CVE-2015-2890

Published: Aug 1, 2015Modified: May 6, 2026

6.0

Vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H

Exploitability: 0.8 / Impact: 5.2

Source: NVD

Description

The BIOS implementation on Dell Latitude, OptiPlex, Precision Mobile Workstation, and Precision Workstation Client Solutions (CS) devices with model-dependent firmware before A21 does not enforce a BIOS_CNTL locking protection mechanism upon being woken from sleep, which allows local users to conduct EFI flash attacks by leveraging console access, a similar issue to CVE-2015-3692.

Affected (9)

Products: Dell: Bios

Dell

1 product

Bios

Configuration A

1 vulnerable · 2 platform

Vulnerable Software	Affected Versions
Dell Bios	Up to a20

Running on/with	Platform Versions
Dell Latitude E6420 Atg	All versions
Dell Latitude E6420 Xfr	All versions

Configuration B

1 vulnerable · 2 platform

Vulnerable Software	Affected Versions
Dell Bios	Up to a12

Running on/with	Platform Versions
Dell Latitude E6220	All versions
Dell Latitude Xt3	All versions

Configuration C

1 vulnerable · 6 platform

Vulnerable Software	Affected Versions
Dell Bios	Up to a15

Running on/with	Platform Versions
Dell Latitude E5410	All versions
Dell Latitude E5510	All versions
Dell Latitude E6410 Atg	All versions
Dell Latitude E6510	All versions
Dell Precision Mobile M4600	All versions
Dell Precision T1600	All versions

Configuration D

1 vulnerable · 2 platform

Vulnerable Software	Affected Versions
Dell Bios	Up to a18

Running on/with	Platform Versions
Dell Latitude E6320	All versions
Dell Latitude E6520	All versions

Configuration E

1 vulnerable · 2 platform

Vulnerable Software	Affected Versions
Dell Bios	Up to a14

Running on/with	Platform Versions
Dell Precision Mobile M4500	All versions
Dell Precision Mobile M6600	All versions

Configuration F

1 vulnerable · 3 platform

Vulnerable Software	Affected Versions
Dell Bios	Version a13

Running on/with	Platform Versions
Dell Latitude E4310	All versions
Dell Latitude E5420	All versions
Dell Latitude E5520	All versions

Configuration G

1 vulnerable · 3 platform

Vulnerable Software	Affected Versions
Dell Bios	Up to a11

Running on/with	Platform Versions
Dell Precision T3600	All versions
Dell Precision T5600	All versions
Dell Precision T5600 Xl	All versions

Configuration H

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dell Bios	Up to a10

Running on/with	Platform Versions
Dell Optiplex 390	All versions

Configuration I

1 vulnerable · 2 platform

Vulnerable Software	Affected Versions
Dell Bios	Up to a17

Running on/with	Platform Versions
Dell Optiplex 790	All versions
Dell Optiplex 990	All versions

References (4)

http://www.kb.cert.org/vuls/id/577140

Source: cret@cert.org

Third Party AdvisoryUS Government Resource

http://www.kb.cert.org/vuls/id/BLUU-9XXQ9L

Source: cret@cert.org

Third Party AdvisoryUS Government Resource

http://www.kb.cert.org/vuls/id/577140

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryUS Government Resource

http://www.kb.cert.org/vuls/id/BLUU-9XXQ9L

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryUS Government Resource

Timeline

No history available yet.