CVE-2015-0949 Information

Description

The System Management Mode (SMM) implementation in Dell Latitude E6430 BIOS Revision A09 HP EliteBook 850 G1 BIOS revision L71 Ver. 01.09 and possibly other BIOS implementations does not ensure that function calls operate on SMRAM memory locations which allows local users to bypass the Secure Boot protection mechanism and gain privileges by leveraging write access to physical memory.

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Reference

http://www.kb.cert.org/vuls/id/631788

Attack Complexity

LOW

Privileges Required

LOW

User Interaction Required

LOW

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score

HIGH

Base Severity

7.8