Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2021-36325: DSA-2021-216: Dell Client Security Update for Multiple Vulnerabilities

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM.

CVE
Open in Source
#vulnerability#ios

Vaikutus

High

Tiedot

Proprietary Code CVEs

Description

CVSS Base Score

CVSS Vector String

CVE-2021-36323
CVE-2021-36234
CVE-2021-36325

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM.

7.5

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

Proprietary Code CVEs

Description

CVSS Base Score

CVSS Vector String

CVE-2021-36323
CVE-2021-36234
CVE-2021-36325

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM.

7.5

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

Dell Technologies suosittelee, että kaikki asiakkaat ottavat huomioon sekä CVSS-peruspistemäärän että kaikki asiaankuuluvat väliaikaiset ja ympäristöön liittyvät pisteet, jotka voivat vaikuttaa tietyn tietoturvahaavoittuvuuden mahdolliseen vakavuuteen.

Tuotteet, joihin asia vaikuttaa ja tilanteen korjaaminen

See the table below for Dell Client BIOS releases containing a resolution to this vulnerability. Dell recommends all customers update at the earliest opportunity.

Go to the Drivers and Downloads site for updates on the applicable products. To learn more, see Dell KB article Dell BIOS Updates, and download the update for your Dell computer.

Customers may use one of the Dell notification solutions to be notified and download driver, BIOS, and firmware updates automatically once available.

See the table below for Dell Client BIOS releases containing a resolution to this vulnerability. Dell recommends all customers update at the earliest opportunity.

Go to the Drivers and Downloads site for updates on the applicable products. To learn more, see Dell KB article Dell BIOS Updates, and download the update for your Dell computer.

Customers may use one of the Dell notification solutions to be notified and download driver, BIOS, and firmware updates automatically once available.

Kiitokset

Dell Technologies would like to thank JiaWei Yin (yngweijw) for reporting these issues.

Versiohistoria

Revision

Date

Description

1.0

11/1/21

Initial Release

Asiaan liittyvät tiedot

Dell Security Advisories and Notices
Dell Vulnerability Response Policy
CVSS Scoring Guide

Lisätietoja

See the table below for Dell Client BIOS releases containing a resolution to this vulnerability. Dell recommends all customers update at the earliest opportunity. Dell Client Consumer and Commercial Platforms Affected.

The following is a list of impacted products and release dates:

Product

BIOS Update Version

BIOS Release Date
(MM/DD/YYYY)
Expected Release Date
(Month YYYY)

