CVE-2025-36461: CWE-805 - Buffer Access with Incorrect Length Value in Broadcom BCM5820X
Multiple out-of-bounds read and write vulnerabilities exist in the ControlVault WBDI Driver Broadcom Storage Adapter functionality of Dell ControlVault3 prior to 5.15.14.19 and Dell ControlVault3 Plus prior to 6.2.36.47. A specially crafted WinBioControlUnit call can lead to memory corruption. An attacker can issue an api call to trigger this vulnerability. This vulnerability is triggered when submitting a `WinBioControlUnit` call to the StorageAdapter with the ControlCode 0 (`WBIO_USH_GET_TEMPLATE`) and with either and an invalid `ReceiveBuferSize` and/or an invalid `SendBufferSize`.
AI Analysis
Technical Summary
CVE-2025-36461 is a vulnerability classified under CWE-805 (Buffer Access with Incorrect Length Value) affecting the Broadcom BCM5820X component integrated into Dell ControlVault3 and ControlVault3 Plus devices. The flaw arises from improper handling of buffer sizes in the ControlVault WBDI Driver's Storage Adapter functionality. Specifically, when a WinBioControlUnit API call is made with ControlCode 0 (WBIO_USH_GET_TEMPLATE) and the ReceiveBufferSize is greater than 0 but less than 4, an out-of-bounds write of up to 3 bytes occurs. Similarly, if the SendBufferSize is greater than 0 but less than 76, an out-of-bounds read of up to 75 bytes is triggered. These memory corruption issues can lead to arbitrary code execution, privilege escalation, or denial of service. The vulnerability requires local privileges (AV:L), low attack complexity (AC:L), and limited user interaction (UI:R). The scope is unchanged (S:U), but the impact on confidentiality, integrity, and availability is high (C:H/I:H/A:H). No patches were listed at the time of publication, and no known exploits are reported in the wild. The vulnerability affects Dell devices using Broadcom BCM5820X chips, which are commonly found in enterprise biometric authentication modules. Attackers with local access could exploit this flaw by issuing crafted API calls, potentially compromising system security.
Potential Impact
For European organizations, this vulnerability poses a significant risk especially in sectors relying on biometric authentication and secure hardware modules, such as finance, government, and critical infrastructure. Exploitation could lead to unauthorized access to sensitive biometric templates, system compromise, and disruption of authentication services. The high impact on confidentiality, integrity, and availability means that data breaches, privilege escalations, and service outages are possible. Given the requirement for local privileges and user interaction, insider threats or attackers with initial footholds could leverage this vulnerability to escalate control. The lack of current exploits reduces immediate risk but does not eliminate the threat, especially as attackers may develop exploits over time. Organizations using Dell hardware with Broadcom BCM5820X components should consider this a high-priority security issue.
Mitigation Recommendations
1. Monitor and restrict access to the WinBioControlUnit API, especially calls with ControlCode 0, to trusted processes and users only. 2. Implement strict privilege separation and limit local user permissions to reduce the attack surface. 3. Deploy endpoint detection and response (EDR) solutions to detect anomalous API calls or memory corruption indicators. 4. Coordinate with Dell and Broadcom for timely patch releases and apply updates immediately upon availability. 5. Conduct regular audits of biometric authentication systems to ensure integrity and detect tampering. 6. Educate users about the risks of executing untrusted code or scripts that might invoke vulnerable API calls. 7. Consider network segmentation to isolate systems with vulnerable hardware from less secure environments. 8. Use application whitelisting to prevent unauthorized software from invoking the vulnerable driver functions.
Affected Countries
Germany, France, United Kingdom, Netherlands, Italy, Spain, Sweden, Belgium
CVE-2025-36461: CWE-805 - Buffer Access with Incorrect Length Value in Broadcom BCM5820X
Description
Multiple out-of-bounds read and write vulnerabilities exist in the ControlVault WBDI Driver Broadcom Storage Adapter functionality of Dell ControlVault3 prior to 5.15.14.19 and Dell ControlVault3 Plus prior to 6.2.36.47. A specially crafted WinBioControlUnit call can lead to memory corruption. An attacker can issue an api call to trigger this vulnerability. This vulnerability is triggered when submitting a `WinBioControlUnit` call to the StorageAdapter with the ControlCode 0 (`WBIO_USH_GET_TEMPLATE`) and with either and an invalid `ReceiveBuferSize` and/or an invalid `SendBufferSize`.
