Dell XPS 15 7590/Precision 5540

Updating the system firmware improves performance.

Atom Feed

Version 1.31.0
2024-09-11 09:35:48

This stable release fixes the following issues:

  • This release contains security updates as disclosed in the Dell Security Advisory.

Urgency critical
Reported Success 100% (low confidence)
Fixed issues:
Licenses
Security
Release Gating
Download Archive Firmware Details Compare with previous

Version 1.30.0
2024-08-14 02:29:17

This stable release fixes the following issues:

  • This release contains security updates as disclosed in the Dell Security Advisory.

Urgency critical
Reported Success 100% (high confidence)
Fixed issues:
Licenses
Security
Release Gating
Download Archive Firmware Details Compare with previous

Version 1.28.0
2024-06-12 11:51:58

This stable release fixes the following issues:

  • This release contains security updates as disclosed in the Dell Security Advisory.

Urgency critical
Reported Success 98% (high confidence)
Fixed issues:
Licenses
Security
Release Gating
Download Archive Firmware Details Compare with previous

Version 1.27.0
2024-03-06 12:17:07

This stable release fixes the following issues:

-This release contains security updates as disclosed in the Dell Security Advisory.

Urgency critical
Reported Success 98% (high confidence)
Fixed issues:
Licenses
Security
Release Gating
Download Archive Firmware Details Compare with previous

Version 1.26.0
2024-03-06 12:10:54

This stable release fixes the following issues:

  • This release contains security updates as disclosed in the Dell Security Advisories.

Urgency critical
Reported Success 100% (low confidence)
Fixed issues:
Licenses
Security
Release Gating
Download Archive Firmware Details Compare with previous

Version 1.25.0
2023-12-18 06:33:05

This stable release fixes the following issues:

  • This release contains security updates as disclosed in the Dell Security Advisories.

Urgency critical
Reported Success 97% (high confidence)
Fixed issues:
Licenses
Security
Release Gating
Download Archive Firmware Details Compare with previous

Version 1.24.0
2023-11-08 12:41:26

This stable release fixes the following issues:

  • This release contains security updates as disclosed in the Dell Security Advisory.

Urgency critical
Reported Success 98% (high confidence)
Fixed issues:
Licenses
Security
Release Gating
Download Archive Firmware Details Compare with previous

Version 1.23.0
2023-08-09 10:05:14

This stable release fixes the following issues:

  • This release contains security updates as disclosed in the Dell Security Advisories.

Urgency critical
Reported Success 99% (high confidence)
Fixed issues:
Licenses
Security
Release Gating
Download Archive Firmware Details Compare with previous

Version 1.22.0
2023-07-11 12:26:36

This stable release fixes the following issues:

  • Improved the stability of the system.

Urgency critical
Reported Success 98% (high confidence)
Licenses
Security
Release Gating
Download Archive Firmware Details Compare with previous

Version 1.21.0
2023-04-11 12:11:47

This stable release fixes the following issues:

  • This release contains security updates as disclosed in the Dell Security Advisories.

Urgency critical
Reported Success 99% (high confidence)
Fixed issues:
Licenses
Security
Release Gating
Download Archive Firmware Details Compare with previous

Version 1.20.0
2023-02-14 03:55:11

This stable release fixes the following issues:

  • Firmware updates to address security vulnerabilities

Urgency critical
Reported Success 99% (high confidence)
Fixed issues:
Licenses
Security
Release Gating
Download Archive Firmware Details Compare with previous

Version 1.19.0
2022-10-12 12:23:06

This stable release fixes the following issues:

  • Firmware updates to address security vulnerabilities.

Urgency critical
Reported Success 97% (high confidence)
Fixed issues:
Licenses
Security
Release Gating
Download Archive Firmware Details Compare with previous

Version 1.18.0
2022-08-10 10:39:14

This stable release fixes the following issues:

  • Firmware updates to address security vulnerabilities.

