CVE-2020-5348 — Use After Free in Dell CPG Bios

CWE-416 — Use After Free3 documents3 sources

Severity

7.8HIGHNVD

CNA6.8

EPSS

0.1%

top 69.84%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Dell CPG Bios Dell Latitude 7202 Firmware

Timeline

PublishedApr 4

Latest updateMay 24

Description

Dell Latitude 7202 Rugged Tablet BIOS versions prior to A28 contain a UAF vulnerability in EFI_BOOT_SERVICES in system management mode. A local unauthenticated attacker may exploit this vulnerability by overwriting the EFI_BOOT_SERVICES structure to execute arbitrary code in system management mode.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

▶NVDdell/latitude_7202_firmware< a28

▶CVEListV5dell/cpg_biosunspecified — A28

🔴Vulnerability Details

GHSA

GHSA-4m8x-97cg-mq8w: Dell Latitude 7202 Rugged Tablet BIOS versions prior to A28 contain a UAF vulnerability in EFI_BOOT_SERVICES in system management mode↗2022-05-24

▶

CVEList

CVE-2020-5348: Dell Latitude 7202 Rugged Tablet BIOS versions prior to A28 contain a UAF vulnerability in EFI_BOOT_SERVICES in system management mode↗2020-04-03

▶