Dell Client BIOS update for Tianocore EDK2
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 7 |
| CVE-ID | CVE-2023-45229 CVE-2023-45230 CVE-2023-45231 CVE-2023-45232 CVE-2023-45233 CVE-2023-45234 CVE-2023-45235 |
| CWE-ID | CWE-125 CWE-119 CWE-835 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
XPS 9315 2-in-1 Hardware solutions / Firmware XPS 8960 Hardware solutions / Firmware XPS 15 9510 Hardware solutions / Firmware XPS 13 9305 Hardware solutions / Firmware Vostro 5620 Hardware solutions / Firmware Vostro 16 5630 Hardware solutions / Firmware Vostro 15 3530 Hardware solutions / Firmware Vostro 14 3430 Hardware solutions / Firmware Precision 5560 Hardware solutions / Firmware Latitude 9420 Hardware solutions / Firmware Latitude 7330 Rugged Laptop Hardware solutions / Firmware Latitude 5430 Rugged Laptop Hardware solutions / Firmware Inspiron 5620 Hardware solutions / Firmware Inspiron 5420 Hardware solutions / Firmware Inspiron 3881 Hardware solutions / Firmware Inspiron 3880 Hardware solutions / Firmware Inspiron 24 5415 All-in-One Hardware solutions / Firmware Inspiron 16 7630 2-in-1 Hardware solutions / Firmware Inspiron 16 5630 Hardware solutions / Firmware Inspiron 15 3530 Hardware solutions / Firmware Inspiron 14 7430 2-in-1 Hardware solutions / Firmware Inspiron 14 5430 Hardware solutions / Firmware Dell G15 5511 Hardware solutions / Firmware Alienware x17 R1 Hardware solutions / Firmware Alienware x15 R1 Hardware solutions / Firmware Alienware m18 R1 Hardware solutions / Firmware Alienware m16 R1 Hardware solutions / Firmware Alienware m15 R6 Hardware solutions / Firmware |
| Vendor | Dell |
Security Bulletin
This security bulletin contains information about 7 vulnerabilities.
1) Out-of-bounds read
EUVDB-ID: #VU85519
Risk: Low
CVSSv3.1: 5.7 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-45229
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition when processing the IA_NA or IA_TA option in a DHCPv6 Advertise message. A remote attacker on the local network can trigger an out-of-bounds read error and read contents of memory on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsXPS 9315 2-in-1: before 1.13.0
XPS 8960: before 2.3.0
XPS 15 9510: before 1.26.0
XPS 13 9305: before 1.19.0
Vostro 5620: before 1.19.0
Vostro 16 5630: before 1.11.0
Vostro 15 3530: before 1.8.0
Vostro 14 3430: before 1.8.0
Precision 5560: before 1.26.0
Latitude 9420: before 1.27.0
Latitude 7330 Rugged Laptop: before 1.24.0
Latitude 5430 Rugged Laptop: before 1.24.0
Inspiron 5620: before 1.19.0
Inspiron 5420: before 1.19.0
Inspiron 3881: before 1.24.1
Inspiron 3880: before 1.24.1
Inspiron 24 5415 All-in-One: before 1.17.0
Inspiron 16 7630 2-in-1: before 1.11.0
Inspiron 16 5630: before 1.11.0
Inspiron 15 3530: before 1.8.0
Inspiron 14 7430 2-in-1: before 1.11.0
Inspiron 14 5430: before 1.11.0
Dell G15 5511: before 1.26.0
Alienware x17 R1: before 1.21.0
Alienware x15 R1: before 1.21.0
Alienware m18 R1: before 1.14.1
Alienware m16 R1: before 1.14.1
Alienware m15 R6: before 1.27.0
External linkshttp://www.dell.com/support/kbdoc/nl-nl/000217986/dsa-2023-344
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Buffer overflow
EUVDB-ID: #VU85520
Risk: Medium
CVSSv3.1: 7.7 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-45230
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary within a long server ID option in DHCPv6 client. A remote attacker on the local network can trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsXPS 9315 2-in-1: before 1.13.0
XPS 8960: before 2.3.0
XPS 15 9510: before 1.26.0
XPS 13 9305: before 1.19.0
Vostro 5620: before 1.19.0
Vostro 16 5630: before 1.11.0
Vostro 15 3530: before 1.8.0
Vostro 14 3430: before 1.8.0
Precision 5560: before 1.26.0
Latitude 9420: before 1.27.0
Latitude 7330 Rugged Laptop: before 1.24.0
Latitude 5430 Rugged Laptop: before 1.24.0
