CVE-2019-18579
published 2019-12-16CVE-2019-18579: Settings for the Dell XPS 13 2-in-1 (7390) BIOS versions prior to 1.1.3 contain a configuration vulnerability. The BIOS configuration for the "Enable…
medium6.8CVSS 3.1
AVPACLPRNUINSUCHIHAH
Settings for the Dell XPS 13 2-in-1 (7390) BIOS versions prior to 1.1.3 contain a configuration vulnerability. The BIOS configuration for the "Enable Thunderbolt (and PCIe behind TBT) pre-boot modules" setting is enabled by default. A local unauthenticated attacker with physical access to a user's system can obtain read or write access to main memory via a DMA attack during platform boot.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| dell | cpg_bios | >= unspecified < 1.1.3 | 1.1.3 |
| dell | xps_7390_firmware | < 1.1.3 | 1.1.3 |