The vulnerabilities were found by security shop SentinelLabs, which said in a blog post that they could be used for local escalation to kernel mode.
The affected drivers are present in millions of Windows devices that have been released by Dell since 2009, SentinelOne, the research unit of the security firm, said in the post which was issued on Tuesday.
He said in an advisory that the driver in question had come to his notice because of the use of Process Hacker which generates a pop-up whenever a service is created or deleted.
Dekel said Dell had issued a single CVE to cover all the vulnerabilities but these could be broken down into its components:
- CVE-2021-21551: Local Elevation Of Privileges #1 – Memory corruption
- CVE-2021-21551: Local Elevation Of Privileges #2 – Memory corruption
- CVE-2021-21551: Local Elevation Of Privileges #3 – Lack of input validation
- CVE-2021-21551: Local Elevation Of Privileges #4 – Lack of input validation
- CVE-2021-21551: Denial Of Service – Code logic issue
While SentinelOne had developed proof-of-concept code, Dekel said this would not be published until 1 June in order to give Dell users time to update their systems.
He provided technical details of the vulnerabilities in his blog post.
Satnam Narang, staff research engineer at security outfit Tenable, said the flaws included two memory corruption flaws, two lack of input validation flaws and a code logic flaw.
"The flaws reside in DBUtil, which is the firmware update driver of the Dell Bios Utility, pre-installed on most Dell machines with Windows," he added.
Narang said the vulnerabilities could be exploited when an attacker ran a specially crafted executable on a system with a vulnerable version of the firmware update driver of the Dell Bios Utility.
"An attacker may be able to find themselves on a vulnerable system using a variety of tactics, but they are typically limited in what they can accomplish due to the existing permissions of the user," he explained.
"Therefore, a vulnerability such as this could be really useful for an attacker looking to elevate their privileges in order to do more damage, such as bypassing the built-in protections that prevent them from arbitrarily writing to the disk.
"Although Dell has released a patch for the vulnerable driver, the certificate used to sign the vulnerable driver has not yet been revoked.
"This means an attacker could still potentially leverage these vulnerabilities by BYOVD, or bringing your own vulnerable driver onto a system. Once the certificate has been revoked, the vulnerable driver will no longer be trusted and cannot be used by an attacker.
"Organisations should work to identify vulnerable assets within their environment and ensure they are patched in a timely manner, as it won't be hard for attackers to figure out just how they can exploit these flaws."