CVE-2021-21551

Name of the Vulnerable Software and Affected Versions Dell dbutil 2 3.sys driver (affected versions not specified)

Description The Dell dbutil 2 3.sys driver contains an insufficient access control vulnerability, which may lead to escalation of privileges, denial of service, or information disclosure. Local authenticated user access is required. This issue has been exploited by the Lazarus group in a spy campaign, where they used a technique called Bring Your Own Vulnerable Driver (BYOVD) to install a legitimate but vulnerable driver on the victim's device. The vulnerability was then exploited to read and write kernel memory, allowing the attackers to disable security monitoring and execute commands with kernel-level privileges. The campaign targeted individuals in the aerospace industry in the Netherlands and political journalists in Belgium.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.