Alienware 13 R3

1.13.0

10/05/2021

Alienware 15 R3

1.13.0

10/05/2021

Alienware 15 R4

1.14.0

10/05/2021

Alienware 17 R4

1.13.0

10/05/2021

Alienware 17 R5

1.14.0

10/05/2021

Alienware Area 51m R1

1.15.1

10/05/2021

Alienware Area 51m R2

1.10.0

10/05/2021

Alienware Aurora R11

1.0.9

10/07/2021

Alienware Aurora R12

1.1.7

10/12/2021

Alienware Aurora R7

1.0.25

10/07/2021

Alienware Aurora R8

1.0.17

10/07/2021

Alienware Aurora R9

1.0.14

10/07/2021

Alienware Aurora Ryzen Edition

2.2.4

December 2021

Alienware m15 R1

2.9.0

10/05/2021

Alienware m15 R2

1.9.0

10/05/2021

Alienware m15 R3

1.11.0

10/05/2021

Alienware m17 R1

2.9.0

10/05/2021

Alienware m17 R2

1.9.0

10/05/2021

Alienware m17 R3

1.11.0

10/05/2021

Alienware x15 R1

1.4.0

10/04/2021

Alienware x17 R1

1.4.0

10/04/2021

ChengMing 3977

1.13.0

08/26/2021

ChengMing 3980

2.19.0

08/30/2021

ChengMing 3988

1.7.0

08/27/2021

ChengMing 3990

1.5.1

08/27/2021

ChengMing 3991

1.5.1

08/27/2021

Dell G3 3579

1.17.0

10/05/2021

Dell G3 3590

1.14.0

08/30/2021

Dell G3 3779

1.17.0

10/05/2021

Dell G5 5000

1.3.0

08/27/2021

Dell G5 5090

1.9.0

08/24/2021

Dell G5 5587

1.17.0

10/01/2021

Dell G5 5590

1.16.0

08/30/2021

Dell G7 7587

1.17.0

10/01/2021

Dell G7 7588

1.17.0

10/01/2021

Dell G7 7590

1.16.0

08/30/2021

Dell G7 7790

1.16.0

08/30/2021

Embedded Box PC 5000

1.11.0

09/17/2021

Inspiron 13 5378 2-in-1

1.34.0

09/24/2021

Inspiron 13 5379 2-in-1

1.17.0

09/22/2021

Inspiron 14 3467

2.16.0

09/22/2021

Inspiron 14 5468

1.15.0

10/04/2021

Inspiron 15 3567

2.16.0

09/22/2021

Inspiron 15 5566

1.15.0

10/04/2021

Inspiron 15 5578 2-in-1

1.34.0

09/24/2021

Inspiron 15 5579 2-in-1

1.17.0

09/22/2021

Inspiron 15 5582 2-in-1

2.11.0

08/30/2021

Inspiron 15 7570

1.20.0

09/22/2021

Inspiron 15 7572

1.8.0

10/02/2021

Inspiron 15 7573 2-in-1

1.20.0

09/22/2021

Inspiron 15 Gaming 7577

1.14.0

10/01/2021

Inspiron 17 7773 2-in-1

1.17.0

09/22/2021

Inspiron 3268

1.17.1

08/30/2021

Inspiron 3277 AIO

1.16.0

09/29/2021

Inspiron 3280

1.12.0

09/29/2021

Inspiron 3470

2.19.0

08/29/2021

Inspiron 3471

1.7.0

08/27/2021

Inspiron 3476

1.14.0

09/22/2021

Inspiron 3477 AIO

1.16.0

09/29/2021

Inspiron 3480

1.15.0

10/04/2021

Inspiron 3480 AIO

1.12.0

09/29/2021

Inspiron 3481

1.14.0

10/04/2021

Inspiron 3576

1.14.0

09/22/2021

Inspiron 3580

1.15.0

10/04/2021

Inspiron 3580

1.15.0

10/04/2021

Inspiron 3581

1.14.0

10/04/2021

Inspiron 3581

1.14.0

10/04/2021

Inspiron 3668

1.17.1

08/30/2021

Inspiron 3670

2.19.0

08/30/2021

Inspiron 3671

1.7.0

08/27/2021

Inspiron 3780

1.15.0

10/04/2021

Inspiron 3781

1.14.0

10/04/2021

Inspiron 3880

1.5.1

08/27/2021

Inspiron 3881

1.5.1

08/27/2021

Inspiron 5370

1.19.0

08/25/2021

Inspiron 5400 AIO

1.5.2

08/17/2021

Inspiron 5401 AIO

1.5.2

08/17/2021

Inspiron 5477 AIO

1.2.15

10/04/2021

Inspiron 5480

2.11.0

08/30/2021

Inspiron 5481 2-in-1

2.11.0

08/30/2021

Inspiron 5482

2.11.0

08/30/2021

Inspiron 5490 AIO

1.10.0

08/12/2021

Inspiron 5570

1.6.0

10/04/2021

Inspiron 5580

2.11.0

08/30/2021

Inspiron 5680

2.7.0

08/30/2021

