1.0.9

CVSS 7.2 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

COMPLETE

Integrity impact

COMPLETE

Availability impact

COMPLETE

local

low complexity

dell

NVD

Published: 2019-12-16

Updated: 2019-12-30

Summary

Settings for the Dell XPS 13 2-in-1 (7390) BIOS versions prior to 1.1.3 contain a configuration vulnerability. The BIOS configuration for the "Enable Thunderbolt (and PCIe behind TBT) pre-boot modules" setting is enabled by default. A local unauthenticated attacker with physical access to a user's system can obtain read or write access to main memory via a DMA attack during platform boot.

Vulnerable Configurations

Part	Description	Count
OS	Dell Dell XPS 7390 Firmware - Dell XPS 7390 Firmware 1.0.6 Dell XPS 7390 Firmware 1.0.9 Dell XPS 7390 Firmware 1.0.13	4
Hardware	Dell Dell XPS 7390 -	1

References

https://www.dell.com/support/article/SLN319808