Dell's firmware update driver has harbored severe security bugs for over a decade, according to researchers
The security research group SentinelLabs claims to have discovered potentially dangerous bugs in a common Dell driver that, as it claims, poses potentially "far reaching and significant" ramifications for hundreds of millions of individual and enterprise users with PCs from the OEM worldwide.
The lab asserts that the vulnerabilities are found in the Dell firmware update driver module v2.3 (dbutil_2_3.sys) , which has been active on the company's machines since 2009. There are apparently 5 of these flaws, 4 of which are local privilege escalations (LPEs) and 1 a denial-of-service (DoS) bug.
Of the LPEs, 2 are described as arising from memory corruption and 2 from input validation deficiencies. According to SentinelLabs, they may lead to various entry-points for non-privileged users, one of the more prominent of which is the ability to enact input/output control (IOCTL) requests without reference to an access-control list (ACL).
This license to override ACLs (a set of rules intended to restrict access to privileged users only) might allow a malicious actor to create read/write vulnerabilities, or interact with components such as GPUs or hard drives. The 5 bugs are now known collectively as CVE-2021-21551, which holds a severity rating of 8.8 out of 10.
Then again, SentinelLabs also note they have no record of the flaws ever having been exploited (perhaps we would have heard of them sooner had this occurred). It apprised Dell of the situation long before publishing its research publicly, resulting in the Security Advisory DSA-2021-088 being pushed to all PCs running the affected driver.
However, the security team finds the measure unsatisfactory, claiming that its "certificate was not yet revoked (at the time of writing)". Nevertheless, installing the new fixed driver found in the recent DSA is advised to best protect against the potential security issues.