Inspiron 5770

1.6.0

10/04/2021

Inspiron 7370

1.20.0

09/22/2021

Inspiron 7373 2-in-1

1.20.0

09/22/2021

Inspiron 7380

1.14.0

09/22/2021

Inspiron 7386

1.11.0

09/24/2021

Inspiron 7467

1.15.0

10/01/2021

Inspiron 7472

1.8.0

10/02/2021

Inspiron 7567

1.15.0

10/01/2021

Inspiron 7580

1.14.0

09/22/2021

Inspiron 7586

1.11.0

09/24/2021

Inspiron 7590

1.11.0

08/26/2021

Inspiron 7591

1.11.0

08/26/2021

Inspiron 7700 AIO

1.5.2

08/17/2021

Inspiron 7700 AIO

1.5.2

08/17/2021

Inspiron 7777 AIO

1.2.15

10/04/2021

Inspiron 7786

1.11.0

09/24/2021

Inspiron 7790

1.10.0

08/12/2021

Inspiron 5491 AIO

1.10.0

08/12/2021

Latitude 3180

1.15.0

10/05/2021

Latitude 3189

1.15.0

10/05/2021

Latitude 3190

1.16.0

09/28/2021

Latitude 3190 2-In-1

1.16.0

09/28/2021

Latitude 3300

1.12.0

09/23/2021

Latitude 3310

1.11.1

09/01/2021

Latitude 3379

1.0.31

09/23/2021

Latitude 3380

1.15.0

09/23/2021

Latitude 3390

1.16.0

09/24/2021

Latitude 3470

1.21.0

09/23/2021

Latitude 3480

1.17.0

09/22/2021

Latitude 3490

1.16.0

10/04/2021

Latitude 3551

1.7.1

09/01/2021

Latitude 3570

1.21.0

09/23/2021

Latitude 3580

1.17.0

09/22/2021

Latitude 3590

1.16.0

10/04/2021

Latitude 5175

1.11.0

10/04/2021

Latitude 5179

1.11.0

10/04/2021

Latitude 5280

1.21.0

10/05/2021

Latitude 5285 2-in-1

1.14.0

09/27/2021

Latitude 5288

1.21.0

10/05/2021

Latitude 5289 2-in-1

1.24.0

10/04/2021

Latitude 5290

1.18.0

10/04/2021

Latitude 5290 2-in-1

1.17.0

10/05/2021

Latitude 5300

1.17.1

09/01/2021

Latitude 5300 2-in-1

1.17.1

09/01/2021

Latitude 5310

1.8.0

09/29/2021

Latitude 5310 2 in 1

1.8.0

09/29/2021

Latitude 5400

1.12.0

09/13/2021

Latitude 5401

1.14.0

09/01/2021

Latitude 5410

1.7.0

09/02/2021

Latitude 5411

1.7.1

09/01/2021

Latitude 5411

1.7.1

09/01/2021

Latitude 5480

1.21.0

10/05/2021

Latitude 5488

1.21.0

10/05/2021

Latitude 5490

1.18.0

10/04/2021

Latitude 5491

1.16.0

10/04/2021

Latitude 5500

1.12.0

09/13/2021

Latitude 5501

1.14.0

09/01/2021

Latitude 5510

1.7.0

09/02/2021

Latitude 5511

1.7.1

09/01/2021

Latitude 5511

1.7.1

09/01/2021

Latitude 5580

1.21.0

10/05/2021

Latitude 5590

1.18.0

10/04/2021

Latitude 5591

1.16.0

10/04/2021

Latitude 7200 2-In-1

1.14.0

09/06/2021

Latitude 7210 2-in-1

1.8.1

09/01/2021

Latitude 7275 2-in-1

1.11.0

10/04/2021

Latitude 7280

1.22.0

10/04/2021

Latitude 7285

1.12.0

09/27/2021

Latitude 7290

1.21.0

09/17/2021

Latitude 7300

1.14.0

09/02/2021

Latitude 7310

1.8.0

09/06/2021

Latitude 7370

1.25.4

09/29/2021

Latitude 7380

1.22.0

10/04/2021

Latitude 7389 2-in-1

1.24.0

10/04/2021

Latitude 7390

1.21.0

09/17/2021

Latitude 7390 2-in-1

1.20.0

09/24/2021

Latitude 7400

1.14.0

09/02/2021

Latitude 7400 2-In-1

1.13.2

09/06/2021

Latitude 7410

1.8.0

09/06/2021

Latitude 7480

1.22.0

10/04/2021

Latitude 7490

1.21.0

09/17/2021

Latitude 9410

1.8.0

09/02/2021

Latitude 9510

1.7.1

08/29/2021

Latitude E5270

1.27.3

10/14/2021

Latitude E5470

1.27.3

10/14/2021

Latitude E5570

1.27.3

10/14/2021

Latitude E7270

1.30.3

09/24/2021

Latitude E7470

1.30.3

09/24/2021

