Dell BIOS in some older Latitude laptops and Precision Mobile Workstations are vulnerable to buffer overflows (CWE-119), which can bypass the signed BIOS enforcement standard.
CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
Dell BIOS in some older Latitude laptops and Precision Mobile Workstations is vulnerable to buffer overflows in the rbu_packet.pktNum and rbu_packet.pktSize values. These values can be set by an attacker while performing an illegitimate BIOS update. The BIOS reads these values when reconstructing the BIOS image, before any signature check occurs.
By convincing a user with root or administrative privileges to execute a malicious BIOS update, an attacker can bypass the signed BIOS enforcement to install an arbitrary BIOS image that could contain a rootkit or malicious code that persists across operating system re-installations and official BIOS updates.
Apply an Update
Thanks to Corey Kallenberg, John Butterworth, and Xeno Kovah of the MITRE Corporation for reporting this vulnerability. Thanks also to Rick Martinez from Dell.
This document was written by Adam Rauf.
|Date First Published:||2013-08-15|
|Date Last Updated:||2013-08-22 18:39 UTC|