Secure Boot bypass in Dell Client Platform BIOS



Published: 2024-08-28 | Updated: 2024-08-30
Risk Low
Patch available YES
Number of vulnerabilities 1
CVE-ID CVE-2024-39584
CWE-ID CWE-321
Exploitation vector Local
Public exploit N/A
Vulnerable software
Subscribe
Alienware Area 51m R2
Hardware solutions / Firmware

Alienware Aurora R15 AMD
Hardware solutions / Firmware

Alienware m15 R3
Hardware solutions / Firmware

Alienware m15 R4
Hardware solutions / Firmware

Alienware m17 R3
Hardware solutions / Firmware

Alienware m17 R4
Hardware solutions / Firmware

Alienware x14
Hardware solutions / Firmware

Alienware x15 R1
Hardware solutions / Firmware

Alienware x15 R2
Hardware solutions / Firmware

Alienware x17 R1
Hardware solutions / Firmware

Alienware x17 R2
Hardware solutions / Firmware

Vendor

Security Bulletin

This security bulletin contains one low risk vulnerability.

1) Use of hard-coded cryptographic key

EUVDB-ID: #VU96591

Risk: Low

CVSSv3.1: 5.8 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-39584

CWE-ID: CWE-321 - Use of Hard-coded Cryptographic Key

Exploit availability: No

Description

The vulnerability allows a local user to bypass Secure Boot.

The vulnerability exists due to usage of a hard-coded cryptographic key. A local user can bypass Secure Boot restrictions and escalate privileges on the system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Alienware Area 51m R2: before 1.29.0

Alienware Aurora R15 AMD: before 1.15.0

Alienware m15 R3: before 1.29.0

Alienware m15 R4: before 1.24.0

Alienware m17 R3: before 1.29.0

Alienware m17 R4: before 1.24.0

Alienware x14: before 1.21.0

Alienware x15 R1: before 1.24.0

Alienware x15 R2: before 1.22.0

Alienware x17 R1: before 1.24.0

Alienware x17 R2: before 1.22.0

CPE2.3
External links

http://www.dell.com/support/kbdoc/en-us/000227594/dsa-2024-354
http://www.dell.com/support/kbdoc/nl-nl/000227594/dsa-2024-354-security-update-for-a-dell-client-platform-bios-for-a-use-of-default-cryptographic-key-vulnerability


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###