CVE-2025-36461

Name of the Vulnerable Software and Affected Versions Dell ControlVault3 versions prior to 5.15.14.19 Dell ControlVault3 Plus versions prior to 6.2.36.47

Description The software contains out-of-bounds read and write issues within the ControlVault WBDI Driver Broadcom Storage Adapter functionality. A crafted WinBioControlUnit call can cause memory corruption. The issue is triggered when submitting a WinBioControlUnit call to the StorageAdapter with the ControlCode 0 (WBIO USH GET TEMPLATE) and either 0 < ReceiveBuferSize < 4 or 0 < SendBufferSize < 76. The former can lead to an out-of-bound write of up to 3 bytes, and the latter can trigger an out-of-bound read of up to 75 bytes. The vulnerability is triggered by an API call.

Recommendations Update Dell ControlVault3 to version 5.15.14.19 or later. Update Dell ControlVault3 Plus to version 6.2.36.47 or later.