Dell Client: Additional Information Regarding the March 2021 (GRUB) Vulnerability Disclosure
Zusammenfassung: Vulnerabilities in GRUB (Grand Unified Bootloader) may allow Secure Boot bypass.
Dieser Artikel gilt für
Dieser Artikel gilt nicht für
Dieser Artikel ist nicht an ein bestimmtes Produkt gebunden.
In diesem Artikel werden nicht alle Produktversionen aufgeführt.
Sicherheitsartikeltyp
Security KB
CVE-Kennung
CVE-2020-14372 CVE-2020-25632 CVE-2020-25647 CVE-2020-27749 CVE-2020-27779
CVE-2021-20225 CVE-2021-20233
Problemzusammenfassung
Affected products:
Dell Client Consumer and Commercial platforms
Details
Reference:
Operating System provider’s advisories can be found on the following Dell Security Notice. Refer to KB article 183699: DSN-2021-002 Dell Response to the March 2, 2021 Grub2 Vulnerability Disclosure
Empfehlungen
Frequently Asked Questions:
Q: Which models are affected?
A: Dell Client and Commercial platforms that have UEFI Secure Boot enabled are impacted. Dell recommends that customers review their Operating System provider’s advisories for further information, including appropriate identification and additional mitigation measures.
Customer should follow security best practices and prevent unauthorized physical access to devices. Customer can also take the following measures to further protect themselves from physical attacks.
Q: I use a Windows Operating System. Am I impacted?
A: Yes. Windows Operating Systems are impacted. A malicious actor that has physical access to the platform, or OS administrator privileges, could load a vulnerable GRUB UEFI binary and boot time malware.
Q: What do I need to do to address this vulnerability?
A: GRUB Patch - As part of Linux Operating System vendors’ advisories, they are expected to roll out updated GRUB binaries.
Q: Which models are affected?
A: Dell Client and Commercial platforms that have UEFI Secure Boot enabled are impacted. Dell recommends that customers review their Operating System provider’s advisories for further information, including appropriate identification and additional mitigation measures.
Customer should follow security best practices and prevent unauthorized physical access to devices. Customer can also take the following measures to further protect themselves from physical attacks.
- Set BIOS Admin Password to prevent alteration of the BIOS Setup configuration, such as the boot device, and Secure Boot mode.
- Configure boot settings to only allow booting to the internal boot device.
Q: I use a Windows Operating System. Am I impacted?
A: Yes. Windows Operating Systems are impacted. A malicious actor that has physical access to the platform, or OS administrator privileges, could load a vulnerable GRUB UEFI binary and boot time malware.
Q: What do I need to do to address this vulnerability?
A: GRUB Patch - As part of Linux Operating System vendors’ advisories, they are expected to roll out updated GRUB binaries.
Rechtlicher Hinweis
Betroffene Produkte
Product Security InformationArtikeleigenschaften
Artikelnummer: 000183697
Artikeltyp: Security KB
Zuletzt geändert: 18 Sep. 2025
Version: 4
Antworten auf Ihre Fragen erhalten Sie von anderen Dell NutzerInnen
Support Services
Prüfen Sie, ob Ihr Gerät durch Support Services abgedeckt ist.