Dell Computer Corporation, Inc. Information for VU#577140

BIOS implementations fail to properly set UEFI write protections after waking from sleep mode

Status

Affected

Vendor Statement

Some older Client Solutions (CS) commercial platforms are affected by the vulnerability described in VU#577140. Updated BIOS code has been developed to mitigate the vulnerability by addressing the configuration error during resume. Applicable BIOS update patches and revisions to address this vulnerability are listed below:

Dell SystemBIOS UpdateAvailability
Latitude E5420A14Available
Latitude E5520A14Available
Latitude E6220A13Available
Latitude E6320A19Available
Latitude E6420 / ATGA21Available
Latitude E6420 XFRA21Available
Latitude E6520A19Available
Latitude XT3A13Available
OptiPlex 390A11Available
OptiPlex 790A18Available
OptiPlex 990A18Available
Precision Mobile Workstation M4600A16Available
Precision Mobile Workstation M6600A15Available
Precision Workstation T1600A16Available
Precision Workstation T7600A10Available
Precision Workstation T5600A12Available
Precision Workstation T5600 XLA12Available
Precision Workstation T3600A12Available
Latitude E4310A14Available
Latitude E5410A16Available
Latitude E5510A16Available
Latitude E6410 / ATGA16Available
Latitude E6510A16Available
Precision Mobile Workstation M4500A15Available

Dell recommends customers update to the latest BIOS by downloading the patched releases from http://support.dell.com.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Vendor References

http://support.dell.com

Addendum

CVE-2015-2890. Note that the researchers first notified Dell of this vulnerability on 8/15/2013.

If you have feedback, comments, or additional information about this vulnerability, please send us email.