92 matches found
Dell ControlVault3 Driver Vulnerability (DSA-2025-053)
The version of the Dell ControlVault3 cvusbdrv.sys driver installed on the remote host is 5.x prior to 5.15.10.14, or 6.x prior to 6.2.26.36. It is, therefore, affected by multiple vulnerabilities as referenced in the vendor advisory: - An out-of-bounds write vulnerability exists in the...
Dell ControlVault3 Driver Detection (Windows)
Binary data dellcontrolvault3driverwininstalled.nbin...
ReVault! When your SoC turns against you…
Talos reported 5 vulnerabilities to Broadcom and Dell affecting both the ControlVault3 Firmware and its associated Windows APIs that we are calling "ReVault". 100+ models of Dell Laptops are affected by this vulnerability if left unpatched. The ReVault attack can be used as a post-compromise...
The vulnerability of the cv_send_blockdata() function in the Dell ControlVault3 security driver package allows a attacker to disclose protected information.
The vulnerability of the cvsendblockdata function in the Dell ControlVault3 security driver suite relates to reading data beyond the buffer boundaries in memory. Exploiting this vulnerability could allow an attacker to disclose protected information...
The vulnerability of the cv_close() function in the Dell ControlVault3 security driver package allows a attacker to execute arbitrary code or cause a service failure.
The vulnerability of the cvclose function in the Dell ControlVault3 security driver suite is related to the release of an incorrect pointer. Exploiting this vulnerability could allow an attacker to execute arbitrary code or cause service failures...
The vulnerability of the securebio_identify() function in the Dell ControlVault3 security management driver allows a attacker to execute arbitrary code.
The vulnerability of the securebioidentify function in the Dell ControlVault3 security driver suite is related to buffer overflow in the stack. Exploiting this vulnerability could allow an attacker to execute arbitrary code...
The vulnerability of the cv_upgrade_sensor_firmware() function in the Dell ControlVault3 security driver package allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.
The vulnerability of the cvupgradesensorfirmware function in the Dell ControlVault3 security driver suite is related to writing beyond buffer boundaries. Exploiting this vulnerability could allow an attacker to compromise the confidentiality, integrity, and accessibility of the protected...
The vulnerability of the cvhDecapsulateCmd() function in the Dell ControlVault3 security driver package allows a attacker to execute arbitrary code.
The vulnerability of the cvhDecapsulateCmd function in the Dell ControlVault3 security driver suite is related to deficiencies in the deserialization mechanism. Exploiting this vulnerability could allow an attacker to execute arbitrary code...
CVE-2025-25050
An out-of-bounds write vulnerability exists in the cvupgradesensorfirmware functionality of Dell ControlVault3 prior to 5.15.10.14 and Dell ControlVault 3 Plus prior to 6.2.26.36. A specially crafted ControlVault API call can lead to an out-of-bounds write. An attacker can issue an API call to...
CVE-2025-25215
An arbitrary free vulnerability exists in the cvclose functionality of Dell ControlVault3 prior to 5.15.10.14 and Dell ControlVault3 Plus prior to 6.2.26.36. A specially crafted ControlVault API call can lead to an arbitrary free. An attacker can forge a fake session to trigger this vulnerability...
CVE-2025-24919
A deserialization of untrusted input vulnerability exists in the cvhDecapsulateCmd functionality of Dell ControlVault3 prior to 5.15.10.14 and ControlVault3 Plus prior to 6.2.26.36. A specially crafted ControlVault response to a command can lead to arbitrary code execution. An attacker can...
CVE-2025-24922
A stack-based buffer overflow vulnerability exists in the securebioidentify functionality of Dell ControlVault3 prior to 5.15.10.14 and Dell ControlVault3 Plus prior to 6.2.26.36. A specially crafted malicious cvobject can lead to a arbitrary code execution. An attacker can issue an API call to...
CVE-2025-24311
An out-of-bounds read vulnerability exists in the cvsendblockdata functionality of Dell ControlVault3 prior to 5.15.10.14 and Dell ControlVault3 Plus prior to 6.2.26.36. A specially crafted ControlVault API call can lead to an information leak. An attacker can issue an API call to trigger this...
CVE-2025-25215
An arbitrary free vulnerability exists in the cvclose functionality of Dell ControlVault3 prior to 5.15.10.14 and Dell ControlVault3 Plus prior to 6.2.26.36. A specially crafted ControlVault API call can lead to an arbitrary free. An attacker can forge a fake session to trigger this vulnerability...
CVE-2025-24919 Dell ControlVault3/ControlVault3 Plus deserialization of untrusted input vulnerability
A deserialization of untrusted input vulnerability exists in the cvhDecapsulateCmd functionality of Dell ControlVault3 prior to 5.15.10.14 and ControlVault3 Plus prior to 6.2.26.36. A specially crafted ControlVault response to a command can lead to arbitrary code execution. An attacker can...
CVE-2025-24919
Dell ControlVault3 CVE-2025-24919 is a deserialization of untrusted input flaw in cvhDecapsulateCmd (bcmbipdll.dll). A crafted firmware response can cause incorrect parameter handling and memory corruption, enabling arbitrary code execution on the firmware. Affected products: ControlVault3 prior ...
CVE-2025-24922
A stack-based buffer overflow vulnerability exists in the securebioidentify functionality of Dell ControlVault3 prior to 5.15.10.14 and Dell ControlVault3 Plus prior to 6.2.26.36. A specially crafted malicious cvobject can lead to a arbitrary code execution. An attacker can issue an API call to...
CVE-2025-24311
An out-of-bounds read vulnerability exists in the cvsendblockdata functionality of Dell ControlVault3 prior to 5.15.10.14 and Dell ControlVault3 Plus prior to 6.2.26.36. A specially crafted ControlVault API call can lead to an information leak. An attacker can issue an API call to trigger this...
CVE-2025-25050 Dell ControlVault3/ControlVault3 Plus cv_upgrade_sensor_firmware out-of-bounds write vulnerability
An out-of-bounds write vulnerability exists in the cvupgradesensorfirmware functionality of Dell ControlVault3 prior to 5.15.10.14 and Dell ControlVault 3 Plus prior to 6.2.26.36. A specially crafted ControlVault API call can lead to an out-of-bounds write. An attacker can issue an API call to...
CVE-2025-25050 Dell ControlVault3/ControlVault3 Plus cv_upgrade_sensor_firmware out-of-bounds write vulnerability
An out-of-bounds write vulnerability exists in the cvupgradesensorfirmware functionality of Dell ControlVault3 prior to 5.15.10.14 and Dell ControlVault 3 Plus prior to 6.2.26.36. A specially crafted ControlVault API call can lead to an out-of-bounds write. An attacker can issue an API call to...