CVE-2025-36463: CWE-805 - Buffer Access with Incorrect Length Value in Broadcom BCM5820X
Multiple out-of-bounds read and write vulnerabilities exist in the ControlVault WBDI Driver Broadcom Storage Adapter functionality of Dell ControlVault3 prior to 5.15.14.19 and Dell ControlVault3 Plus prior to 6.2.36.47. A specially crafted WinBioControlUnit call can lead to memory corruption. An attacker can issue an api call to trigger this vulnerability. This vulnerability is triggered when submitting a `WinBioControlUnit` call to the StorageAdapter with the ControlCode 4 (`WBIO_USH_ADD_RECORD`) and with an invalid `SendBufferSize`.
AI Analysis
Technical Summary
CVE-2025-36463 is a vulnerability classified under CWE-805 (Buffer Access with Incorrect Length Value) affecting the Broadcom BCM5820X component integrated into Dell ControlVault3 and ControlVault3 Plus devices prior to versions 5.15.14.19 and 6.2.36.47 respectively. The flaw arises from improper bounds checking when processing the WinBioControlUnit API call, specifically with ControlCode 4 (WBIO_USH_ADD_RECORD). When the SendBufferSize parameter is greater than zero but less than 104 bytes, the driver performs out-of-bounds reads and writes beyond the allocated SendBuffer, leading to memory corruption. This can be exploited by a local attacker with limited privileges who can trigger the API call, requiring user interaction. The memory corruption could compromise confidentiality, integrity, and availability of the system, potentially allowing code execution or denial of service. However, exploitation is constrained by strict input size requirements and the need for specific API call parameters, which may limit practical exploitation mostly to denial-of-service attacks. No public exploits are known, and no patches are currently linked, indicating the need for vigilance and prompt patching once available.
Potential Impact
For European organizations, this vulnerability poses a significant risk especially to entities using Dell hardware with Broadcom BCM5820X components that rely on biometric authentication or secure storage features provided by ControlVault3 devices. Successful exploitation could lead to memory corruption resulting in denial of service, data leakage, or unauthorized code execution, undermining system security and operational continuity. Critical sectors such as finance, healthcare, government, and telecommunications that depend on secure authentication mechanisms are particularly vulnerable. The requirement for local privileges and user interaction reduces remote exploitation risk but insider threats or compromised endpoints could leverage this vulnerability. Disruption of biometric security modules could also impact compliance with EU data protection regulations (e.g., GDPR) due to potential exposure of sensitive biometric data.
Mitigation Recommendations
Organizations should prioritize applying vendor patches as soon as they become available for Dell ControlVault3 and ControlVault3 Plus devices. Until patches are released, restrict access to the WinBioControlUnit API to trusted users and processes only, employing application whitelisting and privilege restrictions. Monitor system logs and biometric authentication service calls for unusual or malformed WinBioControlUnit requests, especially those with ControlCode 4 and SendBufferSize values between 1 and 103. Implement endpoint detection and response (EDR) solutions to detect anomalous memory corruption behaviors. Conduct regular audits of devices using Broadcom BCM5820X components and consider isolating or limiting use of vulnerable hardware in sensitive environments. Educate users about the risks of executing untrusted code or scripts that might invoke vulnerable API calls. Finally, maintain up-to-date backups and incident response plans to mitigate potential denial-of-service impacts.
Affected Countries
Germany, France, United Kingdom, Netherlands, Italy, Spain, Sweden, Belgium
CVE-2025-36463: CWE-805 - Buffer Access with Incorrect Length Value in Broadcom BCM5820X
Description
Multiple out-of-bounds read and write vulnerabilities exist in the ControlVault WBDI Driver Broadcom Storage Adapter functionality of Dell ControlVault3 prior to 5.15.14.19 and Dell ControlVault3 Plus prior to 6.2.36.47. A specially crafted WinBioControlUnit call can lead to memory corruption. An attacker can issue an api call to trigger this vulnerability. This vulnerability is triggered when submitting a `WinBioControlUnit` call to the StorageAdapter with the ControlCode 4 (`WBIO_USH_ADD_RECORD`) and with an invalid `SendBufferSize`.
AI-Powered Analysis
Technical Analysis
CVE-2025-36463 is a vulnerability classified under CWE-805 (Buffer Access with Incorrect Length Value) affecting the Broadcom BCM5820X component integrated into Dell ControlVault3 and ControlVault3 Plus devices prior to versions 5.15.14.19 and 6.2.36.47 respectively. The flaw arises from improper bounds checking when processing the WinBioControlUnit API call, specifically with ControlCode 4 (WBIO_USH_ADD_RECORD). When the SendBufferSize parameter is greater than zero but less than 104 bytes, the driver performs out-of-bounds reads and writes beyond the allocated SendBuffer, leading to memory corruption. This can be exploited by a local attacker with limited privileges who can trigger the API call, requiring user interaction. The memory corruption could compromise confidentiality, integrity, and availability of the system, potentially allowing code execution or denial of service. However, exploitation is constrained by strict input size requirements and the need for specific API call parameters, which may limit practical exploitation mostly to denial-of-service attacks. No public exploits are known, and no patches are currently linked, indicating the need for vigilance and prompt patching once available.
Potential Impact
For European organizations, this vulnerability poses a significant risk especially to entities using Dell hardware with Broadcom BCM5820X components that rely on biometric authentication or secure storage features provided by ControlVault3 devices. Successful exploitation could lead to memory corruption resulting in denial of service, data leakage, or unauthorized code execution, undermining system security and operational continuity. Critical sectors such as finance, healthcare, government, and telecommunications that depend on secure authentication mechanisms are particularly vulnerable. The requirement for local privileges and user interaction reduces remote exploitation risk but insider threats or compromised endpoints could leverage this vulnerability. Disruption of biometric security modules could also impact compliance with EU data protection regulations (e.g., GDPR) due to potential exposure of sensitive biometric data.
Mitigation Recommendations
Organizations should prioritize applying vendor patches as soon as they become available for Dell ControlVault3 and ControlVault3 Plus devices. Until patches are released, restrict access to the WinBioControlUnit API to trusted users and processes only, employing application whitelisting and privilege restrictions. Monitor system logs and biometric authentication service calls for unusual or malformed WinBioControlUnit requests, especially those with ControlCode 4 and SendBufferSize values between 1 and 103. Implement endpoint detection and response (EDR) solutions to detect anomalous memory corruption behaviors. Conduct regular audits of devices using Broadcom BCM5820X components and consider isolating or limiting use of vulnerable hardware in sensitive environments. Educate users about the risks of executing untrusted code or scripts that might invoke vulnerable API calls. Finally, maintain up-to-date backups and incident response plans to mitigate potential denial-of-service impacts.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- talos
- Date Reserved
- 2025-04-15T21:17:08.089Z
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 691baab2bb922d22627c950e
Added to database: 11/17/2025, 11:07:30 PM
Last enriched: 11/17/2025, 11:15:55 PM
Last updated: 11/18/2025, 6:05:43 AM
Views: 7
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Related Threats
CVE-2025-48593: Remote code execution in Google Android
CriticalCVE-2025-64734: CWE-772 Missing Release of Resource after Effective Lifetime in Gallagher T21 Reader
LowCVE-2025-52578: CWE-335 Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG) in Gallagher High Sec End of Line Module
MediumCVE-2025-52457: CWE-208 Observable Timing Discrepancy in Gallagher HBUS Devices
MediumCVE-2025-8693: CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in Zyxel DX3300-T0 firmware
HighActions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.