Urgency critical
Reported Success 98% (high confidence)
Fixed issues:
  • CVE-2022-0778

    The BN_mod_sqrt() function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli. Internally this function is used when parsing certificates that contain elliptic curve public keys in compressed form or explicit elliptic curve parameters with a base point encoded in compressed form. It is possible to trigger the infinite loop by crafting a certificate that has invalid explicit curve parameters. Since certificate parsing happens prior to verification of the certificate signature, any process that parses an externally supplied certificate may thus be subject to a denial of service attack. The infinite loop can also be reached when parsing crafted private keys as they can contain explicit elliptic curve parameters. Thus vulnerable situations include: - TLS clients consuming server certificates - TLS servers consuming client certificates - Hosting providers taking certificates or private keys from customers - Certificate authorities parsing certification requests from subscribers - Anything else which parses ASN.1 elliptic curve parameters Also any other applications that use the BN_mod_sqrt() where the attacker can control the parameter values are vulnerable to this DoS issue. In the OpenSSL 1.0.2 version the public key is not parsed during initial parsing of the certificate which makes it slightly harder to trigger the infinite loop. However any operation which requires the public key from the certificate will trigger the infinite loop. In particular the attacker can use a self-signed certificate to trigger the loop during verification of the certificate signature. This issue affects OpenSSL versions 1.0.2, 1.1.1 and 3.0. It was addressed in the releases of 1.1.1n and 3.0.2 on the 15th March 2022. Fixed in OpenSSL 3.0.2 (Affected 3.0.0,3.0.1). Fixed in OpenSSL 1.1.1n (Affected 1.1.1-1.1.1m). Fixed in OpenSSL 1.0.2zd (Affected 1.0.2-1.0.2zc).

  • CVE-2022-32484
  • CVE-2022-32491
  • CVE-2022-32489
  • CVE-2022-32493
Licenses
Security
Release Gating
Download Archive Firmware Details Compare with previous

Version 1.17.0
2022-06-14 13:22:08

This stable release fixes the following issues:

  • Firmware updates to address security vulnerabilities.

Urgency critical
Reported Success 98% (high confidence)
Fixed issues:
Licenses
Security
Release Gating
Download Archive Firmware Details Compare with previous

Version 1.16.0
2022-05-06 10:13:10

This stable release fixes the following issues:

  • Firmware updates to address security vulnerabilities.

Urgency critical
Reported Success 98% (high confidence)
Fixed issues:
  • CVE-2022-21181

    Improper input validation for some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi products may allow a privileged user to potentially enable escalation of privilege via local access.

  • CVE-2022-21166

    Incomplete cleanup in specific special register write operations for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.

  • CVE-2019-14584

    Null pointer dereference in Tianocore EDK2 may allow an authenticated user to potentially enable escalation of privilege via local access.

  • CVE-2021-28210

    An unlimited recursion in DxeCore in EDK II.

  • CVE-2021-28211

    A heap overflow in LzmaUefiDecompressGetInfo function in EDK II.

  • CVE-2021-3712

    ASN.1 strings are represented internally within OpenSSL as an ASN1_STRING structure which contains a buffer holding the string data and a field holding the buffer length. This contrasts with normal C strings which are repesented as a buffer for the string data which is terminated with a NUL (0) byte. Although not a strict requirement, ASN.1 strings that are parsed using OpenSSL's own "d2i" functions (and other similar parsing functions) as well as any string whose value has been set with the ASN1_STRING_set() function will additionally NUL terminate the byte array in the ASN1_STRING structure. However, it is possible for applications to directly construct valid ASN1_STRING structures which do not NUL terminate the byte array by directly setting the "data" and "length" fields in the ASN1_STRING array. This can also happen by using the ASN1_STRING_set0() function. Numerous OpenSSL functions that print ASN.1 data have been found to assume that the ASN1_STRING byte array will be NUL terminated, even though this is not guaranteed for strings that have been directly constructed. Where an application requests an ASN.1 structure to be printed, and where that ASN.1 structure contains ASN1_STRINGs that have been directly constructed by the application without NUL terminating the "data" field, then a read buffer overrun can occur. The same thing can also occur during name constraints processing of certificates (for example if a certificate has been directly constructed by the application instead of loading it via the OpenSSL parsing functions, and the certificate contains non NUL terminated ASN1_STRING structures). It can also occur in the X509_get1_email(), X509_REQ_get1_email() and X509_get1_ocsp() functions. If a malicious actor can cause an application to directly construct an ASN1_STRING and then process it through one of the affected OpenSSL functions then this issue could be hit. This might result in a crash (causing a Denial of Service attack). It could also result in the disclosure of private memory contents (such as private keys, or sensitive plaintext). Fixed in OpenSSL 1.1.1l (Affected 1.1.1-1.1.1k). Fixed in OpenSSL 1.0.2za (Affected 1.0.2-1.0.2y).

