Millions of Dell laptops with Broadcom chips are vulnerable to attack if left unpatched, thanks to firmware vulnerabilities that could allow hackers to steal sensitive data.
Dell ControlVault is system-on-chip (SoC), a hardware-based security solution that stores passwords, biometric templates and security codes within the firmware.
It does this via a daughter board, which Dell refers to as a Unified Security Hub (USH). This is used as a hub to run ControlVault (CV), connecting various security peripherals such as a fingerprint reader, smart card reader and NFC reader.
Designed to provide enhanced security, CV is widely used by cybersecurity companies, government agencies, and other highly security-conscious organizations.
However, according to Cisco Talos researchers, more than 100 Dell laptop models are affected by five vulnerabilities, dubbed ReVault, which affect both the ControlVault3 firmware and its associated Windows APIs.
The flaws include multiple out-of-bounds vulnerabilities, an arbitrary free and a stack-overflow, all affecting the CV firmware, as well as an unsafe-deserialization that affects ControlVault’s Windows APIs.
"These findings highlight the importance of evaluating the security posture of all hardware components within your devices, not just the operating system or software," said Cisco Talos senior vulnerability researcher Philippe Laulheret.
"As Talos demonstrated, vulnerabilities in widely-used firmware such as Dell ControlVault can have far-reaching implications, potentially compromising even advanced security features like biometric authentication."
What the vulnerability means for users
If left unpatched, said Cisco Talos, the vulnerabilities could allow attackers to take full control of a user’s device, steal passwords and access sensitive data such as fingerprint information.
Attack scenarios include privilege escalation, persistent access even after OS reinstallation and exploitation via physical tampering.
"On the Windows side, a non-administrative user can interact with the CV firmware using its associated APIs and trigger an Arbitrary Code Execution on the CV firmware,” said Laulheret
“From this vantage point, it becomes possible to leak key material essential to the security of the device, thus gaining the ability to permanently modify its firmware.”
"This creates the risk of a so-called implant that could stay unnoticed in a laptop’s CV firmware and eventually be used as a pivot back onto the system in the case of a Threat Actor’s post-compromise strategy,” Laulheret added.
Meanwhile, any local attacker with physical access to a user’s laptop could pry it open and directly access the USH board over USB with a custom connector - allowing them to exploit the vulnerabilities without needing to log in into the system or have a full-disk encryption password.
Dell has issued a security advisory on the flaws, DSA-2025-053, and has patches for affected systems. Users are advised to apply these patches, disable any unused services and consider disabling fingerprint login when laptops are likely to be left unattended.
Dell and Broadcom have been approached for comment.
Make sure to follow ITPro on Google News to keep tabs on all our latest news, analysis, and reviews.
MORE FROM ITPRO
- INSERT CONTENT
-
Google launches flagship Gemini 3 model and Google Antigravity, a new agentic AI development platformNews Gemini 3 is the hyperscaler’s most powerful model yet and state of the art on almost every AI benchmark going
-
Microsoft unveils Foundry overhaul for managing, optimizing AI agentsNews The hyperscaler is aiming to simplify AI agent oversight, as organizations grapple with the increasingly complicated business of processing and paying for outputs
-
IBM AIX users urged to patch immediately as researchers sound alarm on critical flawsNews Network administrators should patch the four IBM AIX flaws as soon as possible
-
Logitech says zero-day attack saw hackers copy 'certain data' from internal IT systemsNews The incident is believed to have formed part of a campaign by the Clop extortion group that targeted customers of Oracle’s E-Business Suite
-
Google wants to take hackers to courtNews You don't have a package waiting for you, it's a scam – and Google is fighting back
-
Laid off Intel engineer accused of stealing 18,000 files on the way outNews Intel wants the files back, so it's filed a lawsuit claiming $250,000 in damages
-
GitHub is awash with leaked AI company secrets – API keys, tokens, and credentials were all found out in the openNews Wiz research suggests AI leaders need to clean up their act when it comes to secrets leaking
-
When cyber professionals go rogue: A former ‘ransomware negotiator’ has been charged amid claims they attacked and extorted businessesNews The attackers are alleged to have demanded ransoms of up to $10 million
-
CISA just published crucial new guidance on keeping Microsoft Exchange servers secureNews With a spate of attacks against Microsoft Exchange in recent years, CISA and the NSA have published crucial new guidance for organizations to shore up defenses.
-
US telco confirms hackers breached systems in stealthy state-backed cyber campaign – and remained undetected for nearly a yearNews The hackers remained undetected in the Ribbon Communications’ systems for months
