Skip to main content
Sign Out

Welcome to Dell

My Account
  • Place orders quickly and easily
  • View orders and track your shipping status
  • Enjoy members-only rewards and discounts
  • Create and access a list of your products
  • Manage your Dell EMC sites, products, and product-level contacts using Company Administration.
Sign In Create an Account Dell Financial Services Premier Sign In Partner Program Sign In
Contact Us

Your Dell.com Carts

Some article numbers may have changed. If this isn't what you're looking for, try searching all articles. Search articles

Article Number: 000128252

DSA-2020-073: Dell Latitude 7202 Rugged Tablet Use After Free Vulnerability

Summary: Dell Latitude 7202 Rugged Tablet BIOS versions prior to A28 contain a UAF vulnerability in EFI_BOOT_SERVICES in system management mode. A local unauthenticated attacker may exploit this vulnerability by overwriting the EFI_BOOT_SERVICES structure to execute arbitrary code in system management mode. ...

Article Content

Impact

Medium

Details

Dell Latitude 7202 Rugged Tablet BIOS versions prior to A28 contain a UAF vulnerability in EFI_BOOT_SERVICES in system management mode. A local unauthenticated attacker may exploit this vulnerability by overwriting the EFI_BOOT_SERVICES structure to execute arbitrary code in system management mode.
CVSS Base Score: 6.8 (AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
Dell Latitude 7202 Rugged Tablet BIOS versions prior to A28 contain a UAF vulnerability in EFI_BOOT_SERVICES in system management mode. A local unauthenticated attacker may exploit this vulnerability by overwriting the EFI_BOOT_SERVICES structure to execute arbitrary code in system management mode.
CVSS Base Score: 6.8 (AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
Dell Technologies recommends all customers consider both the CVSS base score and any relevant temporal and environmental scores that may impact the potential severity associated with a particular security vulnerability.

Affected Products and Remediation

Affected products:

Dell Latitude 7202 Rugged Tablet BIOS versions prior to A28

Refer to the table below for the Dell Client BIOS release containing a resolution to this vulnerability.

Remediation:

Please visit Dell’s Drivers and Downloads site for updates on the applicable products. To learn more, visit the Dell Knowledge Base article Dell BIOS Updates and download the update for your Dell computer.

Customers may use one of the Dell notification solutions to be notified of and automatically download driver, BIOS and firmware updates once available.

 

Product

Update BIOS Version
(or greater)

Release Date (MM/DD/YYYY)
Expected Release ( Month /YYYY)

Dell Latitude 7202 Rugged Tablet

A28

March 2020

Affected products:

Dell Latitude 7202 Rugged Tablet BIOS versions prior to A28

Refer to the table below for the Dell Client BIOS release containing a resolution to this vulnerability.

Remediation:

Please visit Dell’s Drivers and Downloads site for updates on the applicable products. To learn more, visit the Dell Knowledge Base article Dell BIOS Updates and download the update for your Dell computer.

Customers may use one of the Dell notification solutions to be notified of and automatically download driver, BIOS and firmware updates once available.

 

Product

Update BIOS Version
(or greater)

Release Date (MM/DD/YYYY)
Expected Release ( Month /YYYY)

Dell Latitude 7202 Rugged Tablet

A28

March 2020

Acknowledgements

Dell would like to thank yngweijw for reporting this vulnerability.

Related Information

Dell Security Advisories and Notices
Dell Vulnerability Response Policy
CVSS Scoring Guide

Legal Information

Article Properties

Affected Product

Latitude 7202 Rugged Tablet

Product

Tablets, Latitude Tablets

Last Published Date

09 Dec 2020

Version

4

Article Type

Dell Security Advisory

Back to Top