Yesterday, infosec analysis agency SentinelLabs revealed 12-year-old flaws in Dell’s firmware updater, DBUtil 2.3. The susceptible firmware updater has been put in by default on a whole lot of hundreds of thousands of Dell programs since 2009.
The 5 high-severity flaws SentinelLabs found and reported to Dell lurk within the
dbutil_2_3.sys module, and so they have been rounded up below a single CVE monitoring quantity, CVE-2021-21551. There are two memory-corruption points and two lack of enter validation points, all of which might result in native privilege escalation and a code logic subject which might result in a denial of service.
A hypothetical attacker abusing these vulnerabilities can escalate the privileges of one other course of or bypass safety controls to put in writing on to system storage. This provides a number of routes to the last word purpose of native kernel-level entry—a step even increased than Administrator or “root” entry—to the complete system.
Learn Three remaining paragraphs | Feedback