  • CVE-2022-21123

    Incomplete cleanup of multi-core shared buffers for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.

  • CVE-2022-21125

    Incomplete cleanup of microarchitectural fill buffers on some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.

  • CVE-2022-21127

    Incomplete cleanup in specific special register read operations for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.

  • CVE-2022-0005

    Sensitive information accessible by physical probing of JTAG interface for some Intel(R) Processors with SGX may allow an unprivileged user to potentially enable information disclosure via physical access.

  • CVE-2022-21151

    Processor optimization removal or modification of security-critical code for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.

  • CVE-2022-0004.
Licenses
Security
Release Gating
Download Archive Firmware Details Compare with previous

Version 1.15.0
2022-02-11 01:49:14

This stable release fixes the following issues:

  • Firmware updates to address security vulnerabilities.
  • Firmware updates to address the Intel Security Advisory.

Urgency critical
Reported Success 98% (high confidence)
Fixed issues:
  • CVE-2021-33107

    Insufficiently protected credentials in USB provisioning for Intel(R) AMT SDK before version 16.0.3, Intel(R) SCS before version 12.2 and Intel(R) MEBx before versions 11.0.0.0012, 12.0.0.0011, 14.0.0.0004 and 15.0.0.0004 may allow an unauthenticated user to potentially enable information disclosure via physical access.

  • CVE-2021-0183

    Improper Validation of Specified Index, Position, or Offset in Input in software for some Intel(R) PROSet/Wireless Wi-Fi in multiple operating systems and some Killer(TM) Wi-Fi in Windows 10 and 11 may allow an unauthenticated user to potentially enable denial of service via adjacent access.

  • CVE-2021-0176

    Improper input validation in firmware for some Intel(R) PROSet/Wireless Wi-Fi in multiple operating systems and some Killer(TM) Wi-Fi in Windows 10 and 11 may allow a privileged user to potentially enable denial of service via local access.

  • CVE-2021-0175

    Improper Validation of Specified Index, Position, or Offset in Input in firmware for some Intel(R) PROSet/Wireless Wi-Fi in multiple operating systems and some Killer(TM) Wi-Fi in Windows 10 and 11 may allow an unauthenticated user to potentially enable denial of service via adjacent access.

  • CVE-2021-0174

    Improper Use of Validation Framework in firmware for some Intel(R) PROSet/Wireless Wi-Fi in multiple operating systems and some Killer(TM) Wi-Fi in Windows 10 and 11 may allow a unauthenticated user to potentially enable denial of service via adjacent access.

  • CVE-2021-0173

    Improper Validation of Consistency within input in firmware for some Intel(R) PROSet/Wireless Wi-Fi in multiple operating systems and some Killer(TM) Wi-Fi in Windows 10 and 11 may allow a unauthenticated user to potentially enable denial of service via adjacent access.

  • CVE-2021-0170

    Exposure of Sensitive Information to an Unauthorized Actor in firmware for some Intel(R) PROSet/Wireless Wi-Fi in multiple operating systems and some Killer(TM) Wi-Fi in Windows 10 and 11 may allow an authenticated user to potentially enable information disclosure via local access.

  • CVE-2021-0168

    Improper input validation in firmware for some Intel(R) PROSet/Wireless Wi-Fi in multiple operating systems and some Killer(TM) Wi-Fi in Windows 10 and 11 may allow a privileged user to potentially enable escalation of privilege via local access.

  • CVE-2021-0166

    Exposure of Sensitive Information to an Unauthorized Actor in firmware for some Intel(R) PROSet/Wireless Wi-Fi in multiple operating systems and some Killer(TM) Wi-Fi in Windows 10 and 11 may allow a privileged user to potentially enable escalation of privilege via local access.

  • CVE-2021-0165

    Improper input validation in firmware for Intel(R) PROSet/Wireless Wi-Fi in multiple operating systems and Killer(TM) Wi-Fi in Windows 10 and 11 may allow an unauthenticated user to potentially enable denial of service via adjacent access.

