CVE-2020-5348
MEDIUMDell Latitude 7202 Rugged Tablet BIOS < A28 - Unauthenticated Use-After-Free in EFI_BOOT_SERVICES
Title source: llmDescription
Dell Latitude 7202 Rugged Tablet BIOS versions prior to A28 contain a UAF vulnerability in EFI_BOOT_SERVICES in system management mode. A local unauthenticated attacker may exploit this vulnerability by overwriting the EFI_BOOT_SERVICES structure to execute arbitrary code in system management mode.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_misc
https://www.dell.com/support/article/SLN320792
Scores
CVSS v3
6.8
EPSS
0.0011
EPSS Percentile
29.7%
Attack Vector
PHYSICAL
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-416
Status
published
Products (1)
dell/latitude_7202_firmware
< a28
Published
Apr 04, 2020
Tracked Since
Feb 18, 2026