← back
CVE-2021-21551

CVE-2021-21551

CVSS 8.8 HIGHEPSS 57.5%● KEVCWE-782
In short

A flaw in Dell's dbutil_2_3.sys driver allows local users with account access to gain higher privileges, crash the system, or read sensitive data. This is dangerous because it lets ordinary users become administrators.

Technical detail

The dbutil_2_3.sys driver implements insufficient access control on privileged operations, allowing authenticated local users to escalate privileges, trigger denial of service conditions, or disclose kernel memory. Exploitation requires existing local authentication and interaction with the affected driver interface.

Summary generated and translated by AI from the official description.
Dell dbutil_2_3.sys driver contains an insufficient access control vulnerability which may lead to escalation of privileges, denial of service, or information disclosure. Local authenticated user access is required.
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Affected products
Dell · dbutil
public PoCs found15
githubgithub.com/waldo-irc/CVE-2021-21551235githubgithub.com/tijme/kernel-mii85githubgithub.com/mathisvickie/CVE-2021-2155159githubgithub.com/ihack4falafel/Dell-Driver-EoP-CVE-2021-2155132githubgithub.com/nanabingies/CVE-2021-2155126githubgithub.com/ch3rn0byl/CVE-2021-2155124githubgithub.com/mzakocs/CVE-2021-21551-POC23githubgithub.com/arnaudluti/PS-CVE-2021-215511githubgithub.com/Eap2468/CVE-2021-215511githubgithub.com/IlanDudnik/CVE-2021-215510githubgithub.com/bengabay1994/cve-2021-21551-PoC0githubgithub.com/luke0x90/CVE-2021-215510exploitdbwww.exploit-db.com/exploits/49893unverifiedcve_referencepacketstormsecurity.com/files/162739/DELL-dbutil_2_3.sys-2.3-Arbitrary-Write-Privilege-Escalation.htmlunverifiedcve_referencepacketstormsecurity.com/files/162604/Dell-DBUtil_2_3.sys-IOCTL-Memory-Read-Write.htmlunverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://packetstormsecurity.com/files/162604/Dell-DBUtil_2_3.sys-IOCTL-Memory-Read-Write.htmlhttp://packetstormsecurity.com/files/162739/DELL-dbutil_2_3.sys-2.3-Arbitrary-Write-Privilege-Escalation.htmlhttps://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-21551https://www.dell.com/support/kbdoc/en-us/000186019/dsa-2021-088-dell-client-platform-security-update-for-dell-driver-insufficient-access-control-vulnerability