DSA-2020-247: Dell Client Platform Security Update for UEFI BIOS RuntimeServices Overwrite Vulnerability

摘要: Dell Inspiron 5675 contains remediation for a UEFI BIOS RuntimeServices Overwrite vulnerability that could be exploited by malicious users to compromise the affected system.

本文适用于 本文不适用于 本文并非针对某种特定的产品。 本文并非包含所有产品版本。
查看其他资源

影响

Medium

详情

Proprietary Code CVE(s) Description CVSS Base Score CVSS Vector String
CVE-2020-26186 Dell Inspiron 5675 BIOS versions prior to 1.4.1 contain a UEFI BIOS RuntimeServices overwrite vulnerability. A local attacker with access to system memory may exploit this vulnerability by overwriting the RuntimeServices structure to execute arbitrary code in System Management Mode (SMM).
 		 6.8 CVSS:3.1:AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Proprietary Code CVE(s) Description CVSS Base Score CVSS Vector String
CVE-2020-26186 Dell Inspiron 5675 BIOS versions prior to 1.4.1 contain a UEFI BIOS RuntimeServices overwrite vulnerability. A local attacker with access to system memory may exploit this vulnerability by overwriting the RuntimeServices structure to execute arbitrary code in System Management Mode (SMM).
 		 6.8 CVSS:3.1:AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Dell Technologies 建议所有客户考虑 CVSS 基本分数以及任何相关的时间和环境分数,这可能会影响与特定安全漏洞相关的潜在严重程度。

受影响的产品和补救措施

Customers should use the latest releases available from Dell support when updating their systems.

Please visit the Drivers and Downloads site for updates on the applicable products. To learn more, visit the Dell Knowledge Base article Dell BIOS Updates, and download the update for your Dell computer.

Notes:
  • Prior to installing the update, please ensure Windows Updates are up to date.
  • The dates listed are estimated availability dates and are subject to change without notice.
  • Update versions in the table below are the first releases with the updates to address the security vulnerability. Releases at and above these versions will include the security updates.
  • Release dates below are in US format of MM/DD/YYYY.
  • Expected release dates are in the Month YYYY format.

Dell Client Consumer Products Affected

The following is a list of impacted products and expected release dates:
Product Update BIOS Version
(or greater)		 Release Date (MM/DD/YYYY)
Expected Release (Month/YYYY)
Dell Inspiron 5675 1.4.1 11/18/2020
Customers should use the latest releases available from Dell support when updating their systems.

Please visit the Drivers and Downloads site for updates on the applicable products. To learn more, visit the Dell Knowledge Base article Dell BIOS Updates, and download the update for your Dell computer.

Notes:
  • Prior to installing the update, please ensure Windows Updates are up to date.
  • The dates listed are estimated availability dates and are subject to change without notice.
  • Update versions in the table below are the first releases with the updates to address the security vulnerability. Releases at and above these versions will include the security updates.
  • Release dates below are in US format of MM/DD/YYYY.
  • Expected release dates are in the Month YYYY format.

Dell Client Consumer Products Affected

The following is a list of impacted products and expected release dates:
Product Update BIOS Version
(or greater)		 Release Date (MM/DD/YYYY)
Expected Release (Month/YYYY)
Dell Inspiron 5675 1.4.1 11/18/2020

解决方法和缓解措施

None

修订历史记录

RevisionDateDescription
1.012/15/2020Initial Release

确认

Dell would like to thank yngweijw for reporting this vulnerability.
 

相关信息

Dell Security Advisories and Notices
Dell Vulnerability Response Policy
CVSS Scoring Guide

法律免责声明

受影响的产品

Inspiron 5675, Product Security Information
文章属性
文章编号: 000180645
文章类型: Dell Security Advisory
上次修改时间: 16 3月 2023
从其他戴尔用户那里查找问题的答案
支持服务
检查您的设备是否在支持服务涵盖的范围内。