Security News > 2021 > May > Hundreds of Millions of Dell Users at Risk from Kernel-Privilege Bugs

Hundreds of Millions of Dell Users at Risk from Kernel-Privilege Bugs
2021-05-04 16:07

Five high-severity security flaws in Dell's firmware update driver are impacting potentially hundreds of millions of Dell desktops, laptops, notebooks and tablets, researchers said.

The multiple local privilege-escalation bugs exist in the firmware update driver version 2.3 module, which has been in use since 2009.

The driver component handles Dell firmware updates via the Dell BIOS Utility, and it comes pre-installed on most Dell machines running Windows.

"Hundreds of millions of Dell devices have updates pushed on a regular basis, for both consumer and enterprise systems," according to SentinelLabs researchers, writing in a Tuesday blog posting.

SentinelLabs also highlighted the issue in the driver that's at the heart of LPEs No. 3 and 4: It's possible to run in/out instructions in kernel mode with arbitrary operands, i.e., instructions that specify what data is to be manipulated or operated on.

Dell has issued patches, available in Dell Security Advisory DSA-2021-088.


News URL

https://threatpost.com/dell-kernel-privilege-bugs/165843/

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Dell 1678 29 437 430 109 1005