  • CVE-2021-0164

    Improper access control in firmware for Intel(R) PROSet/Wireless Wi-Fi in multiple operating systems and Killer(TM) Wi-Fi in Windows 10 and 11 may allow an unauthenticated user to potentially enable escalation of privilege via local access.

  • CVE-2021-0161

    Improper input validation in firmware for Intel(R) PROSet/Wireless Wi-Fi in multiple operating systems and Killer(TM) Wi-Fi in Windows 10 and 11 may allow a privileged user to potentially enable escalation of privilege via local access.

  • CVE-2021-0127

    Insufficient control flow management in some Intel(R) Processors may allow an authenticated user to potentially enable a denial of service via local access.

  • CVE-2021-0156

    Improper input validation in the firmware for some Intel(R) Processors may allow an authenticated user to potentially enable an escalation of privilege via local access.

  • CVE-2021-0125

    Improper initialization in the firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via physical access.

  • CVE-2021-0124

    Improper access control in the firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via physical access.

  • CVE-2021-0119

    Improper initialization in the firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via physical access.

  • CVE-2021-0118

    Out-of-bounds read in the firmware for some Intel(R) Processors may allow a privileged user to potentially enable an escalation of privilege via local access.

  • CVE-2021-0117

    Pointer issues in the firmware for some Intel(R) Processors may allow a privileged user to potentially enable an escalation of privilege via local access.

  • CVE-2021-0116

    Out-of-bounds write in the firmware for some Intel(R) Processors may allow a privileged user to potentially enable an escalation of privilege via local access.

  • CVE-2021-0115

    Buffer overflow in the firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access.

  • CVE-2021-0114

    Unchecked return value in the firmware for some Intel(R) Processors may allow a privileged user to potentially enable an escalation of privilege via local access.

  • CVE-2021-0111

    NULL pointer dereference in the firmware for some Intel(R) Processors may allow a privileged user to potentially enable an escalation of privilege via local access.

  • CVE-2021-0107

    Unchecked return value in the firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access.

  • CVE-2021-0091

    Improper access control in the firmware for some Intel(R) Processors may allow an unauthenticated user to potentially enable an escalation of privilege via local access.

  • INTEL-SA-00575
  • INTEL-SA-00539
  • INTEL-SA-00532
  • INTEL-SA-00527
Licenses
Security
Release Gating
Download Archive Firmware Details Compare with previous

Version 1.14.1
2021-11-10 12:53:55

This stable release fixes the following issues:

  • Firmware updates to address the Intel Security Advisory.
  • Firmware updates to address security vulnerabilities.

Urgency critical
Reported Success 99% (high confidence)
Fixed issues:
  • CVE-2021-0157

    Insufficient control flow management in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access.

  • INTEL-SA-00562
Licenses
Security
Release Gating
Download Archive Firmware Details Compare with previous

Version 1.13.0
2021-09-03 05:47:05

This stable release fixes the following issues:

  • Firmware updates to address security vulnerabilities.
  • Fixed the issue where the customized logo and product name are removed when you upgrade the BIOS and change the BIOS to its default settings.

Urgency critical
Reported Success 99% (high confidence)
Licenses
Security
Release Gating
Download Archive Firmware Details Compare with previous

Version 1.12.0
2021-07-30 02:07:22

This stable release fixes the following issues:

  • Firmware updates to address the Intel Security Advisory.
  • Firmware updates to address security vulnerabilities.

Urgency critical
Reported Success 100% (high confidence)
Fixed issues:
  • CVE-2020-24512

    Observable timing discrepancy in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.

  • CVE-2020-8703

    Improper buffer restrictions in a subsystem in the Intel(R) CSME versions before 11.8.86, 11.12.86, 11.22.86, 12.0.81, 13.0.47, 13.30.17, 14.1.53, 14.5.32 and 15.0.22 may allow a privileged user to potentially enable escalation of privilege via local access.

  • CVE-2020-24507

    Improper initialization in a subsystem in the Intel(R) CSME versions before 11.8.86, 11.12.86, 11.22.86, 12.0.81, 13.0.47, 13.30.17, 14.1.53, 14.5.32, 13.50.11 and 15.0.22 may allow a privileged user to potentially enable information disclosure via local access.

