Millions of Dell laptops are are at risk thanks to a Broadcom chip vulnerability – and more than 100 device models are impacted

Millions of Dell laptops with Broadcom chips are vulnerable to attack if left unpatched, thanks to firmware vulnerabilities that could allow hackers to steal sensitive data.

Dell ControlVault is system-on-chip (SoC), a hardware-based security solution that stores passwords, biometric templates and security codes within the firmware.

It does this via a daughter board, which Dell refers to as a Unified Security Hub (USH). This is used as a hub to run ControlVault (CV), connecting various security peripherals such as a fingerprint reader, smart card reader and NFC reader.

Designed to provide enhanced security, CV is widely used by cybersecurity companies, government agencies, and other highly security-conscious organizations.

However, according to Cisco Talos researchers, more than 100 Dell laptop models are affected by five vulnerabilities, dubbed ReVault, which affect both the ControlVault3 firmware and its associated Windows APIs.

The flaws include multiple out-of-bounds vulnerabilities, an arbitrary free and a stack-overflow, all affecting the CV firmware, as well as an unsafe-deserialization that affects ControlVault’s Windows APIs.

"These findings highlight the importance of evaluating the security posture of all hardware components within your devices, not just the operating system or software," said Cisco Talos senior vulnerability researcher Philippe Laulheret.

"As Talos demonstrated, vulnerabilities in widely-used firmware such as Dell ControlVault can have far-reaching implications, potentially compromising even advanced security features like biometric authentication."

What the vulnerability means for users

If left unpatched, said Cisco Talos, the vulnerabilities could allow attackers to take full control of a user’s device, steal passwords and access sensitive data such as fingerprint information.

Attack scenarios include privilege escalation, persistent access even after OS reinstallation and exploitation via physical tampering.

"On the Windows side, a non-administrative user can interact with the CV firmware using its associated APIs and trigger an Arbitrary Code Execution on the CV firmware,” said Laulheret

“From this vantage point, it becomes possible to leak key material essential to the security of the device, thus gaining the ability to permanently modify its firmware.”

"This creates the risk of a so-called implant that could stay unnoticed in a laptop’s CV firmware and eventually be used as a pivot back onto the system in the case of a Threat Actor’s post-compromise strategy,” Laulheret added.

Meanwhile, any local attacker with physical access to a user’s laptop could pry it open and directly access the USH board over USB with a custom connector - allowing them to exploit the vulnerabilities without needing to log in into the system or have a full-disk encryption password.

Dell has issued a security advisory on the flaws, DSA-2025-053, and has patches for affected systems. Users are advised to apply these patches, disable any unused services and consider disabling fingerprint login when laptops are likely to be left unattended.

Dell and Broadcom have been approached for comment.

Make sure to follow ITPro on Google News to keep tabs on all our latest news, analysis, and reviews.

MORE FROM ITPRO

• INSERT CONTENT