Dell Client: Additional Information Regarding the March 2021 (GRUB) Vulnerability Disclosure
摘要: Vulnerabilities in GRUB (Grand Unified Bootloader) may allow Secure Boot bypass.
本文章適用於
本文章不適用於
本文無關於任何特定產品。
本文未識別所有產品版本。
安全性文章類型
Security KB
CVE 識別碼
CVE-2020-14372 CVE-2020-25632 CVE-2020-25647 CVE-2020-27749 CVE-2020-27779
CVE-2021-20225 CVE-2021-20233
問題摘要
Affected products:
Dell Client Consumer and Commercial platforms
詳細資料
Reference:
Operating System provider’s advisories can be found on the following Dell Security Notice. Refer to KB article 183699: DSN-2021-002 Dell Response to the March 2, 2021 Grub2 Vulnerability Disclosure
建議
Frequently Asked Questions:
Q: Which models are affected?
A: Dell Client and Commercial platforms that have UEFI Secure Boot enabled are impacted. Dell recommends that customers review their Operating System provider’s advisories for further information, including appropriate identification and additional mitigation measures.
Customer should follow security best practices and prevent unauthorized physical access to devices. Customer can also take the following measures to further protect themselves from physical attacks.
Q: I use a Windows Operating System. Am I impacted?
A: Yes. Windows Operating Systems are impacted. A malicious actor that has physical access to the platform, or OS administrator privileges, could load a vulnerable GRUB UEFI binary and boot time malware.
Q: What do I need to do to address this vulnerability?
A: GRUB Patch - As part of Linux Operating System vendors’ advisories, they are expected to roll out updated GRUB binaries.
Q: Which models are affected?
A: Dell Client and Commercial platforms that have UEFI Secure Boot enabled are impacted. Dell recommends that customers review their Operating System provider’s advisories for further information, including appropriate identification and additional mitigation measures.
Customer should follow security best practices and prevent unauthorized physical access to devices. Customer can also take the following measures to further protect themselves from physical attacks.
- Set BIOS Admin Password to prevent alteration of the BIOS Setup configuration, such as the boot device, and Secure Boot mode.
- Configure boot settings to only allow booting to the internal boot device.
Q: I use a Windows Operating System. Am I impacted?
A: Yes. Windows Operating Systems are impacted. A malicious actor that has physical access to the platform, or OS administrator privileges, could load a vulnerable GRUB UEFI binary and boot time malware.
Q: What do I need to do to address this vulnerability?
A: GRUB Patch - As part of Linux Operating System vendors’ advisories, they are expected to roll out updated GRUB binaries.
法律免責聲明
受影響的產品
Product Security Information文章屬性
文章編號: 000183697
文章類型: Security KB
上次修改時間: 18 9月 2025
版本: 4
向其他 Dell 使用者尋求您問題的答案
支援服務
檢查您的裝置是否在支援服務的涵蓋範圍內。