CVE-2021-36283

moderate-risk

Published 2021-09-28

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM.

Do I need to act?

0.04% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 7.5/10 High

LOCAL / HIGH complexity

Affected Products (20)

Chengming 3990 Firmware

Chengming 3991 Firmware

G3 15 3500 Firmware

G3 15 3590 Firmware

G3 15 5500 Firmware

Inspiron 3493 Firmware

Inspiron 3501 Firmware

Inspiron 3593 Firmware

Inspiron 3793 Firmware

Inspiron 3880 Firmware

Inspiron 3881 Firmware

Inspiron 5400 2-In-1 Firmware

Inspiron 5490 Firmware

Inspiron 5493 Firmware

Inspiron 5498 Firmware

Inspiron 5590 Firmware

Inspiron 5593 Firmware

Inspiron 5598 Firmware

Inspiron 7391 2-In-1 Firmware

Inspiron 7500 Firmware

Affected Vendors

Dell

References (2)

Patch https://www.dell.com/support/kbdoc/000191495/

/ 100

moderate-risk

Severity 20/34 · Moderate

Exploitability 0/34 · Minimal

Exposure 29/34 · Critical