Dell Client: Additional Information Regarding the March 2021 (GRUB) Vulnerability Disclosure
Riepilogo: Vulnerabilities in GRUB (Grand Unified Bootloader) may allow Secure Boot bypass.
Questo articolo si applica a
Questo articolo non si applica a
Questo articolo non è legato a un prodotto specifico.
Non tutte le versioni del prodotto sono identificate in questo articolo.
Tipo di articolo sulla sicurezza
Security KB
ID CVE
CVE-2020-14372 CVE-2020-25632 CVE-2020-25647 CVE-2020-27749 CVE-2020-27779
CVE-2021-20225 CVE-2021-20233
Riepilogo del problema
Affected products:
Dell Client Consumer and Commercial platforms
Dettagli
Reference:
Operating System provider’s advisories can be found on the following Dell Security Notice. Refer to KB article 183699: DSN-2021-002 Dell Response to the March 2, 2021 Grub2 Vulnerability Disclosure
Raccomandazioni
Frequently Asked Questions:
Q: Which models are affected?
A: Dell Client and Commercial platforms that have UEFI Secure Boot enabled are impacted. Dell recommends that customers review their Operating System provider’s advisories for further information, including appropriate identification and additional mitigation measures.
Customer should follow security best practices and prevent unauthorized physical access to devices. Customer can also take the following measures to further protect themselves from physical attacks.
Q: I use a Windows Operating System. Am I impacted?
A: Yes. Windows Operating Systems are impacted. A malicious actor that has physical access to the platform, or OS administrator privileges, could load a vulnerable GRUB UEFI binary and boot time malware.
Q: What do I need to do to address this vulnerability?
A: GRUB Patch - As part of Linux Operating System vendors’ advisories, they are expected to roll out updated GRUB binaries.
Q: Which models are affected?
A: Dell Client and Commercial platforms that have UEFI Secure Boot enabled are impacted. Dell recommends that customers review their Operating System provider’s advisories for further information, including appropriate identification and additional mitigation measures.
Customer should follow security best practices and prevent unauthorized physical access to devices. Customer can also take the following measures to further protect themselves from physical attacks.
- Set BIOS Admin Password to prevent alteration of the BIOS Setup configuration, such as the boot device, and Secure Boot mode.
- Configure boot settings to only allow booting to the internal boot device.
Q: I use a Windows Operating System. Am I impacted?
A: Yes. Windows Operating Systems are impacted. A malicious actor that has physical access to the platform, or OS administrator privileges, could load a vulnerable GRUB UEFI binary and boot time malware.
Q: What do I need to do to address this vulnerability?
A: GRUB Patch - As part of Linux Operating System vendors’ advisories, they are expected to roll out updated GRUB binaries.
Dichiarazione di non responsabilità
Prodotti interessati
Product Security InformationProprietà dell'articolo
Numero articolo: 000183697
Tipo di articolo: Security KB
Ultima modifica: 18 set 2025
Versione: 4
Trova risposta alle tue domande dagli altri utenti Dell
Support Services
Verifica che il dispositivo sia coperto dai Servizi di supporto.