Millions of Dell PCs worldwide affected by BIOS PrivEsc Bugs, the company has issued an update to fix various vulnerabilities that went undetected since 2009.
Bad actors have been able to exploit these vulnerabilities to gain kernel-mode privileges and cause a denial-of-service condition.
SentinelOne, a security research company on Dec1 2020 reported a vulnerability to Dell that resides in a firmware update driver called “dbutil_2_3.sys”. It comes pre-installed on all of Dell’s systems potentially leaving hundreds of millions of desktops, laptops, notebooks, and tablets vulnerable to it.
Dell mentioned about the same in its advisory, where it mentioned, “Dell dbutil_2_3.sys driver contains an insufficient access control vulnerability which may lead to escalation of privileges, denial-of-service, or information disclosure. Local authenticated user access is required.”
Five flaws have been reported have been assigned the CVE identifier CVE-2021-21551 and a CVSS score of 8.8. Below is a breakdown of the shortcomings:
- CVE-2021-21551: Local Elevation Of Privileges #1 – Memory corruption
- CVE-2021-21551: Local Elevation Of Privileges #2 – Memory corruption
- CVE-2021-21551: Local Elevation Of Privileges #3 – Lack of input validation
- CVE-2021-21551: Local Elevation Of Privileges #4 – Lack of input validation
- CVE-2021-21551: Denial Of Service – Code logic issue
According to Kasif Dekel, SentinelOne Senior Security Researcher, the high-security flaw can allow any user on the computer with or without privileges to escalate their privileges and run code in kernel mode. The other obvious abuses of such vulnerabilities are that they could be used to bypass security products.
These are local privilege escalation bugs, this means they are unlikely to be exploited remotely over the internet. Attackers will hence be required to gain access to a non-administrator account on a vulnerable system. After this, the driver’s vulnerability can be abused to gain local elevation of privilege. Attackers can be able to leverage other techniques to execute arbitrary code armed with this access and literally move across an organization’s network.
Though no real-world abuse of the vulnerabilities has been reported, SentinelOne will release the proof of concept(PoC) code on June 1, 2021. This will give Dell customers ample time to remediate the vulnerability.
Dell has been informed about the vulnerabilities three times over the last two years. Sunnyvale-based cybersecurity firm reported in 2019 and later it was by IOActive. Dell also credited Scott Noone of OSR Open Systems Resources with reporting the vulnerability.