QID 376132

Date Published: 2022-01-06

QID 376132: Dell Client Security Update for Multiple Vulnerabilities (DSA-2021-216)

Dell Client Consumer and Commercial platform remediation is available for these vulnerabilities that may be exploited by malicious users to compromise the affected system

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM.

Successful exploitation allows attacker to execute arbitratry code.

CVSS V3 rated as High - 6.7 severity.

CVSS V2 rated as High - 7.2 severity.

Solution

Customers are advised to update the BIOS to latest version. Refer to DSA-2021-216 for more information.

Vendor References

DSA-2021-216 - www.dell.com/support/kbdoc/en-ie/000192967/dsa-2021-216-dell-client-platform-security

CVEs related to QID 376132

CVE-2021-36323 | CVE-2021-36234 | CVE-2021-36325 |

Software Advisories

Advisory ID	Software	Component	Link
DSA-2021-216			www.dell.com/support/kbdoc/en-ie/000192967/dsa-2021-216-dell-client-platform-security

By selecting these links, you may be leaving CVEreport webspace. We have provided these links to other websites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other websites that are more appropriate for your purpose. CVEreport does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, CVEreport does not endorse any commercial products that may be mentioned on these sites. Please address comments about any linked pages to [email protected].