Dell ControlVault3 cv_send_blockdata out-of-bounds read vulnerability

Talos Vulnerability Report TALOS-2024-2127 Dell ControlVault3 cv_send_blockdata out-of-bounds read vulnerability August 9, 2025 CVE Number CVE-2025-24311 SUMMARY An out-of-bounds read vulnerability exists in the cv_send_blockdata functionality of Dell ControlVault3 5.14.3.0. A specially crafted ControlVault API call can lead to an information leak. An attacker can issue an api call to trigger this vulnerability. CONFIRMED VULNERABLE VERSIONS The versions below were either tested or verified to be vulnerable by Talos or confirmed to be vulnerable by the vendor. Broadcom BCM5820X Dell ControlVault3 5.14.3.0 Dell ControlVault3 Driver and Firmware prior to 5.15.10.14 Dell ControlVault3 Plus Driver and Firmware prior to 6.2.26.36 PRODUCT URLS ControlVault3 – https://dell.com/ BCM5820X – https://www.broadcom.com/products/embedded-and-networking-processors/secure/bcm5820x CVSSv3 SCORE 8.4 – CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:H CWE CWE-20 – Improper Input Validation DETAILS Dell ControlVault is a hardware based solution that can securely store passwords, biometric templates and security codes. It can interface with smart cards, Near-field Communication (NFC) devices and fingerprint readers. The hardware solution is based on the Broadcom BCM5820X chip series. Context On windows, any low privilege user can interface with the ControlVault3 hardware. In order to do so, a userland dll bcmbipdll.dll can be used to talk with the device driver cvusbdrv.sys which in turns talk…Read More