Inspiron 5620: before 1.19.0
Inspiron 5420: before 1.19.0
Inspiron 3881: before 1.24.1
Inspiron 3880: before 1.24.1
Inspiron 24 5415 All-in-One: before 1.17.0
Inspiron 16 7630 2-in-1: before 1.11.0
Inspiron 16 5630: before 1.11.0
Inspiron 15 3530: before 1.8.0
Inspiron 14 7430 2-in-1: before 1.11.0
Inspiron 14 5430: before 1.11.0
Dell G15 5511: before 1.26.0
Alienware x17 R1: before 1.21.0
Alienware x15 R1: before 1.21.0
Alienware m18 R1: before 1.14.1
Alienware m16 R1: before 1.14.1
Alienware m15 R6: before 1.27.0
External linkshttp://www.dell.com/support/kbdoc/nl-nl/000217986/dsa-2023-344
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Out-of-bounds read
EUVDB-ID: #VU85521
Risk: Low
CVSSv3.1: 5.7 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-45231
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition when processing Neighbor Discovery Redirect message. A remote attacker on the local network can trigger an out-of-bounds read error and read contents of memory on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsXPS 9315 2-in-1: before 1.13.0
XPS 8960: before 2.3.0
XPS 15 9510: before 1.26.0
XPS 13 9305: before 1.19.0
Vostro 5620: before 1.19.0
Vostro 16 5630: before 1.11.0
Vostro 15 3530: before 1.8.0
Vostro 14 3430: before 1.8.0
Precision 5560: before 1.26.0
Latitude 9420: before 1.27.0
Latitude 7330 Rugged Laptop: before 1.24.0
Latitude 5430 Rugged Laptop: before 1.24.0
Inspiron 5620: before 1.19.0
Inspiron 5420: before 1.19.0
Inspiron 3881: before 1.24.1
Inspiron 3880: before 1.24.1
Inspiron 24 5415 All-in-One: before 1.17.0
Inspiron 16 7630 2-in-1: before 1.11.0
Inspiron 16 5630: before 1.11.0
Inspiron 15 3530: before 1.8.0
Inspiron 14 7430 2-in-1: before 1.11.0
Inspiron 14 5430: before 1.11.0
Dell G15 5511: before 1.26.0
Alienware x17 R1: before 1.21.0
Alienware x15 R1: before 1.21.0
Alienware m18 R1: before 1.14.1
Alienware m16 R1: before 1.14.1
Alienware m15 R6: before 1.27.0
External linkshttp://www.dell.com/support/kbdoc/nl-nl/000217986/dsa-2023-344
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Infinite loop
EUVDB-ID: #VU85522
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-45232
CWE-ID:
CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop when parsing unknown options in the Destination Options header of IPv6. A remote attacker can consume all available system resources and cause denial of service conditions.
MitigationInstall update from vendor's website.
Vulnerable software versionsXPS 9315 2-in-1: before 1.13.0
XPS 8960: before 2.3.0
XPS 15 9510: before 1.26.0
XPS 13 9305: before 1.19.0
Vostro 5620: before 1.19.0
Vostro 16 5630: before 1.11.0
Vostro 15 3530: before 1.8.0
Vostro 14 3430: before 1.8.0
Precision 5560: before 1.26.0
Latitude 9420: before 1.27.0
Latitude 7330 Rugged Laptop: before 1.24.0
Latitude 5430 Rugged Laptop: before 1.24.0
Inspiron 5620: before 1.19.0
Inspiron 5420: before 1.19.0
Inspiron 3881: before 1.24.1
Inspiron 3880: before 1.24.1
Inspiron 24 5415 All-in-One: before 1.17.0
Inspiron 16 7630 2-in-1: before 1.11.0
Inspiron 16 5630: before 1.11.0
Inspiron 15 3530: before 1.8.0
Inspiron 14 7430 2-in-1: before 1.11.0
Inspiron 14 5430: before 1.11.0
Dell G15 5511: before 1.26.0
Alienware x17 R1: before 1.21.0
Alienware x15 R1: before 1.21.0
Alienware m18 R1: before 1.14.1
Alienware m16 R1: before 1.14.1
Alienware m15 R6: before 1.27.0
External linkshttp://www.dell.com/support/kbdoc/nl-nl/000217986/dsa-2023-344
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Infinite loop
EUVDB-ID: #VU85523
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-45233
CWE-ID:
CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop when parsing a PadN option in the Destination Options header of IPv6. A remote attacker can consume all available system resources and cause denial of service conditions.
MitigationInstall update from vendor's website.
