Risk | Low |
Patch available | YES |
Number of vulnerabilities | 1 |
CVE-ID | CVE-2024-39584 |
CWE-ID | CWE-321 |
Exploitation vector | Local |
Public exploit | N/A |
Vulnerable software Subscribe |
Alienware Area 51m R2 Hardware solutions / Firmware Alienware Aurora R15 AMD Hardware solutions / Firmware Alienware m15 R3 Hardware solutions / Firmware Alienware m15 R4 Hardware solutions / Firmware Alienware m17 R3 Hardware solutions / Firmware Alienware m17 R4 Hardware solutions / Firmware Alienware x14 Hardware solutions / Firmware Alienware x15 R1 Hardware solutions / Firmware Alienware x15 R2 Hardware solutions / Firmware Alienware x17 R1 Hardware solutions / Firmware Alienware x17 R2 Hardware solutions / Firmware |
Vendor |
Security Bulletin
This security bulletin contains one low risk vulnerability.
EUVDB-ID: #VU96591
Risk: Low
CVSSv3.1: 5.8 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-39584
CWE-ID:
CWE-321 - Use of Hard-coded Cryptographic Key
Exploit availability: No
DescriptionThe vulnerability allows a local user to bypass Secure Boot.
The vulnerability exists due to usage of a hard-coded cryptographic key. A local user can bypass Secure Boot restrictions and escalate privileges on the system.
Install updates from vendor's website.
Vulnerable software versionsAlienware Area 51m R2: before 1.29.0
Alienware Aurora R15 AMD: before 1.15.0
Alienware m15 R3: before 1.29.0
Alienware m15 R4: before 1.24.0
Alienware m17 R3: before 1.29.0
Alienware m17 R4: before 1.24.0
Alienware x14: before 1.21.0
Alienware x15 R1: before 1.24.0
Alienware x15 R2: before 1.22.0
Alienware x17 R1: before 1.24.0
Alienware x17 R2: before 1.22.0
CPE2.3http://www.dell.com/support/kbdoc/en-us/000227594/dsa-2024-354
http://www.dell.com/support/kbdoc/nl-nl/000227594/dsa-2024-354-security-update-for-a-dell-client-platform-bios-for-a-use-of-default-cryptographic-key-vulnerability
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.