Latitude Rugged 5414

1.30.0

08/30/2021

Latitude Rugged 5420

1.14.1

08/31/2021

Latitude Rugged 5424

1.14.1

08/31/2021

Latitude Rugged 7220

1.14.0

08/31/2021

Latitude Rugged 7220EX

1.14.0

08/31/2021

Latitude Rugged 7424

1.14.1

08/31/2021

Latitude Rugged Extreme 7214

1.30.0

08/30/2021

Latitude Rugged Extreme 7414

1.30.0

08/30/2021

Latitude Rugged Tablet 7212

1.34.0

08/31/2021

OptiPlex 3040

1.16.1

08/27/2021

OptiPlex 3046

1.13.0

08/27/2021

OptiPlex 3050

1.17.0

08/24/2021

OptiPlex 3050 AIO

1.18.0

08/16/2021

OptiPlex 3060

1.14.0

08/27/2021

OptiPlex 3070

1.9.1

08/26/2021

OptiPlex 3080

2.2.1

08/27/2021

OptiPlex 3240 All-in-One

1.13.0

08/24/2021

OptiPlex 3280 All-in-One

1.8.1

08/27/2021

OptiPlex 5040

1.19.0

08/27/2021

OptiPlex 5050

1.17.0

08/24/2021

OptiPlex 5060

1.14.0

08/27/2021

OptiPlex 5070

1.9.1

08/26/2021

OptiPlex 5080

1.5.1

08/27/2021

OptiPlex 5250

1.18.0

08/16/2021

OptiPlex 5260 All In One

1.15.0

08/26/2021

OptiPlex 5270 All-in-One

1.10.0

08/26/2021

OptiPlex 5480 All-in-One

1.8.0

08/20/2021

OptiPlex 7040

1.20.2

09/01/2021

OptiPlex 7050

1.17.1

08/29/2021

OptiPlex 7060

1.14.0

08/27/2021

OptiPlex 7070

1.9.1

08/26/2021

OptiPlex 7070 UFF

1.9.0

08/25/2021

OptiPlex 7071

1.9.1

08/27/2021

OptiPlex 7080

1.5.1

08/27/2021

OptiPlex 7440 AIO

1.16.0

08/24/2021

OptiPlex 7450

1.18.0

08/16/2021

OptiPlex 7460 All In One

1.15.0

08/26/2021

OptiPlex 7470 All-in-One

1.10.0

08/26/2021

OptiPlex 7480 All-in-One

1.8.0

08/20/2021

OptiPlex 7760 AIO

1.15.0

08/26/2021

OptiPlex 7770 All-in-One

1.10.0

08/26/2021

OptiPlex 7780 All-in-One

1.8.0

08/20/2021

OptiPlex XE3

1.14.0

08/27/2021

Precision 3240 CFF

1.7.1

09/02/2021

Precision 3420 Tower

2.18.1

08/27/2021

Precision 3430 Tower

1.14.0

08/27/2021

Precision 3431 Tower

1.9.1

08/27/2021

Precision 3440

1.5.1

08/27/2021

Precision 3510

1.27.3

10/14/2021

Precision 3520

1.21.0

10/05/2021

Precision 3530

1.16.0

10/04/2021

Precision 3540

1.12.0

09/13/2021

Precision 3541

1.14.0

09/01/2021

Precision 3550

1.7.0

09/02/2021

Precision 3620 Tower

2.18.1

08/27/2021

Precision 3630 Tower

2.10.0

09/01/2021

Precision 3640

1.8.0

09/02/2021

Precision 3930 Rack

2.12.0

09/01/2021

Precision 5510

1.18.0

09/24/2021

Precision 5520

1.24.0

09/24/2021

Precision 5530

1.21.0

09/29/2021

Precision 5530 2-In-1

1.15.8

09/29/2021

Precision 5540

1.13.0

09/03/2021

Precision 5720 AIO

2.11.0

08/31/2021

Precision 5820 Tower

2.10.0

08/30/2021

Precision 5820 Tower

2.10.0

08/30/2021

Precision 7510

1.23.3

10/04/2021

Precision 7520

1.21.0

10/04/2021

Precision 7530

1.17.0

10/04/2021

Precision 7540

1.14.0

09/01/2021

Precision 7550

1.9.1

08/31/2021

Precision 7710

1.23.3

10/04/2021

Precision 7720

1.21.0

10/04/2021

Precision 7730

1.17.0

10/04/2021

Precision 7740

1.14.0

09/01/2021

Precision 7750

1.9.1

08/31/2021

Precision 7820 Tower

2.14.0

08/30/2021

Precision 7920 Tower

2.14.0

08/30/2021

Vostro 14 3468

3.9.0

09/22/2021

Vostro 14 3478

1.14.0

09/22/2021

Vostro 14 5468

1.16.0

10/02/2021

Vostro 15 3568

3.9.0

09/22/2021

Vostro 15 3578

1.14.0

