Notified: September 15, 2014 Updated: December 10, 2014
Affected
AMI has addressed the issue on a generic basis and is working with OEMs to implement fixes for projects in the field and production. End users should contact their board manufacturer for information on when a specific updated BIOS will be available.
We are not aware of further vendor information regarding this vulnerability.
Notified: July 23, 2015 Updated: July 30, 2015
Statement Date: July 30, 2015
Affected
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: September 15, 2014 Updated: August 03, 2015
Statement Date: August 03, 2015
Affected
Some client systems are affected. Server systems are not affected. Patches for affected client systems tentatively planned for release on support.dell.com by March 2015. List of affected systems forthcoming
Some Client Solutions (CS) commercial platforms are affected by the vulnerability described in VU#976132. Updated BIOS code has been developed to mitigate the vulnerability by locking down the resume path boot script. A list of BIOS update patches is included below for planning purposes and BIOS revisions are included (subject to change): Dell System BIOS Update Release Planned Latitude 13 (3340) A06 Available Latitude 6430U A10 August 2015 Latitude E5440/E5540 A11 Available Latitude E5530/E5430 A16 August 2015 Latitude E6230/E6330/E6430S A15 August 2015 Latitude E6530 A17 August 2015 Latitude E6430 A17 August 2015 Latitude E6440 A10 Available Latitude E6540 A13 Available Latitude E7240/E7440 A14 Available OptiPlex 3010 A14 August 2015 OptiPlex 3011 AIO A07 Available OptiPlex 3020 A06 Available OptiPlex 7010/9010 A20 Available OptiPlex 7020 A03 Available OptiPlex 9020 A10 Available OptiPlex 9010 AIO A17 Available OptiPlex 9020 AIO A10 Available Precision Mobile Workstation M4700 A14 August 2015 Precision Mobile Workstation M6700 A15 August 2015 Precision Workstation R7610 A09 Available Precision Workstation T1650 A19 Available Precision Workstation T1700 A15 Available Precision Workstation T3610/T5610/T7610 A10 Available Precision Workstation M6800/M4800 A13 Available PowerEdge Server T20 A06 Available Venue 11 Pro (5130-32Bit) A10 Available Venue 11 Pro (5130-64Bit) A03 Available Venue 11 Pro (7130/7139) A14 Available Dell recommends customers update to the latest BIOS by downloading the patched releases from http://support.dell.com.
Updated: February 03, 2015
Affected
"Insyde has reviewed the Insyde BIOS code and did find some vulnerabilities to some of the items in this report. Insyde used the Native EDK II Lock Box Mechanism for saving the Boot Script in our Insyde H2O 5 codebase thus providing adequate protection. By late 2014 Insyde created a protection mechanism for our Insyde H2O 3.7 codebase to protect the Boot Script. By late 2014 Insyde had protected the AcpiGlobalVariable for both codebases. The Variable updates were available in Tags 03.74.42 and 05.04.42 which was the 2014 work week 42 release. The internal tracking number was IB02960681. The Insyde H2O 3.7 Boot Script protection mechanism was made available in various chipset Tags. OEM and ODM customers are advised to contact their Insyde support representative for documentation and assistance. End users are advised to contact the manufacturer of their equipment."
We are not aware of further vendor information regarding this vulnerability.
Notified: September 15, 2014 Updated: July 20, 2015
Statement Date: June 29, 2015
Affected
Some Intel-branded products were affected by this issue. An update to the system firmware has recently been released in order to mitigate this and other issues. A list of affected products and updates can be found in our security advisories, INTEL-SA-00041 and INTEL-SA-00043, which can be found on our website https://security-center.intel.com.
We are not aware of further vendor information regarding this vulnerability.
Updated: January 21, 2015
Affected
http://support.lenovo.com/us/en/product_security/s3_boot_protect
We are not aware of further vendor information regarding this vulnerability.
Notified: October 06, 2014 Updated: December 19, 2014
Affected
We investigated this item and found some of our shipping products to be vulnerable. The vulnerability has been fixed, and we are working with OEMs to provide the updated source code. End users should contact the manufacturer directly for more information and instructions regarding the fix.
We are not aware of further vendor information regarding this vulnerability.