  • INTEL-SA-00464
  • INTEL-SA-00459
Licenses
Security
Release Gating
Download Archive Firmware Details Compare with previous

Version 1.11.0
2021-06-29 05:53:39

This stable release fixes the following issues:

  • Improved the performance and stability of the system battery.

Some new functionality has also been added:

Urgency high
Reported Success 100% (high confidence)
Licenses
Security
Release Gating
Download Archive Firmware Details Compare with previous

Version 1.10.0
2021-05-27 01:25:18

This stable release fixes the following issues:

  • Fixed the issue where a user acceptance is prompted to proceed with the BIOSConnect recovery when network stack is disabled in the BIOS.
  • Fixed the issue where the Administrator and System Password cannot be set through Windows Management Instrumentation (WMI) command.This issue occurs when you enter more than 16 characters.
  • Fixed the issue where the BIOS Auto-Recovery and BIOS recovery through USB do not work.
  • Fixed the issue where the system stops responding for a few seconds when a USB 3.1 hub or Type-C hub is connected.

Some new functionality has also been added:

  • Added an option to add ownership date when it is not entered in the BIOS setup.

Urgency critical
Reported Success 98% (high confidence)
Licenses
Security
Release Gating
Download Archive Firmware Details Compare with previous

Version 1.9.1
2021-01-21 05:53:32

This stable release fixes the following issues:

  • Fixed the issue where German language keyboard does not work in the Dell Data Protection Encryption environment.
  • Fixed the issue where the system does not get charged using the AC adapter.
  • Fixed the issue where an error message stating Key Mapping for Console Redirection BIOS is displayed before the Dell logo screen.
  • Fixed the issue where the system always boots to Rufus formatted USB drives instead of the internal hard drive.
  • Fixed the issue where the system displays a black screen when restarting the system after installing the Intel Rapid Storage Technology driver.
  • Firmware updates to address the Intel Technical Advisory.
  • Firmware updates to address the Intel Security Advisory.

Some new functionality has also been added:

  • Updated the Thermal Algorithm to enhance the performance of the system.
  • Updated the Embedded Controller Engine firmware.

Urgency critical
Reported Success 99% (high confidence)
Fixed issues:
  • CVE-2020-8695

    Observable discrepancy in the RAPL interface for some Intel(R) Processors may allow a privileged user to potentially enable information disclosure via local access.

  • CVE-2020-8694

    Insufficient access control in the Linux kernel driver for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.

  • CVE-2020-8698

    Improper isolation of shared resources in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.

  • CVE-2020-8696

    Improper removal of sensitive information before storage or transfer in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.

  • CVE-2020-0593

    Improper buffer restrictions in BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access.

  • CVE-2020-0592

    Out of bounds write in BIOS firmware for some Intel(R) Processors may allow an authenticated user to potentially enable escalation of privilege and/or denial of service via local access.

  • CVE-2020-0591

    Improper buffer restrictions in BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access.

  • CVE-2020-0587

    Improper conditions check in BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access.

  • CVE-2020-12356

    Out-of-bounds read in subsystem in Intel(R) AMT versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70 and 14.0.45 may allow a privileged user to potentially enable information disclosure via local access.

  • CVE-2020-12303

    Use after free in DAL subsystem for Intel(R) CSME versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70, 13.0.40, 13.30.10, 14.0.45 and 14.5.25, Intel(R) TXE 3.1.80, 4.0.30 may allow an authenticated user to potentially enable escalation of privileges via local access.

  • CVE-2020-8752

    Out-of-bounds write in IPv6 subsystem for Intel(R) AMT, Intel(R) ISM versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70, 14.0.45 may allow an unauthenticated user to potentially enable escalation of privileges via network access.

  • CVE-2020-8749

    Out-of-bounds read in subsystem for Intel(R) AMT versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70 and 14.0.45 may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access.

  • CVE-2020-8746

    Integer overflow in subsystem for Intel(R) AMT versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70 and 14.0.45 may allow an unauthenticated user to potentially enable denial of service via adjacent access.

