CVE-2021-21551 PoC — Dell dbutil Driver 安全漏洞

Source

https://github.com/Eap2468/CVE-2021-21551

Associated Vulnerability

Title:Dell dbutil Driver 安全漏洞 (CVE-2021-21551)
Description:Dell dbutil Driver是美国戴尔（Dell）公司的一个应用软件。提供了戴尔公司设备的一个驱动程序。 Dell dbutil Driver 存在安全漏洞，该漏洞源于戴尔dbutil驱动程序dbutil 2 .sys中不正确的访问限制。以下产品及版本受到影响：DBUtil: 2.3 。

Description

Proof of concept exploit for CVE-2021-21551

Readme

# CVE-2021-21551
Proof of concept exploit for CVE-2021-21551, vulnerability comes from user provided addresses being provided as arguments to a memmove call allowing for an arbitary read/write (ioctls 0x9B0C1EC4 and 0x9B0C1EC8)  as well as the physical address parameter for a MmMapIoSpace call that provides another arbitary read/write (ioctls 0x9B0C1F40 and 0x9B0C1F44)

![Pasted image 20240802160935](https://github.com/user-attachments/assets/4c1cebe4-b4bf-48ec-b5a8-cc7643bd2ff4)

File Snapshot


 [4.0K]  /data/pocs/66216fde25f6d142197d254541e4126ff7de7edb
├── [4.0K]  CVE-2021-21551
│   ├── [6.5K]  CVE-2021-21551.vcxproj
│   ├── [ 977]  CVE-2021-21551.vcxproj.filters
│   ├── [ 168]  CVE-2021-21551.vcxproj.user
│   └── [5.1K]  Main.cpp
├── [1.4K]  CVE-2021-21551.sln
└── [ 485]  README.md

1 directory, 6 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!