PT-2025-47228 · Broadcom+1 · Broadcom Storage Adapter+2
Philippe Laulheret
·
Published
2025-11-17
·
Updated
2025-11-18
·
CVE-2025-36462
CVSS v3.1
7.3
High
| Vector | AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Dell ControlVault3 versions prior to 5.15.14.19
Dell ControlVault3 Plus versions prior to 6.2.36.47
Description
The software contains out-of-bounds read and write issues within the ControlVault WBDI Driver Broadcom Storage Adapter functionality. A crafted
WinBioControlUnit call can cause memory corruption. The issue is triggered when submitting a WinBioControlUnit call to the StorageAdapter with the ControlCode 3 (WBIO USH CREATE CHALLENGE) and with 0 < ReceiveBuferSize < 4. This results in up to three null-bytes being written past the end of the ReceiveBuffer. The vulnerability can be triggered by issuing an API call.Recommendations
Update Dell ControlVault3 to version 5.15.14.19 or later.
Update Dell ControlVault3 Plus to version 6.2.36.47 or later.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Broadcom Storage Adapter
Dell Controlvault3
Dell Controlvault3 Plus