文章編號: 000180645


DSA-2020-247: Dell Client Platform Security Update for UEFI BIOS RuntimeServices Overwrite Vulnerability

摘要: Dell Inspiron 5675 contains remediation for a UEFI BIOS RuntimeServices Overwrite vulnerability that could be exploited by malicious users to compromise the affected system.

文章內容


影響

Medium

詳細資料
Proprietary Code CVE(s) Description CVSS Base Score CVSS Vector String
CVE-2020-26186 Dell Inspiron 5675 BIOS versions prior to 1.4.1 contain a UEFI BIOS RuntimeServices overwrite vulnerability. A local attacker with access to system memory may exploit this vulnerability by overwriting the RuntimeServices structure to execute arbitrary code in System Management Mode (SMM).
 
6.8 CVSS:3.1:AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Proprietary Code CVE(s) Description CVSS Base Score CVSS Vector String
CVE-2020-26186 Dell Inspiron 5675 BIOS versions prior to 1.4.1 contain a UEFI BIOS RuntimeServices overwrite vulnerability. A local attacker with access to system memory may exploit this vulnerability by overwriting the RuntimeServices structure to execute arbitrary code in System Management Mode (SMM).
 
6.8 CVSS:3.1:AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Dell Technologies 建議所有客戶不僅要參考 CVSS 基本分數,也要將可能會影響與特定安全漏洞相關之潛在嚴重性的所有相關暫時和環境分數納入考量。

受影響的產品與補救措施
Customers should use the latest releases available from Dell support when updating their systems.

Please visit the Drivers and Downloads site for updates on the applicable products. To learn more, visit the Dell Knowledge Base article Dell BIOS Updates, and download the update for your Dell computer.

Notes:
  • Prior to installing the update, please ensure Windows Updates are up to date.
  • The dates listed are estimated availability dates and are subject to change without notice.
  • Update versions in the table below are the first releases with the updates to address the security vulnerability. Releases at and above these versions will include the security updates.
  • Release dates below are in US format of MM/DD/YYYY.
  • Expected release dates are in the Month YYYY format.

Dell Client Consumer Products Affected

The following is a list of impacted products and expected release dates:
Product Update BIOS Version
(or greater)
Release Date (MM/DD/YYYY)
Expected Release (Month/YYYY)
Dell Inspiron 5675 1.4.1 11/18/2020
Customers should use the latest releases available from Dell support when updating their systems.

Please visit the Drivers and Downloads site for updates on the applicable products. To learn more, visit the Dell Knowledge Base article Dell BIOS Updates, and download the update for your Dell computer.

Notes:
  • Prior to installing the update, please ensure Windows Updates are up to date.
  • The dates listed are estimated availability dates and are subject to change without notice.
  • Update versions in the table below are the first releases with the updates to address the security vulnerability. Releases at and above these versions will include the security updates.
  • Release dates below are in US format of MM/DD/YYYY.
  • Expected release dates are in the Month YYYY format.

Dell Client Consumer Products Affected

The following is a list of impacted products and expected release dates:
Product Update BIOS Version
(or greater)
Release Date (MM/DD/YYYY)
Expected Release (Month/YYYY)
Dell Inspiron 5675 1.4.1 11/18/2020
解決方式與緩解措施

None

感謝

Dell would like to thank yngweijw for reporting this vulnerability.
 

修訂歷史記錄

RevisionDateDescription
1.012/15/2020Initial Release

相關資訊

Dell Security Advisories and Notices
Dell Vulnerability Response Policy
CVSS Scoring Guide


請務必閱讀並使用此 Dell Technologies 安全性公告中的資訊,以協助避免此處所述問題可能造成的情況。Dell Technologies 會發佈安全性公告,讓受影響產品的使用者留意重要的安全性資訊。Dell Technologies 是依據各種已安裝系統的平均風險來評估風險,不一定能代表本機安裝和個別環境的實際風險。建議所有使用者確定此資訊對其個別環境的適用性,並採取適當行動。此處列出的資訊「依現況」提供,不含任何形式的保固。Dell Technologies 明確表示不提供任何明示或暗示的擔保,包括適銷性、特定用途的適用性、所有權及非侵權的擔保。在任何情況下,對於因本文所含資訊或您決定據此採取行動所造成或與之相關的任何損害,Dell Technologies、其關係企業或供應商概不負責,包括直接、間接、附帶、衍生性、業務利潤損失或特殊損害,即使 Dell Technologies、其關係企業或供應商對上述損害的可能性已經知情亦然。部分州別不允許排除或限制衍生性或附帶損害的責任,因此上述限制應在法律允許的範圍內適用。

文章屬性


受影響的產品

Inspiron 5675

上次發佈日期

15 12月 2020

版本

1

文章類型

Dell Security Advisory

為本文評分


準確
實用
簡單易懂
這篇文章對您有用嗎?

0/3000 個字元