CVE-2021-21574: Dell BIOSConnect feature contains a buffer overflow vulnerability. An authenticated malicious admin user with local access to the system may potentially…

high7.5CVSS 3.1

AVLACHPRHUINSCCHIHAH

Dell BIOSConnect feature contains a buffer overflow vulnerability. An authenticated malicious admin user with local access to the system may potentially exploit this vulnerability to run arbitrary code and bypass UEFI restrictions.

Affected

129 ranges· showing 25

Vendor	Product	Version range	Fixed in
dell	alienware_m15_r6_firmware	< 1.3.3	1.3.3
dell	biosconnect	>= unspecified < Gen 11, Gen 10	Gen 11, Gen 10
dell	chengming_3990_firmware	< 1.4.1	1.4.1
dell	chengming_3991_firmware	< 1.4.1	1.4.1
dell	g15_5510_firmware	< 1.4.0	1.4.0
dell	g15_5511_firmware	< 1.3.3	1.3.3
dell	g3_3500_firmware	<= 1.9.0	—
dell	g5_5500_firmware	< 1.9.0	1.9.0
dell	g7_7500_firmware	< 1.9.0	1.9.0
dell	g7_7700_firmware	< 1.9.0	1.9.0
dell	inspiron_14_5418_firmware	< 2.1.0_a06	2.1.0_a06
dell	inspiron_15_5518_firmware	< 2.1.0_a06	2.1.0_a06
dell	inspiron_15_7510_firmware	< 1.0.4	1.0.4
dell	inspiron_3501_firmware	< 1.6.0	1.6.0
dell	inspiron_3880_firmware	< 1.4.1	1.4.1
dell	inspiron_3881_firmware	< 1.4.1	1.4.1
dell	inspiron_3891_firmware	< 1.0.11	1.0.11
dell	inspiron_5300_firmware	< 1.7.1	1.7.1
dell	inspiron_5301_firmware	< 1.8.1	1.8.1
dell	inspiron_5310_firmware	< 2.1.0	2.1.0
dell	inspiron_5400_2-in-1_firmware	< 1.7.0	1.7.0
dell	inspiron_5400_aio_firmware	< 1.4.0	1.4.0
dell	inspiron_5401_aio_firmware	< 1.4.0	1.4.0
dell	inspiron_5401_firmware	< 1.7.2	1.7.2
dell	inspiron_5402_firmware	< 1.5.1	1.5.1