CVE-2020-26186

MEDIUM

Dell Inspiron 5675 <1.4.1 - Code Injection

Title source: llm

Description

Dell Inspiron 5675 BIOS versions prior to 1.4.1 contain a UEFI BIOS RuntimeServices overwrite vulnerability. A local attacker with access to system memory may exploit this vulnerability by overwriting the RuntimeServices structure to execute arbitrary code in System Management Mode (SMM).

References (1)

Core 1

Core References

Vendor Advisory x_refsource_misc

https://www.dell.com/support/kbdoc/en-us/000180645/dsa-2020-247-dell-client-platform-security-update-for-uefi-bios-runtimeservices-overwrite-vulnerability

Scores

CVSS v3 6.8

EPSS 0.0036

EPSS Percentile 28.1%

Attack Vector PHYSICAL

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-642 CWE-668

Status published

Products (1)

dell/inspiron_5675_firmware < 1.4.1

Published Jan 08, 2021

Tracked Since Feb 18, 2026