Buffer overflow in Hardware solutions

#VU54383 Buffer overflow in Hardware solutions

Published: 2021-06-25

Vulnerability identifier: #VU54383

Vulnerability risk: Low

CVSSv3.1: 6.5 [CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-21572

CWE-ID: CWE-119

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Alienware m15 R6
Hardware solutions / Firmware
ChengMing 3990
Hardware solutions / Firmware
ChengMing 3991
Hardware solutions / Firmware
Dell G15 5510
Hardware solutions / Firmware
Dell G15 5511
Hardware solutions / Firmware
Dell G3 3500
Hardware solutions / Firmware
Dell G5 5500
Hardware solutions / Firmware
Dell G7 7500
Hardware solutions / Firmware
Dell G7 7700
Hardware solutions / Firmware
Inspiron 15 7510
Hardware solutions / Firmware
Inspiron 3501
Hardware solutions / Firmware
Inspiron 3880
Hardware solutions / Firmware
Inspiron 3881
Hardware solutions / Firmware
Inspiron 3891
Hardware solutions / Firmware
Inspiron 5300
Hardware solutions / Firmware
Inspiron 5301
Hardware solutions / Firmware
Inspiron 5310
Hardware solutions / Firmware
Inspiron 5400 2n1
Hardware solutions / Firmware
Inspiron 5400 AIO
Hardware solutions / Firmware
Inspiron 5401
Hardware solutions / Firmware
Inspiron 5401 AIO
Hardware solutions / Firmware
Inspiron 5402
Hardware solutions / Firmware
Inspiron 5406 2n1
Hardware solutions / Firmware
Inspiron 5408
Hardware solutions / Firmware
Inspiron 5409
Hardware solutions / Firmware
Inspiron 5410 2-in-1
Hardware solutions / Firmware
Inspiron 5501
Hardware solutions / Firmware
Inspiron 5502
Hardware solutions / Firmware
Inspiron 5508
Hardware solutions / Firmware
Inspiron 5509
Hardware solutions / Firmware
Inspiron 7300
Hardware solutions / Firmware
Inspiron 7300 2n1
Hardware solutions / Firmware
Inspiron 7306 2n1
Hardware solutions / Firmware
Inspiron 7400
Hardware solutions / Firmware
Inspiron 7500
Hardware solutions / Firmware
Inspiron 7500 2n1 - Black
Hardware solutions / Firmware
Inspiron 7500 2n1 - Silver
Hardware solutions / Firmware
Inspiron 7501
Hardware solutions / Firmware
Inspiron 7506 2n1
Hardware solutions / Firmware
Inspiron 7610
Hardware solutions / Firmware
Inspiron 7700 AIO
Hardware solutions / Firmware
Inspiron 7706 2n1
Hardware solutions / Firmware
Latitude 3120
Hardware solutions / Firmware
Latitude 3320
Hardware solutions / Firmware
Latitude 3410
Hardware solutions / Firmware
Latitude 3420
Hardware solutions / Firmware
Latitude 3510
Hardware solutions / Firmware
Latitude 3520
Hardware solutions / Firmware
Latitude 5310
Hardware solutions / Firmware
Latitude 5310 2 in 1
Hardware solutions / Firmware
Latitude 5320
Hardware solutions / Firmware
Latitude 5320 2-in-1
Hardware solutions / Firmware
Latitude 5410
Hardware solutions / Firmware
Latitude 5411
Hardware solutions / Firmware
Latitude 5420
Hardware solutions / Firmware
Latitude 5510
Hardware solutions / Firmware
Latitude 5511
Hardware solutions / Firmware
Latitude 5520
Hardware solutions / Firmware
Latitude 7210 2-in-1
Hardware solutions / Firmware
Latitude 7310
Hardware solutions / Firmware
Latitude 7320
Hardware solutions / Firmware
Latitude 7410
Hardware solutions / Firmware
Latitude 7420
Hardware solutions / Firmware
Latitude 7520
Hardware solutions / Firmware
Latitude 9410
Hardware solutions / Firmware
Latitude 9420
Hardware solutions / Firmware
Latitude 9510
Hardware solutions / Firmware
Latitude 9520
Hardware solutions / Firmware
OptiPlex 3080
Hardware solutions / Firmware
OptiPlex 3090 UFF
Hardware solutions / Firmware
OptiPlex 3280 All-in-One
Hardware solutions / Firmware
OptiPlex 5080
Hardware solutions / Firmware
OptiPlex 5090 Tower
Hardware solutions / Firmware
OptiPlex 5490 AIO
Hardware solutions / Firmware
OptiPlex 7080
Hardware solutions / Firmware
OptiPlex 7090 Tower
Hardware solutions / Firmware
OptiPlex 7090 UFF
Hardware solutions / Firmware
OptiPlex 7480 All-in-One
Hardware solutions / Firmware
OptiPlex 7490 All-in-One
Hardware solutions / Firmware
OptiPlex 7780 All-in-One
Hardware solutions / Firmware
Precision 17 M5750
Hardware solutions / Firmware
Precision 3440
Hardware solutions / Firmware
Precision 3450
Hardware solutions / Firmware
Precision 3550
Hardware solutions / Firmware
Precision 3551
Hardware solutions / Firmware
Precision 3560
Hardware solutions / Firmware
Precision 3640
Hardware solutions / Firmware
Precision 3650 MT
Hardware solutions / Firmware
Precision 5550
Hardware solutions / Firmware
Precision 5560
Hardware solutions / Firmware
Precision 5760
Hardware solutions / Firmware
Precision 7550
Hardware solutions / Firmware
Precision 7560
Hardware solutions / Firmware
Precision 7750
Hardware solutions / Firmware
Precision 7760
Hardware solutions / Firmware
Vostro 15 7510
Hardware solutions / Firmware
Vostro 3400
Hardware solutions / Firmware
Vostro 3500
Hardware solutions / Firmware
Vostro 3501
Hardware solutions / Firmware
Vostro 3681
Hardware solutions / Firmware
Vostro 3690
Hardware solutions / Firmware
Vostro 3881
Hardware solutions / Firmware
Vostro 3888
Hardware solutions / Firmware
Vostro 3890
Hardware solutions / Firmware
Vostro 5300
Hardware solutions / Firmware
Vostro 5301
Hardware solutions / Firmware
Vostro 5310
Hardware solutions / Firmware
Vostro 5401
Hardware solutions / Firmware
Vostro 5402
Hardware solutions / Firmware
Vostro 5501
Hardware solutions / Firmware
Vostro 5502
Hardware solutions / Firmware
Vostro 5880
Hardware solutions / Firmware
Vostro 5890
Hardware solutions / Firmware
Vostro 7500
Hardware solutions / Firmware
XPS 13 9305
Hardware solutions / Firmware
XPS 13 2in1 9310
Hardware solutions / Firmware
XPS 13 9310
Hardware solutions / Firmware
XPS 15 9500
Hardware solutions / Firmware
XPS 15 9510
Hardware solutions / Firmware
XPS 17 9700
Hardware solutions / Firmware
XPS 17 9710
Hardware solutions / Firmware

Vendor:

Description

The vulnerability allows a local user to compromise the affected system.

The vulnerability exists due to a boundary error within Dell BIOSConnect feature. A local user with privileged access to the system can bypass UEFI restrictions and execute arbitrary code.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

External links
http://www.dell.com/support/kbdoc/en-us/000188682

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Multiple vulnerabilities in Dell BIOSConnect and HTTPS Boot features