Out-of-Bounds Read in Dell ControlVault3 and ControlVault3 Plus
CVE-2025-24311
What is CVE-2025-24311?
CVE-2025-24311 is a vulnerability identified in Dell's ControlVault3 and ControlVault3 Plus security technologies developed by Broadcom. These products are designed to enhance the security of systems by providing secure storage and processing of sensitive cryptographic functions, thereby protecting critical data in devices such as laptops and workstations. The vulnerability pertains to an out-of-bounds read in the cv_send_blockdata function, which could allow attackers to exploit a specially crafted API call, resulting in the unintended exposure of sensitive information. If successfully exploited, this flaw could enable unauthorized individuals to access critical data that could compromise the confidentiality and integrity of system operations.
Potential impact of CVE-2025-24311
-
Information Disclosure: The primary risk associated with this vulnerability is the potential for sensitive data leakage. An attacker can exploit the out-of-bounds read to obtain confidential information stored within the ControlVault, undermining the intended security measures and potentially leading to broader data breaches.
-
Compromise of Security Features: Since ControlVault is designed to enhance system security, exploitation of this vulnerability could weaken the overall security posture of affected devices, making them more susceptible to further attacks or breaches.
-
Operational Disruption: If attackers leverage this vulnerability for malicious purposes, organizations may face operational disruptions. This could arise from the need to investigate and remediate the breach, leading to downtime or impaired functionality of critical systems that rely on the security solutions provided by ControlVault.
Affected Version(s)
BCM5820X NA
ControlVault3 0 < 5.15.10.14
ControlVault3 Plus 0 < 6.2.26.36