps in Dell’s advisory to patch the flaws and run a remediated firmware update utility package.
- Since Dell’s driver accepts system calls from non-privileged users, malicious actors could exploit unpatched devices as part of an attack chain to gain persistence.