However, it allows threat actors and malware to gain persistence on the infected system.Īlthough there is a single tracking number, Dekel says that there are five separate flaws, most of them leading to privilege escalation and one code logic issue that leads to denial of service. This type of vulnerability is not considered critical because an attacker exploiting it needs to have compromised the computer beforehand. Looking closer at the DBUtil driver, Kasif Dekel, a security researcher at cybersecurity company SentinelOne, found that it can be exploited “to escalate privileges from a non-administrator user to kernel mode privileges.”Ĭode from an attacker running with this level of permissions would have unrestricted access to all hardware available on the system, including referencing any memory address.
Five flaws in oneĪ collection of five flaws, collectively tracked as CVE-2021-21551, have been discovered in DBUtil, a driver from that Dell machines install and load during the BIOS update process and is unloaded at the next reboot.
It is estimated that hundreds of millions of Dell computers, from desktops and laptops to tablets, received the vulnerable driver through BIOS updates. A driver that’s been pushed for the past 12 years to Dell computer devices for consumers and enterprises contains multiple vulnerabilities that could lead to increased privileges on the system.