  • CVE-2020-8755

    Race condition in subsystem for Intel(R) CSME versions before 12.0.70 and 14.0.45, Intel(R) SPS versions before E5_04.01.04.400 and E3_05.01.04.200 may allow an unauthenticated user to potentially enable escalation of privilege via physical access.

  • CVE-2020-8747

    Out-of-bounds read in subsystem for Intel(R) AMT versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70 and 14.0.45 may allow an unauthenticated user to potentially enable information disclosure and/or denial of service via network access.

  • CVE-2020-8754

    Out-of-bounds read in subsystem for Intel(R) AMT, Intel(R) ISM versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70 and 14.0.45 may allow an unauthenticated user to potentially enable information disclosure via network access.

  • CVE-2020-8760

    Integer overflow in subsystem for Intel(R) AMT versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70, 14.0.45 may allow a privileged user to potentially enable escalation of privilege via local access.

  • CVE-2020-8756

    Improper input validation in subsystem for Intel(R) CSME versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70 and 14.0.45 may allow a privileged user to potentially enable escalation of privilege via local access.

  • CVE-2020-8757

    Out-of-bounds read in subsystem for Intel(R) AMT versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70 and 14.0.45 may allow a privileged user to potentially enable escalation of privilege via local access.

  • CVE-2020-8705

    Insecure default initialization of resource in Intel(R) Boot Guard in Intel(R) CSME versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70, 13.0.40, 13.30.10, 14.0.45 and 14.5.25, Intel(R) TXE versions before 3.1.80 and 4.0.30, Intel(R) SPS versions before E5_04.01.04.400, E3_04.01.04.200, SoC-X_04.00.04.200 and SoC-A_04.00.04.300 may allow an unauthenticated user to potentially enable escalation of privileges via physical access.

  • VU#231329

    Replay Protected Memory Block (RPMB) protocol does not adequately defend against replay attacks

  • INTEL-TA-00391
  • INTEL-SA-00389
  • INTEL-SA-00381
  • INTEL-SA-00358
  • CVE-2020-26189
  • CVE-2020-12355

    Intel's CVE.

  • CVE-2020-8745

    Insufficient control flow management in subsystem for Intel(R) CSME versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70, 13.0.40, 13.30.10, 14.0.45 and 14.5.25 , Intel(R) TXE versions before 3.1.80 and 4.0.30 may allow an unauthenticated user to potentially enable escalation of privilege via physical access.

  • CVE-2020-8744

    Improper initialization in subsystem for Intel(R) CSME versions before12.0.70, 13.0.40, 13.30.10, 14.0.45 and 14.5.25, Intel(R) TXE versions before 4.0.30 Intel(R) SPS versions before E3_05.01.04.200 may allow a privileged user to potentially enable escalation of privilege via local access.

  • CVE-2020-8753

    Out-of-bounds read in DHCP subsystem for Intel(R) AMT, Intel(R) ISM versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70 and 14.0.45 may allow an unauthenticated user to potentially enable information disclosure via network access.
Licenses
Security
Release Gating
Download Archive Firmware Details Compare with previous

Version 1.8.1
2020-09-09 12:07:06

This stable release fixes the following issues:

  • Firmware updates to address the Intel Security Advisories
  • Firmware updates to address the Intel Technical Advisory

Some new functionality has also been added:

  • Enhanced to pair more Type-C devices.
  • Updated the Thermal Algorithm.
  • Updated the Power Delivery firmware.
  • Updated the Embedded Controller Engine firmware.

Urgency critical
Reported Success 98% (high confidence)
Fixed issues:
  • VU#257161

    Treck Inc.designs and distributes software for real-time operating systems (RTOS) customers worldwide. Treck's sofware provide essential TCP/IP networking capability to these devices. Security researchers from JSOF have discovered a number of vulnerabilities that can have an impact on devices that have adopted Treck's embedded software to cause unexpected behavior and possibly further exploit these devices for nefarious purposes.

  • CVE-2020-8758

    Improper buffer restrictions in network subsystem in provisioned Intel(R) AMT and Intel(R) ISM versions before 11.8.79, 11.12.79, 11.22.79, 12.0.68 and 14.0.39 may allow an unauthenticated user to potentially enable escalation of privilege via network access. On un-provisioned systems, an authenticated user may potentially enable escalation of privilege via local access.

