CVE DATABASE / CVE-2021-21551
CVE-2021-21551
Dell dbutil Driver Insufficient Access Control Vulnerability
CVSS 8.8 · HIGH
⚠ CISA KEV — ACTIVELY EXPLOITED
On the CISA KEV catalog
Confirmed exploited in the wild. Added 2022-03-31.
Federal remediation due 2022-04-21.
Required action: Apply updates per vendor instructions.
Summary
Dell dbutil_2_3.sys driver contains an insufficient access control vulnerability which may lead to escalation of privileges, denial of service, or information disclosure. Local authenticated user access is required.
CVSS 3.1 breakdown
| Base score | 8.8 (HIGH) |
| Vector | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H |
| Attack vector | LOCAL |
| Attack complexity | LOW |
| Privileges required | LOW |
| User interaction | NONE |
| Scope | CHANGED |
| Confidentiality | HIGH |
| Integrity | HIGH |
| Availability | HIGH |
Weakness type (CWE)
Affected products
Dell dbutilDell alienware 14Dell alienware 17 51m r2Dell alienware area 51Dell alienware asm100Dell alienware asm100r2Dell alienware m14xr2Dell alienware m15 r4Dell alienware m17xr4Dell alienware m18xr2Dell canvas 27Dell cheng ming 3967Dell chengming 3967Dell chengming 3977Dell chengming 3980Dell chengming 3988Dell chengming 3990Dell chengming 3991Dell dock wd15Dell dock wd19
Check this CVE live
Use our free CVE Lookup tool for the latest NVD record, or browse the full CISA KEV catalog.
References
- http://packetstormsecurity.com/files/162604/Dell-DBUtil_2_3.sys-IOCTL-Memory-Read-Write.html
- http://packetstormsecurity.com/files/162739/DELL-dbutil_2_3.sys-2.3-Arbitrary-Write-Privilege-Escalation.html
- https://www.dell.com/support/kbdoc/en-us/000186019/dsa-2021-088-dell-client-platform-security-update-for-dell-driver-insufficient-access-control-vulnerability
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-21551
Data: NIST NVD + CISA KEV. NVD last modified 2025-10-28. Always verify against the vendor advisory before acting.