Published May 5, 2021
Author: Ash Khan

Five different defects in Dell’s DBUtil BIOS driver have been discovered.

After a security researcher discovered that the driver in question could be abused by an attacker to gain increased system privileges, Dell has released a patch that addresses multiple vulnerabilities in its DBUtil BIOS driver.

SentinelLabs security researcher Kasif Dekel discovered the vulnerable driver, and the team informed the PC giant of its findings in December of last year. The driver has been vulnerable since 2009, according to the US-based cybersecurity firm, though there is no evidence that its flaws have been exploited in the wild at this time.

The DBUtil BIOS driver is pre-installed on many Dell Windows laptops and desktops and is in charge of Dell Firmware Updates via the Dell BIOS Utility. It is estimated that the vulnerable driver was distributed to hundreds of millions of devices by the company via BIOS updates.

There are five distinct flaws.

Dekel discovered a collection of five flaws in the DBUtil driver, currently tracked as CVE-2021-21551 by Dell, that can be exploited to “escalate privileges from non-administrator users to kernel mode privileges.”

Two of the five flaws discovered in Dell’s driver are memory corruption issues, two are security failures caused by a lack of input validation, and one is a logic flaw that could potentially be exploited to cause a denial-of-service.

In addition to discovering these flaws, Dekel has developed Proof-of-Concept (PoC) code, which he plans to release on June 1 to allow Dell users time to apply the company’s patch.

Dekel explained Sentinel Lab’s decision to make its research public in a new blog post, saying:

“While we have not seen any evidence that these vulnerabilities have been exploited in the wild as of yet, with hundreds of millions of enterprises and users currently vulnerable, it is unavoidable that attackers will seek out those who do not take the necessary precautions. Our motivation for publishing this research is to assist not only our customers, but also the community, in understanding the risk and taking appropriate precautions.

Users should review Dell’s latest advisory and FAQ document, which contain remediation instructions for these flaws. Users should, as Dekel mentioned, install Dell’s updated DBUtil driver as soon as possible to avoid falling victim to any potential attacks attempting to exploit these security flaws.

Off