CVE-2015-0949
HIGHDell Latitude E6430 BIOS A09 and HP EliteBook 850 G1 BIOS L71 Ver. 01.09 - Privilege Escalation via SMM SMRAM Bypass
Title source: llmDescription
The System Management Mode (SMM) implementation in Dell Latitude E6430 BIOS Revision A09, HP EliteBook 850 G1 BIOS revision L71 Ver. 01.09, and possibly other BIOS implementations does not ensure that function calls operate on SMRAM memory locations, which allows local users to bypass the Secure Boot protection mechanism and gain privileges by leveraging write access to physical memory.
References (1)
Core 1
Core References
Third Party Advisory, US Government Resource x_refsource_misc
http://www.kb.cert.org/vuls/id/631788
Scores
CVSS v3
7.8
EPSS
0.0008
EPSS Percentile
22.8%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-269
Status
published
Products (2)
dell/latitude_e6430_firmware
a09
hp/elitebook_850_g1_firmware
01.09
Published
Jan 30, 2020
Tracked Since
Feb 18, 2026