Attention Dell users! This security flaw can expose your data
What's the story
Cybersecurity experts from Cisco Talos have discovered a critical vulnerability in Dell's ControlVault3 and ControlVault3+ firmware. The flaw, dubbed ReVault, also impacts their respective Windows APIs. The issue could let hackers bypass the Windows logon screen, seize system privileges, and gain persistent access to the device, even after an OS reinstall.
Security module
What is ControlVault and which devices are affected?
ControlVault is a hardware-based security module that safely stores passwords, biometric templates, and security codes on a dedicated daughter board called the Unified Security Hub (USH). This system is commonly found in Dell Latitude, Precision, and Rugged laptops used by enterprises and government agencies. The affected devices use either ControlVault3 or ControlVault3+ modules powered by the Broadcom Secure Controller chip.
Impacted devices
Over 100 Dell Latitude and Precision laptops at risk
Dell has confirmed that over 100 actively supported laptop models are at risk from this vulnerability. The list includes various Latitude and Precision series laptops, such as Latitude 5440, 5450, 5500, and others. If your Dell laptop is one of these models, or any other business-centric Latitude/Precision series, it may be vulnerable unless updated.
Vulnerabilities
Vulnerabilities could allow code execution, data leaks, and more
Cisco Talos has found five major vulnerabilities in Dell's firmware: multiple out-of-bounds flaws, an arbitrary free issue, a stack overflow, and unsafe deserialization in ControlVault's Windows APIs. These flaws can be exploited to execute arbitrary code within the firmware, leak secure data, implant malicious firmware, and bypass login protections. A non-administrative Windows user could exploit these APIs to inject code into the ControlVault firmware.
Mitigation steps
Update firmware immediately to mitigate risks
To reduce the risk of exploitation, Cisco Talos and Dell recommend users update their firmware immediately. For ControlVault3, the version should be 5.15.10.14 or later, while for ControlVault3+, it should be upgraded to version 6.2.26.36 or later. These updates are available via Windows Update and Dell's support website. Users are also advised to disable unused security peripherals and limit biometric use in risky environments as additional precautionary measures against potential attacks exploiting this vulnerability in affected Dell laptops' firmware systems.