DSA-2020-073: Dell Latitude 7202 Rugged Tablet Use After Free Vulnerability
Сводка: Dell Latitude 7202 Rugged Tablet BIOS versions prior to A28 contain a UAF vulnerability in EFI_BOOT_SERVICES in system management mode. A local unauthenticated attacker may exploit this vulnerability by overwriting the EFI_BOOT_SERVICES structure to execute arbitrary code in system management mode. ...
Влияние
Medium
Подробные сведения
CVSS Base Score: 6.8 (AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVSS Base Score: 6.8 (AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
Затронутые продукты и исправление
Affected products:
Dell Latitude 7202 Rugged Tablet BIOS versions prior to A28
Refer to the table below for the Dell Client BIOS release containing a resolution to this vulnerability.
Remediation:
Please visit Dell’s Drivers and Downloads site for updates on the applicable products. To learn more, visit the Dell Knowledge Base article Dell BIOS Updates and download the update for your Dell computer.
Customers may use one of the Dell notification solutions to be notified of and automatically download driver, BIOS and firmware updates once available.
| Product |
Update BIOS Version |
Release Date (MM/DD/YYYY) |
|---|---|---|
| Dell Latitude 7202 Rugged Tablet |
A28 |
March 2020 |
Affected products:
Dell Latitude 7202 Rugged Tablet BIOS versions prior to A28
Refer to the table below for the Dell Client BIOS release containing a resolution to this vulnerability.
Remediation:
Please visit Dell’s Drivers and Downloads site for updates on the applicable products. To learn more, visit the Dell Knowledge Base article Dell BIOS Updates and download the update for your Dell computer.
Customers may use one of the Dell notification solutions to be notified of and automatically download driver, BIOS and firmware updates once available.
| Product |
Update BIOS Version |
Release Date (MM/DD/YYYY) |
|---|---|---|
| Dell Latitude 7202 Rugged Tablet |
A28 |
March 2020 |
Сведения об авторе и авторских правах
Dell would like to thank yngweijw for reporting this vulnerability.