CVE Vulnerabilities

CVE-2019-18579

Published: Dec 16, 2019 | Modified: Dec 30, 2019
CVSS 3.x
6.8
MEDIUM
Source:
NVD
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVSS 2.x
7.2 HIGH
AV:L/AC:L/Au:N/C:C/I:C/A:C
RedHat/V2
RedHat/V3
Ubuntu

Settings for the Dell XPS 13 2-in-1 (7390) BIOS versions prior to 1.1.3 contain a configuration vulnerability. The BIOS configuration for the Enable Thunderbolt (and PCIe behind TBT) pre-boot modules setting is enabled by default. A local unauthenticated attacker with physical access to a users system can obtain read or write access to main memory via a DMA attack during platform boot.

Affected Software

Name Vendor Start Version End Version
Xps_7390_firmware Dell * *

References