Dell ControlVault3 Out-of-Bounds Read and Write Vulnerabilities in WBDI Driver Storage Adapter

Multiple out-of-bounds read and write vulnerabilities have been identified in the ControlVault WBDI Driver Broadcom Storage Adapter functionality of Dell ControlVault3, in versions prior to 5.15.14.19, and Dell ControlVault3 Plus, in versions prior to 6.2.36.47. These vulnerabilities can lead to memory corruption, with an attacker able to issue a WinBioControlUnit call to trigger the issue. The vulnerabilities arise because the Storage Adapter fails to properly validate buffer sizes in the WinBioControlUnit calls, allowing for out-of-bounds memory access and potential exploitation.

Impact

Exploitation of these vulnerabilities can cause memory corruption in the WinBio Service, which can lead to a crash of the service, information leaks, and possibly allow for code execution with SYSTEM privileges.

Reproduction

The vulnerabilities can be reproduced by sending a WinBioControlUnit call to the StorageAdapter with specific ControlCodes and buffer size parameters that trigger the out-of-bounds read or write conditions. This can be done using a tool or script that interfaces with the Windows Biometric Driver Interface, targeting the Broadcom Storage Adapter implementation.

Remediation

Users can update to Dell ControlVault3 versions 5.15.14.19 or later, or Dell ControlVault3 Plus versions 6.2.36.47 or later. Instructions for downloading the updated drivers are available on the Dell Support website.