Vulnerable software versionsXPS 9315 2-in-1: before 1.13.0
XPS 8960: before 2.3.0
XPS 15 9510: before 1.26.0
XPS 13 9305: before 1.19.0
Vostro 5620: before 1.19.0
Vostro 16 5630: before 1.11.0
Vostro 15 3530: before 1.8.0
Vostro 14 3430: before 1.8.0
Precision 5560: before 1.26.0
Latitude 9420: before 1.27.0
Latitude 7330 Rugged Laptop: before 1.24.0
Latitude 5430 Rugged Laptop: before 1.24.0
Inspiron 5620: before 1.19.0
Inspiron 5420: before 1.19.0
Inspiron 3881: before 1.24.1
Inspiron 3880: before 1.24.1
Inspiron 24 5415 All-in-One: before 1.17.0
Inspiron 16 7630 2-in-1: before 1.11.0
Inspiron 16 5630: before 1.11.0
Inspiron 15 3530: before 1.8.0
Inspiron 14 7430 2-in-1: before 1.11.0
Inspiron 14 5430: before 1.11.0
Dell G15 5511: before 1.26.0
Alienware x17 R1: before 1.21.0
Alienware x15 R1: before 1.21.0
Alienware m18 R1: before 1.14.1
Alienware m16 R1: before 1.14.1
Alienware m15 R6: before 1.27.0
External linkshttp://www.dell.com/support/kbdoc/nl-nl/000217986/dsa-2023-344
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Buffer overflow
EUVDB-ID: #VU85525
Risk: Medium
CVSSv3.1: 7.7 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-45234
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing DNS Servers option from a DHCPv6 Advertise message. A remote attacker on the local network can trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsXPS 9315 2-in-1: before 1.13.0
XPS 8960: before 2.3.0
XPS 15 9510: before 1.26.0
XPS 13 9305: before 1.19.0
Vostro 5620: before 1.19.0
Vostro 16 5630: before 1.11.0
Vostro 15 3530: before 1.8.0
Vostro 14 3430: before 1.8.0
Precision 5560: before 1.26.0
Latitude 9420: before 1.27.0
Latitude 7330 Rugged Laptop: before 1.24.0
Latitude 5430 Rugged Laptop: before 1.24.0
Inspiron 5620: before 1.19.0
Inspiron 5420: before 1.19.0
Inspiron 3881: before 1.24.1
Inspiron 3880: before 1.24.1
Inspiron 24 5415 All-in-One: before 1.17.0
Inspiron 16 7630 2-in-1: before 1.11.0
Inspiron 16 5630: before 1.11.0
Inspiron 15 3530: before 1.8.0
Inspiron 14 7430 2-in-1: before 1.11.0
Inspiron 14 5430: before 1.11.0
Dell G15 5511: before 1.26.0
Alienware x17 R1: before 1.21.0
Alienware x15 R1: before 1.21.0
Alienware m18 R1: before 1.14.1
Alienware m16 R1: before 1.14.1
Alienware m15 R6: before 1.27.0
External linkshttp://www.dell.com/support/kbdoc/nl-nl/000217986/dsa-2023-344
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Buffer overflow
EUVDB-ID: #VU85526
Risk: Medium
CVSSv3.1: 7.7 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-45235
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when handling Server ID option from a DHCPv6 proxy Advertise message. A remote attacker on the local network can trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsXPS 9315 2-in-1: before 1.13.0
XPS 8960: before 2.3.0
XPS 15 9510: before 1.26.0
XPS 13 9305: before 1.19.0
Vostro 5620: before 1.19.0
Vostro 16 5630: before 1.11.0
Vostro 15 3530: before 1.8.0
Vostro 14 3430: before 1.8.0
Precision 5560: before 1.26.0
Latitude 9420: before 1.27.0
Latitude 7330 Rugged Laptop: before 1.24.0
Latitude 5430 Rugged Laptop: before 1.24.0
Inspiron 5620: before 1.19.0
Inspiron 5420: before 1.19.0
Inspiron 3881: before 1.24.1
Inspiron 3880: before 1.24.1
Inspiron 24 5415 All-in-One: before 1.17.0
Inspiron 16 7630 2-in-1: before 1.11.0
Inspiron 16 5630: before 1.11.0
Inspiron 15 3530: before 1.8.0
Inspiron 14 7430 2-in-1: before 1.11.0
Inspiron 14 5430: before 1.11.0
Dell G15 5511: before 1.26.0
Alienware x17 R1: before 1.21.0
Alienware x15 R1: before 1.21.0
Alienware m18 R1: before 1.14.1
Alienware m16 R1: before 1.14.1
Alienware m15 R6: before 1.27.0
External linkshttp://www.dell.com/support/kbdoc/nl-nl/000217986/dsa-2023-344
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
