1.0.9

CVSS 6.8 - MEDIUM

Attack vector

PHYSICAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

low complexity

dell

NVD

Published: 2019-12-16

Updated: 2019-12-30

Summary

Settings for the Dell XPS 13 2-in-1 (7390) BIOS versions prior to 1.1.3 contain a configuration vulnerability. The BIOS configuration for the "Enable Thunderbolt (and PCIe behind TBT) pre-boot modules" setting is enabled by default. A local unauthenticated attacker with physical access to a user's system can obtain read or write access to main memory via a DMA attack during platform boot.

Vulnerable Configurations

Part	Description	Count
OS	Dell Dell XPS 7390 Firmware - Dell XPS 7390 Firmware 1.0.6 Dell XPS 7390 Firmware 1.0.9 Dell XPS 7390 Firmware 1.0.13	4
Hardware	Dell Dell XPS 7390 -	1

References

https://www.dell.com/support/article/SLN319808