CVE-2015-0949
Last modified
CVE-2015-0949 is a high-severity vulnerability rated 7.8/10 on the CVSS scale. The System Management Mode (SMM) implementation in Dell Latitude E6430 BIOS Revision A09, HP EliteBook 850 G1 BIOS revision L71 Ver. 01.09, and possibly other BIOS implementations does not ensure that function calls operate on SMRAM memory locations, which allows local users to bypass the Secure Boot protection mechanism and gain privileges by leveraging write access to physical memory.. EPSS estimates a 0.39% chance of exploitation in the next 30 days.
Description
The System Management Mode (SMM) implementation in Dell Latitude E6430 BIOS Revision A09, HP EliteBook 850 G1 BIOS revision L71 Ver. 01.09, and possibly other BIOS implementations does not ensure that function calls operate on SMRAM memory locations, which allows local users to bypass the Secure Boot protection mechanism and gain privileges by leveraging write access to physical memory.
Metrics
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Dell | Latitude E6430 Firmware | a09 |
| Hp | Elitebook 850 G1 Firmware | 01.09 |
References
- http://www.kb.cert.org/vuls/id/631788Third Party Advisory, US Government Resource
- http://www.kb.cert.org/vuls/id/631788Third Party Advisory, US Government Resource
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2015-0949?
How severe is CVE-2015-0949?
How do I fix CVE-2015-0949?
Are you affected by CVE-2015-0949?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST