SB2023120110 - Dell Client Platform update for INSYDE UEFI BIOS
Published: December 1, 2023
Security Bulletin ID
SB2023120110
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Physical access
Highest impact
Data manipulation
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Security features bypass (CVE-ID: CVE-2023-30633)
The vulnerability allows an attacker to bypass implemented security restrictions.
The vulnerability exists within the TrEEConfigDriver driver that can report false TPM PCR values. An attacker with physical access to device can write arbitrary values into Platform Configuration Register (PCR) banks and mask malicious activity on the device.
Remediation
Install update from vendor's website.