CVE-2019-18579 — Dell CPG Bios vulnerability

CWE-163 documents3 sources

Severity

6.8MEDIUMNVD

EPSS

0.2%

top 54.51%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Dell CPG Bios Dell XPS 7390 Firmware

Timeline

PublishedDec 16

Latest updateMay 24

Description

Settings for the Dell XPS 13 2-in-1 (7390) BIOS versions prior to 1.1.3 contain a configuration vulnerability. The BIOS configuration for the "Enable Thunderbolt (and PCIe behind TBT) pre-boot modules" setting is enabled by default. A local unauthenticated attacker with physical access to a user's system can obtain read or write access to main memory via a DMA attack during platform boot.

CVSS vector

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 0.9 | Impact: 5.9

Affected Packages2 packages

▶CVEListV5dell/cpg_biosunspecified — 1.1.3

▶NVDdell/xps_7390_firmware< 1.1.3

Patches

Patch: www.dell.com ↗Patch: www.dell.com ↗

🔴Vulnerability Details

GHSA

GHSA-3fj2-qcp9-8293: Settings for the Dell XPS 13 2-in-1 (7390) BIOS versions prior to 1↗2022-05-24

▶

CVEList

CVE-2019-18579: Settings for the Dell XPS 13 2-in-1 (7390) BIOS versions prior to 1↗2019-12-16

▶