DSA-2020-203: Dell Client Platform Security Update for UEFI BIOS Boot Services Overwrite Vulnerabilities

Résumé: Dell Client Consumer Platforms have been updated to address a pointer issue vulnerability.

Cet article concerne Cet article ne concerne pas Cet article n’est associé à aucun produit spécifique. Toutes les versions du produit ne sont pas identifiées dans cet article.
Consulter d’autres ressources

Impact

Medium

Détails

  • CVE-2020-5376

    Dell Inspiron 7347 BIOS versions prior to A13 contain a UEFI BIOS Boot Services overwrite vulnerability. A local attacker with access to system memory may exploit this vulnerability by overwriting the EFI_BOOT_SERVICES structure to execute arbitrary code in System Management Mode (SMM).

    CVSSV3 Base Score: 6.8 (AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

  • CVE-2020-5379

    Dell Inspiron 7352 BIOS versions prior to A12 contain a UEFI BIOS Boot Services overwrite vulnerability. A local attacker with access to system memory may exploit this vulnerability by overwriting the EFI_BOOT_SERVICES structure to execute arbitrary code in System Management Mode (SMM).

    CVSSV3 Base Score: 6.8 (AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

  • CVE-2020-5378

    Dell G7 17 7790 BIOS versions prior to 1.13.2 contain a UEFI BIOS Boot Services overwrite vulnerability. A local attacker with access to system memory may exploit this vulnerability by overwriting the EFI_BOOT_SERVICES structure to execute arbitrary code in System Management Mode (SMM).

    CVSSV3 Base Score: 6.8 (AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

  • CVE-2020-5376

    Dell Inspiron 7347 BIOS versions prior to A13 contain a UEFI BIOS Boot Services overwrite vulnerability. A local attacker with access to system memory may exploit this vulnerability by overwriting the EFI_BOOT_SERVICES structure to execute arbitrary code in System Management Mode (SMM).

    CVSSV3 Base Score: 6.8 (AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

  • CVE-2020-5379

    Dell Inspiron 7352 BIOS versions prior to A12 contain a UEFI BIOS Boot Services overwrite vulnerability. A local attacker with access to system memory may exploit this vulnerability by overwriting the EFI_BOOT_SERVICES structure to execute arbitrary code in System Management Mode (SMM).

    CVSSV3 Base Score: 6.8 (AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

  • CVE-2020-5378

    Dell G7 17 7790 BIOS versions prior to 1.13.2 contain a UEFI BIOS Boot Services overwrite vulnerability. A local attacker with access to system memory may exploit this vulnerability by overwriting the EFI_BOOT_SERVICES structure to execute arbitrary code in System Management Mode (SMM).

    CVSSV3 Base Score: 6.8 (AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

Dell Technologies recommande à tous les clients de prendre en compte à la fois le score de base CVSS et les scores temporels et environnementaux pertinents qui peuvent avoir un impact sur la gravité potentielle associée à une faille de sécurité donnée.

Produits concernés et mesure corrective

Affected products:

Dell Client Consumer Platforms (see Resolution section below for complete list of affected products)



Remediation:

Customers should use the latest releases available from Dell support when updating their systems.

Please visit the Drivers and Downloads site for updates on the applicable products. To learn more, visit the Dell Knowledge Base article Dell BIOS Updates, and download the update for your Dell computer.

SLN322616_en_US__1icon Notes:
  • Prior to installing the update, please ensure Windows Updates are up to date.
  • The dates listed are estimated availability dates and are subject to change without notice.
  • Update versions in the table below are the first releases with the updates to address the security vulnerabilities. Releases at and above these versions will include the security updates.
  • Release dates below are in US format of MM/DD/YYYY.
  • Expected release dates are in the Month YYYY format.


Dell Client Consumer Products Affected

The following is a list of impacted products and expected release dates:

Product

Update BIOS Version
(or greater)

Release Date (MM/DD/YYYY)
Expected Release ( Month /YYYY)

Dell G7 17 7790

1.3.2

6/10/2020

Inspiron 7347

A13

7/14/2020

Inspiron 7352

A14

7/14/2020

Affected products:

Dell Client Consumer Platforms (see Resolution section below for complete list of affected products)



Remediation:

Customers should use the latest releases available from Dell support when updating their systems.

Please visit the Drivers and Downloads site for updates on the applicable products. To learn more, visit the Dell Knowledge Base article Dell BIOS Updates, and download the update for your Dell computer.

SLN322616_en_US__1icon Notes:
  • Prior to installing the update, please ensure Windows Updates are up to date.
  • The dates listed are estimated availability dates and are subject to change without notice.
  • Update versions in the table below are the first releases with the updates to address the security vulnerabilities. Releases at and above these versions will include the security updates.
  • Release dates below are in US format of MM/DD/YYYY.
  • Expected release dates are in the Month YYYY format.


Dell Client Consumer Products Affected

The following is a list of impacted products and expected release dates:

Product

Update BIOS Version
(or greater)

Release Date (MM/DD/YYYY)
Expected Release ( Month /YYYY)

Dell G7 17 7790

1.3.2

6/10/2020

Inspiron 7347

A13

7/14/2020

Inspiron 7352

A14

7/14/2020

Remerciements

Dell would like to thank yngweijw of IIE Varas, f1sh and Menghao Li of IIE Varas for reporting these vulnerabilities.

Informations connexes

Dell Security Advisories and Notices
Dell Vulnerability Response Policy
CVSS Scoring Guide

Mention légale

Produits concernés

Desktops & All-in-Ones, Inspiron, G Series, G Series, Inspiron, Tablets
Propriétés de l’article
Numéro d’article: 000125430
Type d’article: Dell Security Advisory
Dernière modification: 18 août 2025
Trouvez des réponses à vos questions auprès d’autres utilisateurs Dell
Services de support
Vérifiez si votre appareil est couvert par les services de support.