Millions of Dell laptops with Broadcom chips are vulnerable to attack if left unpatched, thanks to firmware vulnerabilities that could allow hackers to steal sensitive data.
Dell ControlVault is system-on-chip (SoC), a hardware-based security solution that stores passwords, biometric templates and security codes within the firmware.
It does this via a daughter board, which Dell refers to as a Unified Security Hub (USH). This is used as a hub to run ControlVault (CV), connecting various security peripherals such as a fingerprint reader, smart card reader and NFC reader.
Designed to provide enhanced security, CV is widely used by cybersecurity companies, government agencies, and other highly security-conscious organizations.
However, according to Cisco Talos researchers, more than 100 Dell laptop models are affected by five vulnerabilities, dubbed ReVault, which affect both the ControlVault3 firmware and its associated Windows APIs.
The flaws include multiple out-of-bounds vulnerabilities, an arbitrary free and a stack-overflow, all affecting the CV firmware, as well as an unsafe-deserialization that affects ControlVault’s Windows APIs.
"These findings highlight the importance of evaluating the security posture of all hardware components within your devices, not just the operating system or software," said Cisco Talos senior vulnerability researcher Philippe Laulheret.
"As Talos demonstrated, vulnerabilities in widely-used firmware such as Dell ControlVault can have far-reaching implications, potentially compromising even advanced security features like biometric authentication."
What the vulnerability means for users
If left unpatched, said Cisco Talos, the vulnerabilities could allow attackers to take full control of a user’s device, steal passwords and access sensitive data such as fingerprint information.
Attack scenarios include privilege escalation, persistent access even after OS reinstallation and exploitation via physical tampering.
"On the Windows side, a non-administrative user can interact with the CV firmware using its associated APIs and trigger an Arbitrary Code Execution on the CV firmware,” said Laulheret
“From this vantage point, it becomes possible to leak key material essential to the security of the device, thus gaining the ability to permanently modify its firmware.”
"This creates the risk of a so-called implant that could stay unnoticed in a laptop’s CV firmware and eventually be used as a pivot back onto the system in the case of a Threat Actor’s post-compromise strategy,” Laulheret added.
Meanwhile, any local attacker with physical access to a user’s laptop could pry it open and directly access the USH board over USB with a custom connector - allowing them to exploit the vulnerabilities without needing to log in into the system or have a full-disk encryption password.
Dell has issued a security advisory on the flaws, DSA-2025-053, and has patches for affected systems. Users are advised to apply these patches, disable any unused services and consider disabling fingerprint login when laptops are likely to be left unattended.
Dell and Broadcom have been approached for comment.
Make sure to follow ITPro on Google News to keep tabs on all our latest news, analysis, and reviews.
MORE FROM ITPRO
- INSERT CONTENT
-
Huawei executive says 'we need to embrace AI hallucinations’News Tao Jingwen, director of Huawei’s quality, business process & IT management department, said firms should embrace hallucinations as part and parcel of generative AI.
-
Advania UK eyes further growth under new CEO James HardyNews Hardy will lead Advania’s UK business as it targets the underserved mid-market with integrated IT services
-
NCA confirms arrest after airport cyber disruptionNews Disruption is easing across Europe following the ransomware incident
-
Cyber skills shortages are pushing firms into dangerous shortcuts – and it’s putting them at huge risk of security breachesNews Chronic cyber skills shortages mean many businesses are implementing quick fixes
-
Pentesters are now a CISOs best friend as critical vulnerabilities skyrocketNews Attack surfaces are expanding rapidly, but pentesters are here to save the day
-
Hackers are disguising malware as ChatGPT, Microsoft Office, and Google Drive to dupe workersNews Beware of downloading applications like ChatGPT, Microsoft Office applications, and Google Drive through search engines
-
Generative AI attacks are accelerating at an alarming rateNews Two new reports from Gartner highlight the new AI-related pressures companies face, and the tools they are using to counter them
-
A terrifying Microsoft flaw could’ve allowed hackers to compromise ‘every Entra ID tenant in the world’News The Entra ID vulnerability could have allowed full access to virtually all Azure customer accounts
-
‘Channel their curiosity into something meaningful’: Cyber expert warns an uptick of youth hackers should be a ‘wake-up call’ after teens charged over TfL attackNews Encouraging youths to engage in positive tech initiatives will guide them down the right path and away from nefarious activities
-
Microsoft and Cloudflare just took down a major phishing operationNews RaccoonO365’s phishing as a service platform has risen to prominence via Telegram
