A critical vulnerability identified in Dell Client Platform BIOS, classified as CVE-2024-39584, has been disclosed, posing a significant security risk to affected systems. This flaw, referred to as a “Use of Default Cryptographic Key” vulnerability, carries a CVSS base score of 8.2, indicating its potential for high impact. The vulnerability enables high-privileged attackers with local access to bypass Secure Boot protections and execute arbitrary code on compromised systems. Such exploitation could lead to a complete compromise of the system’s confidentiality, integrity, and availability, presenting a serious threat to users and organizations relying on affected Dell systems.
The vulnerability affects several Dell products, including various Alienware models such as the Area 51m R2, Aurora R15 AMD, and several x-series versions, among others. Specifically, BIOS versions prior to recent updates are vulnerable. In response to the threat, Dell has released critical BIOS updates on August 27 and 28, 2024. These updates are essential for addressing the vulnerability and protecting systems from potential exploitation. Users are strongly advised to visit the Dell Drivers & Downloads site to download and install these updates as soon as possible.
Currently, there are no alternative workarounds or mitigations available to address this vulnerability aside from updating the BIOS. Dell has acknowledged the efforts of the BINARLY Research team for their role in discovering and reporting the flaw. The company stresses the importance of prompt application of the updates to mitigate the risk posed by this significant security issue.
For additional details and to ensure their systems are protected, users should consult Dell’s security advisory page and promptly apply the necessary BIOS updates. Addressing this vulnerability swiftly is crucial to maintaining system security and preventing potential breaches related to this serious BIOS flaw.
Reference:
