Dell has addressed vulnerabilities in its BIOS driver software used across its desktop and laptop PCs, notebooks, and tablet products. The vulnerable driver, dbutil_2_3.sys, is used in firmware update utility packages, Dell Command Update, Dell Update, Alienware Update, Dell System Inventory Agent, or Dell Platform Tags to update drivers, BIOS, and firmware for Dell products.

It is noted that the vulnerability does not impact the actual firmware updates that the above utilities deliver. Rather, the vulnerability exists in the dbutil_2_3.sys driver that is packaged with the firmware update utility. The driver was discovered to have been vulnerable since 2009. However, there are no signs of exploitation in the wild. This indicates that Dell products that have reached its end of life service may have been affected by the flaws.

______________________________

A. Nature of the Vulnerabilities

Description of the vulnerabilities:

  • CVE-2021-21551, a collection of five flaws in Dell dbutil_2_3.sys driver which may allow locally authenticated attackers to privilege escalation, denial of service, or information disclosure.

______________________________

B. List of Vulnerable Systems

The following platforms and software are impacted by the vulnerable driver:

  • Alienware
  • ChenMing
  • Dell Canvas
  • Dell Docking Station
  • Dell Embedded Box PC
  • Dell G Series
  • Dell Inspiron
  • Dell Latitude
  • Dell OptiPlex
  • Dell Precision
  • Dell Vostro
  • Dell Wyse
  • Dell XPS

(Note: The above list contains Dell platforms that are affected by the vulnerable driver. The list contains both the platforms that are still supported by Dell and those that have reached its end of live service. For further information, refer to the full list provided by Dell)

______________________________

C. Actions to be Taken

CERT-PH recommends the following actions be taken:

  • Users are urged to remove the dbutil _2_3.sys driver on their system by following one of the three options:
    1. Download and run the Dell Security Advisory Update – DSA-2021-088 utility.
    2. Manually remove the vulnerable dbutil_2_3.sys driver:
      • Check the following locations for the dbutil_2_3.sys driver file:
        • C:\Users\<username>\AppData\Local\Temp
        • C:\Windows\Temp
      • Delete the dbutil_2_3.sys file using [SHIFT] + [DELETE] key to permanently delete the file.
    3. For users using one of the Dell notification solutions:
      • If configured to automatically notify updates, download and apply any update, the utility automatically downloaded and applied the update to the system.
      • If not configured, users must  “Check for Updates” and select and apply the Dell Security Advisory Update – DSA-2021-088.
  • After the deletion of the vulnerable driver, Dells users are urged to update their systems via firmware update utility package, Dell Command Update, Dell Update, Alienware Update, Dell System Inventory Agent, or Dell Platform Tags.
  • For additional information regarding the issue, kindly refer to the official Advisory of Dell (https://www.dell.com/support/kbdoc/en-us/000186019/dsa-2021-088-dell-client-platform-security-update-for-dell-driver-insufficient-access-control-vulnerability)