Dell Client: Additional Information Regarding the March 2021 (GRUB) Vulnerability Disclosure
Сводка: Vulnerabilities in GRUB (Grand Unified Bootloader) may allow Secure Boot bypass.
Данная статья применяется к
Данная статья не применяется к
Эта статья не привязана к какому-либо конкретному продукту.
В этой статье указаны не все версии продуктов.
Тип статьи по безопасности
Security KB
Идентификатор CVE
CVE-2020-14372 CVE-2020-25632 CVE-2020-25647 CVE-2020-27749 CVE-2020-27779
CVE-2021-20225 CVE-2021-20233
Сводка по проблеме
Affected products:
Dell Client Consumer and Commercial platforms
Подробные сведения
Reference:
Operating System provider’s advisories can be found on the following Dell Security Notice. Refer to KB article 183699: DSN-2021-002 Dell Response to the March 2, 2021 Grub2 Vulnerability Disclosure
Рекомендации
Frequently Asked Questions:
Q: Which models are affected?
A: Dell Client and Commercial platforms that have UEFI Secure Boot enabled are impacted. Dell recommends that customers review their Operating System provider’s advisories for further information, including appropriate identification and additional mitigation measures.
Customer should follow security best practices and prevent unauthorized physical access to devices. Customer can also take the following measures to further protect themselves from physical attacks.
Q: I use a Windows Operating System. Am I impacted?
A: Yes. Windows Operating Systems are impacted. A malicious actor that has physical access to the platform, or OS administrator privileges, could load a vulnerable GRUB UEFI binary and boot time malware.
Q: What do I need to do to address this vulnerability?
A: GRUB Patch - As part of Linux Operating System vendors’ advisories, they are expected to roll out updated GRUB binaries.
Q: Which models are affected?
A: Dell Client and Commercial platforms that have UEFI Secure Boot enabled are impacted. Dell recommends that customers review their Operating System provider’s advisories for further information, including appropriate identification and additional mitigation measures.
Customer should follow security best practices and prevent unauthorized physical access to devices. Customer can also take the following measures to further protect themselves from physical attacks.
- Set BIOS Admin Password to prevent alteration of the BIOS Setup configuration, such as the boot device, and Secure Boot mode.
- Configure boot settings to only allow booting to the internal boot device.
Q: I use a Windows Operating System. Am I impacted?
A: Yes. Windows Operating Systems are impacted. A malicious actor that has physical access to the platform, or OS administrator privileges, could load a vulnerable GRUB UEFI binary and boot time malware.
Q: What do I need to do to address this vulnerability?
A: GRUB Patch - As part of Linux Operating System vendors’ advisories, they are expected to roll out updated GRUB binaries.
Правовая оговорка
Затронутые продукты
Product Security InformationСвойства статьи
Номер статьи: 000183697
Тип статьи: Security KB
Последнее изменение: 18 Sep 2025
Версия: 4
Получите ответы на свои вопросы от других пользователей Dell
Услуги технической поддержки
Проверьте, распространяются ли на ваше устройство услуги технической поддержки.