09/22/2021

Vostro 15 5568

1.16.0

10/02/2021

Vostro 15 7570

1.14.0

10/01/2021

Vostro 15 7580

1.17.0

10/01/2021

Vostro 3070

2.19.0

08/27/2021

Vostro 3267

1.17.1

08/30/2021

Vostro 3268

1.17.1

08/30/2021

Vostro 3470

2.19.0

08/29/2021

Vostro 3471

1.7.0

08/27/2021

Vostro 3480

1.15.0

10/04/2021

Vostro 3481

1.14.0

10/04/2021

Vostro 3580

1.15.0

10/04/2021

Vostro 3581

1.14.0

10/04/2021

Vostro 3583

1.15.0

10/04/2021

Vostro 3584

1.14.0

10/04/2021

Vostro 3660

1.17.1

08/30/2021

Vostro 3667

1.17.1

08/30/2021

Vostro 3668

1.17.1

08/30/2021

Vostro 3669

1.17.1

08/30/2021

Vostro 3670

2.19.0

08/27/2021

Vostro 3671

1.7.0

08/27/2021

Vostro 3681

2.5.1

08/27/2021

Vostro 3881

2.5.1

08/27/2021

Vostro 3888

2.5.1

08/27/2021

Vostro 5090

1.9.1

08/26/2021

Vostro 5370

1.19.0

08/25/2021

Vostro 5471

1.19.0

08/25/2021

Vostro 5481

2.11.0

08/30/2021

Vostro 5581

2.11.0

08/30/2021

Vostro 5880

1.5.1

08/27/2021

Vostro 7590

1.11.0

08/26/2021

Wyse 5070

1.12.0

08/27/2021

Wyse 5470

1.9.0

08/27/2021

Wyse 5470 All-In-One

1.9.0

08/27/2021

Wyse 7040 Thin Client

1.12.0

08/27/2021

XPS 13 9360

2.17.0

10/04/2021

XPS 13 9360

2.17.0

10/04/2021

XPS 13 9370

1.16.0

09/24/2021

XPS 13 9380

1.15.0

09/03/2021

XPS 15 7590

1.21.0

09/29/2021

XPS 15 9560

1.24.0

09/24/2021

XPS 15 9575 2-in-1

1.17.0

10/04/2021

XPS 27 7760 AIO

2.11.0

08/31/2021

XPS 7590

1.13.0

09/02/2021

XPS 8930

1.1.18

10/07/2021

XPS 8940

2.1.3

08/27/2021

Tämän Dell Technologiesin tietoturvatiedotteen tiedot on luettava, ja niiden avulla voidaan välttää tilanteita, jotka voivat johtua tässä kuvatuista ongelmista. Dell Technologiesin tietoturvatiedotteet tuovat tärkeitä tietoturvatietoja haavoittuvuudelle alttiiden tuotteiden käyttäjien tietoon. Dell Technologies arvioi riskin perustuen asennettujen järjestelmien hajautetun joukon keskimääräisiin riskeihin, eikä se välttämättä vastaa paikallisen asennuksen ja yksittäisen ympäristön todellista riskiä. Suositus on, että kaikki käyttäjät ratkaisevat näiden tietojen sovellettavuuden yksittäisten ympäristöjen mukaan ja ryhtyvät tarvittaviin toimenpiteisiin. Tässä esitetyt tiedot annetaan “sellaisenaan” ilman minkäänlaista takuuta. Dell Technologies kiistää kaikki suorat tai epäsuorat takuut, mukaan lukien takuut soveltuvuudesta kaupankäynnin kohteeksi, sopivuudesta tiettyyn käyttötarkoitukseen, omistusoikeudesta ja loukkaamattomuudesta. Dell Technologies, sen tytäryhtiöt tai toimittajat eivät missään tilanteessa ole vastuussa mistään vahingoista, jotka johtuvat tässä asiakirjassa mainituista tiedoista tai toimenpiteistä, joihin käyttäjä päättää ryhtyä. Tämä koskee kaikkia suoria, epäsuoria, satunnaisia, välillisiä, liikevoiton menetykseen liittyviä tai erityisluontoisia vahinkoja, vaikka Dell Technologies tai sen tytäryhtiöt tai toimittajat olisivat saaneet tiedon tällaisten vahinkojen mahdollisuudesta. Jotkin osavaltiot eivät salli satunnaisten tai seuraamuksellisten vahinkojen vastuun poistamista tai rajoittamista, joten edellä mainittua rajoitusta sovelletaan vain lain sallimassa laajuudessa.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE