Use of hard-coded cryptographic key in Dell products - CVE-2024-39584
Published: August 28, 2024 / Updated: August 30, 2024
Vulnerability identifier: #VU96591
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2024-39584
CWE-ID: CWE-321
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: Dell
Affected software:
Alienware Area 51m R2
Alienware Aurora R15 AMD
Alienware m15 R3
Alienware m15 R4
Alienware m17 R3
Alienware m17 R4
Alienware x14
Alienware x15 R1
Alienware x15 R2
Alienware x17 R1
Alienware x17 R2
Alienware Area 51m R2
Alienware Aurora R15 AMD
Alienware m15 R3
Alienware m15 R4
Alienware m17 R3
Alienware m17 R4
Alienware x14
Alienware x15 R1
Alienware x15 R2
Alienware x17 R1
Alienware x17 R2
Detailed vulnerability description
The vulnerability allows a local user to bypass Secure Boot.
The vulnerability exists due to usage of a hard-coded cryptographic key. A local user can bypass Secure Boot restrictions and escalate privileges on the system.
How to mitigate CVE-2024-39584
Install updates from vendor's website.