Enlarge / At least three companies have reported the dbutil_2_3.sys security problems to Dell over the past two years. (credit: Blogtrepreneur via Flickr)
Yesterday, infosec research firm SentinelLabs revealed twelve year old flaws in Dell’s firmware updater, DBUtil 2.3. The vulnerable firmware updater has been installed by default on hundreds of millions of Dell systems since 2009.
The five high severity flaws SentinelLabs discovered and reported to Dell lurk in the dbutil_2_3.sys module, and have been rounded up under a single CVE tracking number, CVE-2021-21551. There are two memory corruption issues and two lack of input validation issues, all of which can lead to local privilege escalation, and a code logic issue which could lead to a denial of service.
A hypothetical attacker abusing these vulnerabilities can escalate the privileges of another process, or bypass security controls to write directly to system storage. This offers multiple routes to the ultimate goal of local kernel-level access—a step even higher than Administrator or “root” access—to the entire system.