AI-Powered Analysis
Technical Analysis
CVE-2025-36461 is a vulnerability classified under CWE-805 (Buffer Access with Incorrect Length Value) affecting the Broadcom BCM5820X component integrated into Dell ControlVault3 and ControlVault3 Plus devices. The flaw arises from improper handling of buffer sizes in the ControlVault WBDI Driver's Storage Adapter functionality. Specifically, when a WinBioControlUnit API call is made with ControlCode 0 (WBIO_USH_GET_TEMPLATE) and the ReceiveBufferSize is greater than 0 but less than 4, an out-of-bounds write of up to 3 bytes occurs. Similarly, if the SendBufferSize is greater than 0 but less than 76, an out-of-bounds read of up to 75 bytes is triggered. These memory corruption issues can lead to arbitrary code execution, privilege escalation, or denial of service. The vulnerability requires local privileges (AV:L), low attack complexity (AC:L), and limited user interaction (UI:R). The scope is unchanged (S:U), but the impact on confidentiality, integrity, and availability is high (C:H/I:H/A:H). No patches were listed at the time of publication, and no known exploits are reported in the wild. The vulnerability affects Dell devices using Broadcom BCM5820X chips, which are commonly found in enterprise biometric authentication modules. Attackers with local access could exploit this flaw by issuing crafted API calls, potentially compromising system security.
Potential Impact
For European organizations, this vulnerability poses a significant risk especially in sectors relying on biometric authentication and secure hardware modules, such as finance, government, and critical infrastructure. Exploitation could lead to unauthorized access to sensitive biometric templates, system compromise, and disruption of authentication services. The high impact on confidentiality, integrity, and availability means that data breaches, privilege escalations, and service outages are possible. Given the requirement for local privileges and user interaction, insider threats or attackers with initial footholds could leverage this vulnerability to escalate control. The lack of current exploits reduces immediate risk but does not eliminate the threat, especially as attackers may develop exploits over time. Organizations using Dell hardware with Broadcom BCM5820X components should consider this a high-priority security issue.
Mitigation Recommendations
1. Monitor and restrict access to the WinBioControlUnit API, especially calls with ControlCode 0, to trusted processes and users only. 2. Implement strict privilege separation and limit local user permissions to reduce the attack surface. 3. Deploy endpoint detection and response (EDR) solutions to detect anomalous API calls or memory corruption indicators. 4. Coordinate with Dell and Broadcom for timely patch releases and apply updates immediately upon availability. 5. Conduct regular audits of biometric authentication systems to ensure integrity and detect tampering. 6. Educate users about the risks of executing untrusted code or scripts that might invoke vulnerable API calls. 7. Consider network segmentation to isolate systems with vulnerable hardware from less secure environments. 8. Use application whitelisting to prevent unauthorized software from invoking the vulnerable driver functions.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- talos
- Date Reserved
- 2025-04-15T21:17:08.088Z
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 691baab2bb922d22627c9506
Added to database: 11/17/2025, 11:07:30 PM
Last enriched: 11/17/2025, 11:16:21 PM
Last updated: 11/18/2025, 6:05:39 AM
Views: 6
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Related Threats
CVE-2025-48593: Remote code execution in Google Android
CriticalCVE-2025-64734: CWE-772 Missing Release of Resource after Effective Lifetime in Gallagher T21 Reader
LowCVE-2025-52578: CWE-335 Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG) in Gallagher High Sec End of Line Module
MediumCVE-2025-52457: CWE-208 Observable Timing Discrepancy in Gallagher HBUS Devices
MediumCVE-2025-8693: CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in Zyxel DX3300-T0 firmware
HighActions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.