There have been critical security problems in Dell’s driver software for the past 12 years. These vulnerabilities have now been found and fixed with a patch.
Although the problems have been in the software for a very long time, they were only recently discovered by SentinelLabs’ researcher Kasif Dekel. He researched Dell’s DBUtil BIOS driver software, which is used for Dell’s desktop PCs as well as its laptops and tablets. The problems have existed since 2009. However, according to SentinelLabs, it does not appear that it has already been exploited.
There is a logic problem that arose during a denial of service. Two problems, to be specific, with corrupt memory and two security errors caused by insufficient validation of the input. The researchers say, “These multiple high severity vulnerabilities in Dell software could allow attackers to escalate privileges from a non-administrator user to kernel mode privileges.”
Major bugs in Dell devices
The biggest problem is in the access control list requirements, where access can be controlled. These are not called when you make an I/O Control request. “Allowing any process to communicate with your driver is often a bad practice since drivers operate with the highest of privileges; thus, some IOCTL functions can be abused ‘by design’.”
Another bug was also critical: it allowed arbitrary operands to be used to execute IN/OUT instructions in kernel mode.
“Since IOPL (I/O privilege level) equals to CPL (current privilege level), it is obviously possible to interact with peripheral devices such as the HDD and GPU to either read/write directly to the disk or invoke DMA operations. For example, we could communicate with ATA port IO for directly writing to the disk, then overwrite a binary that is loaded by a privileged process.”
It is good that Dell took quick action. These vulnerabilities are in millions of devices around the world. Fortunately, it seems that this weakness has not been exploited, which Dell also claims. However, this could have happened for the last 12 years.