Cyber Resilience

CVE-2021-21551

HighCISA KEVActive ExploitationEUVD ExploitedPublic PoC

Published: 04 May 2021

Published
04 May 2021
Modified
28 October 2025
KEV Added
31 March 2022
Patch
CVSS Score v3.1 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
EPSS Score 0.7452 98.9th percentile
Risk Priority 82 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2021-21551 is a high-severity Exposed IOCTL with Insufficient Access Control (CWE-782) vulnerability in Dell Dbutil. Its CVSS base score is 8.8 (High).

Operationally, ranked in the top 1.1% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and AC-6 (Least Privilege).

Deeper analysis

The vulnerability is an insufficient access control flaw, tracked as CVE-2021-21551, in the Dell dbutil_2_3.sys driver. It is assigned CWE-782 and carries a CVSS 3.1 base score of 8.8 with the vector AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H. The affected component is a kernel-mode driver distributed with multiple Dell client platforms.

A local authenticated user can send specially crafted IOCTL requests to the driver, enabling arbitrary kernel memory read and write operations. Successful exploitation can result in privilege escalation to kernel level, denial of service through system crashes, or disclosure of sensitive kernel memory contents.

Dell’s DSA-2021-088 advisory describes the issue and directs customers to install the updated driver versions provided in the security update package. Public proof-of-concept code demonstrating both memory read/write primitives and privilege-escalation chains has been published on Packet Storm.

EU & UK References

Vulnerability details

Dell dbutil_2_3.sys driver contains an insufficient access control vulnerability which may lead to escalation of privileges, denial of service, or information disclosure. Local authenticated user access is required.

CWE(s)
KEV Date Added
31 March 2022

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

dell
dbutil
≤ 2.3

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly enforces access restrictions on IOCTL requests to the dbutil_2_3.sys driver so that local users cannot perform arbitrary kernel read/write operations.

prevent

Limits privileges granted to the kernel driver, preventing a local authenticated user from obtaining kernel-level access via the exposed IOCTL interface.

prevent

Protects kernel memory regions from unauthorized read/write primitives that the vulnerable driver would otherwise allow.

References