BIOS PrivEsc Bugs Affect Hundreds of Millions of Dell PCs Worldwide

Computer system maker Dell has issued an update to correct many vital privilege escalation vulnerabilities that went undetected because 2009, likely permitting attackers to gain kernel-manner privileges and result in a denial-of-company issue.

The troubles, described to Dell by researchers from SentinelOne on Dec. 1, 2020, reside in a firmware update driver named “dbutil_2_3.sys” that comes pre-mounted on its gadgets. Hundreds of hundreds of thousands of desktops, laptops, notebooks, and tablets produced by the firm are explained to be vulnerable.

password auditor

“Dell dbutil_2_3.sys driver has an inadequate accessibility handle vulnerability which may lead to escalation of privileges, denial-of-company, or data disclosure. Nearby authenticated consumer accessibility is expected,” Dell claimed in an advisory.

All five different flaws have been assigned the CVE identifier CVE-2021-21551 with a CVSS rating of 8.8. A breakdown of the shortcomings is as follows –

  • CVE-2021-21551: Area Elevation Of Privileges #1 – Memory corruption
  • CVE-2021-21551: Nearby Elevation Of Privileges #2 – Memory corruption
  • CVE-2021-21551: Community Elevation Of Privileges #3 – Absence of enter validation
  • CVE-2021-21551: Neighborhood Elevation Of Privileges #4 – Deficiency of enter validation
  • CVE-2021-21551: Denial Of Support – Code logic problem

“The higher severity flaws could make it possible for any person on the laptop or computer, even without privileges, to escalate their privileges and operate code in kernel method,” SentinelOne Senior Protection Researcher Kasif Dekel noted in a Tuesday investigation. “Between the noticeable abuses of such vulnerabilities are that they could be made use of to bypass safety items.”

Considering that these are nearby privilege escalation bugs, they are not likely to be exploited remotely in excess of the internet. To carry out an assault, an adversary will have to have to have attained entry to a non-administrator account on a vulnerable process, adhering to which the driver vulnerability can be abused to get local elevation of privilege. Armed with this obtain, the attacker can then leverage other tactics to execute arbitrary code and laterally shift throughout an organization’s community.

While no evidence of in-the-wild abuse has been detected, SentinelOne said it options to launch the evidence-of-principle (PoC) code on June 1, 2021, giving Dell prospects ample time to remediate the vulnerability.

SentinelOne’s disclosure is the third time the very same problem has been reported to Dell over the final two several years, in accordance to Crowdtrike’s Chief Architect Alex Ionescu, very first by the Sunnyvale-based mostly cybersecurity organization in 2019 and once more by IOActive. Dell also credited Scott Noone of OSR Open Techniques Sources with reporting the vulnerability.

Fibo Quantum