Older Dell users should be aware of a vulnerable driver that has been pushed out to consumer and enterprise computers for the last 12 years. The multiple vulnerabilities could lead to privilege escalation. Millions of Dell desktops, laptops and tablets received the vulnerable driver through BIOS updates.
The 5 vulnerabilities tracked as CVE-2021-21551 discovered in DBUtil, a driver that Dell machines install and load during the BIOS update process, unloaded at the next reboot.
The Impact:
Once exploited, the kernel driver allows local privilege escalation from a regular user to kernel mode privileges, giving full power over the machine’s hardware, including referencing and memory addresses. This attack has not been observed in the wild, says Sentinel One, however they warn this is likely to change.
The vulnerability is not critical, as it requires the machine to be compromised already (albeit with low-level privileges only). However, infections by malware and the presence of another vulnerability increase the likelihood of exploitation.
The Remediation:
A patch exists for the vulnerable dell drivers, and users urge to update immediately. Dell has not revoked the certificate for the vulnerable driver, meaning this vulnerability can only be mitigated by patching at the time.
See the Dell advisory for more information.
Source: Bleeping Computer