CVE-2015-0949
Summary
| CVE | CVE-2015-0949 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2020-01-30 21:15:00 UTC |
| Updated | 2020-02-06 15:10:00 UTC |
| Description | The System Management Mode (SMM) implementation in Dell Latitude E6430 BIOS Revision A09, HP EliteBook 850 G1 BIOS revision L71 Ver. 01.09, and possibly other BIOS implementations does not ensure that function calls operate on SMRAM memory locations, which allows local users to bypass the Secure Boot protection mechanism and gain privileges by leveraging write access to physical memory. |
Risk And Classification
Problem Types: CWE-269
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Hardware | Dell | Latitude E6430 | - | All | All | All |
| Hardware | Dell | Latitude E6430 | - | All | All | All |
| Operating System | Dell | Latitude E6430 Firmware | a09 | All | All | All |
| Operating System | Dell | Latitude E6430 Firmware | a09 | All | All | All |
| Hardware | Hp | Elitebook 850 G1 | - | All | All | All |
| Hardware | Hp | Elitebook 850 G1 | - | All | All | All |
| Operating System | Hp | Elitebook 850 G1 Firmware | 01.09 | All | All | All |
| Operating System | Hp | Elitebook 850 G1 Firmware | 01.09 | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Vulnerability Note VU#631788 - Multiple BIOS implementations permit unsafe SMM function calls to memory locations outside of SMRAM | MISC | www.kb.cert.org | Third Party Advisory, US Government Resource |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.