Description
Settings for the Dell XPS 13 2-in-1 (7390) BIOS versions prior to 1.1.3 contain a configuration vulnerability. The BIOS configuration for the "Enable Thunderbolt (and PCIe behind TBT) pre-boot modules" setting is enabled by default. A local unauthenticated attacker with physical access to a user's system can obtain read or write access to main memory via a DMA attack during platform boot.
References (1)
Core 1
Core References
Patch, Vendor Advisory x_refsource_misc
https://www.dell.com/support/article/SLN319808
Scores
CVSS v3
6.8
EPSS
0.0023
EPSS Percentile
45.3%
Attack Vector
PHYSICAL
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-16
Status
published
Products (1)
dell/xps_7390_firmware
< 1.1.3
Published
Dec 16, 2019
Tracked Since
Feb 18, 2026