Dell Computer Corporation, Inc. Information for VU#976132

UEFI implementations do not properly secure the EFI S3 Resume Boot Path boot script

Status

Affected

Vendor Statement

Some client systems are affected. Server systems are not affected. Patches for affected client systems tentatively planned for release on support.dell.com by March 2015. List of affected systems forthcoming

Vendor Information

Some Client Solutions (CS) commercial platforms are affected by the vulnerability described in VU#976132. Updated BIOS code has been developed to mitigate the vulnerability by locking down the resume path boot script. A list of BIOS update patches is included below for planning purposes and BIOS revisions are included (subject to change):

Dell SystemBIOS UpdateRelease Planned
Latitude 13 (3340)A06Available
Latitude 6430UA10August 2015
Latitude E5440/E5540A11Available
Latitude E5530/E5430A16August 2015
Latitude E6230/E6330/E6430SA15August 2015
Latitude E6530A17August 2015
Latitude E6430A17August 2015
Latitude E6440A10Available
Latitude E6540A13Available
Latitude E7240/E7440A14Available
OptiPlex 3010A14August 2015
OptiPlex 3011 AIOA07Available
OptiPlex 3020A06Available
OptiPlex 7010/9010A20Available
OptiPlex 7020A03Available
OptiPlex 9020A10Available
OptiPlex 9010 AIOA17Available
OptiPlex 9020 AIOA10Available
Precision Mobile Workstation M4700A14August 2015
Precision Mobile Workstation M6700A15August 2015
Precision Workstation R7610A09Available
Precision Workstation T1650A19Available
Precision Workstation T1700A15Available
Precision Workstation T3610/T5610/T7610A10Available
Precision Workstation M6800/M4800A13Available
PowerEdge Server T20A06Available
Venue 11 Pro (5130-32Bit)A10Available
Venue 11 Pro (5130-64Bit)A03Available
Venue 11 Pro (7130/7139)A14Available

Dell recommends customers update to the latest BIOS by downloading the patched releases from http://support.dell.com.

Vendor References

http://support.dell.com

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.