Dell has been manufacturing laptops, desktops, and enterprise-level devices for several decades. Throughout the period, the company has updated and released multiple hardware drivers. According to the latest cybersecurity reports, however, multiple vulnerabilities have been found in one of the standard Dell drivers.
Dell driver security vulnerabilities
Dell has been pushing this driver software for more than 12 years, and the vulnerabilities can affect several millions of devices easily. It is worth noting that the said driver has been released to almost all devices since it has to do with the BIOS update process.
According to cybersecurity experts, the vulnerabilities vary in terms of risk. While some of them can be used for local elevation of privileges, others are the potential channels for Denial of Service. Collectively, the bugs are being called CVE-2021-21551.
However, Kasif Dekel, a security expert from the company SentinelOne, adds that the threat cannot be considered deadly. To make use of the vulnerability, an attacker must have access to a Dell in the first place. It means only an infected system is subject to any exploit using the CVE-2021-21551 flaw.
Nevertheless, talking in terms of numbers, especially given that any system could be compromised, the flaw can impact millions of desktops, laptops, tablet PCs, and other devices from Dell.
Kasif Dekel discovered the issue, and the crucial information regarding the exploit has been provided to Dell. However, the cybersecurity expert added that Dell is yet to pull the license of the problematic driver even though the company has prepared a security advisory. As a part of the advisory, Dell will develop and roll out a driver that does not entail the problem.
However, since the process may take a while, an attacker could use the exploit. The expert who found the issue has not yet published complete information about the flaw. Instead, he has given Dell time till the 1st of June 2021 to deal with the matter. After that, Dekel may share a full proof-of-exploit.