  • CVE-2020-8674

    Out-of-bounds Read (CWE-125) in DHCP component. A local network attacker can send a malicious Layer-2 DHCP packet that could lead to an unintended exposure of sensitive information on the target device. This is Intel's version of CVE-2020-11905

  • CVE-2020-0596

    Improper input validation in DHCPv6 subsystem in Intel(R) AMT and Intel(R) ISM versions before 11.8.77, 11.12.77, 11.22.77 and 12.0.64 may allow an unauthenticated user to potentially enable information disclosure via network access.

  • CVE-2020-0595

    Double Free (CWE-415) in IPv4 tunneling component when handling a packet. An unauthorized network attacker can use malicious packets that could lead to unexpected behavior of memory access that can be used to write or read values in arbitrary memory spaces. This is Intel's version of CVE-2020-11900

  • CVE-2020-0594

    Improper Input Validation (CWE-20) in IPv6 component when handling a packet sent by an unauthorized network attacker. An unauthorized network attacker can send a malicious request that can lead to out of bounds read on the target device. Intel obtained this CVE for CVE-2020-11899 , specific to their environment.

  • CVE-2020-0542

    Improper buffer restrictions in subsystem for Intel(R) CSME versions before 12.0.64, 13.0.32, 14.0.33 and 14.5.12 may allow an authenticated user to potentially enable escalation of privilege, information disclosure or denial of service via local access.

  • CVE-2020-0541

    Out-of-bounds write in subsystem for Intel(R) CSME versions before 12.0.64, 13.0.32, 14.0.33 and 14.5.12 may allow a privileged user to potentially enable escalation of privilege via local access.

  • CVE-2020-0540

    Insufficiently protected credentials in Intel(R) AMT versions before 11.8.77, 11.12.77, 11.22.77 and 12.0.64 may allow an unauthenticated user to potentially enable information disclosure via network access.

  • CVE-2020-0539

    Path traversal in subsystem for Intel(R) DAL software for Intel(R) CSME versions before 11.8.77, 11.12.77, 11.22.77, 12.0.64, 13.0.32, 14.0.33 and Intel(R) TXE versions before 3.1.75, 4.0.25 may allow an unprivileged user to potentially enable denial of service via local access.

  • CVE-2020-0538

    Improper input validation in subsystem for Intel(R) AMT versions before 11.8.77, 11.12.77, 11.22.77 and 12.0.64 may allow an unauthenticated user to potentially enable denial of service via network access.

  • CVE-2020-0537

    Improper input validation in subsystem for Intel(R) AMT versions before 11.8.77, 11.12.77, 11.22.77 and 12.0.64 may allow a privileged user to potentially enable denial of service via network access.

  • CVE-2020-0536

    Improper input validation in the DAL subsystem for Intel(R) CSME versions before 11.8.77, 11.12.77, 11.22.77, 12.0.64, 13.0.32,14.0.33 and Intel(R) TXE versions before 3.1.75 and 4.0.25 may allow an unauthenticated user to potentially enable information disclosure via network access.

  • CVE-2020-0535

    Improper input validation in Intel(R) AMT versions before 11.8.76, 11.12.77, 11.22.77 and 12.0.64 may allow an unauthenticated user to potentially enable information disclosure via network access.

  • CVE-2020-0534

    Improper input validation in the DAL subsystem for Intel(R) CSME versions before 12.0.64, 13.0.32, 14.0.33 and 14.5.12 may allow an unauthenticated user to potentially enable denial of service via network access.

  • CVE-2020-0532

    Improper input validation in subsystem for Intel(R) AMT versions before 11.8.77, 11.12.77, 11.22.77 and 12.0.64 may allow an unauthenticated user to potentially enable denial of service or information disclosure via adjacent access.

  • CVE-2020-0543

    Incomplete cleanup from specific special register read operations in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.

  • CVE-2020-0531

    Improper input validation in Intel(R) AMT versions before 11.8.77, 11.12.77, 11.22.77 and 12.0.64 may allow an authenticated user to potentially enable information disclosure via network access.

  • CVE-2020-0529

    Improper initialization in BIOS firmware for 8th, 9th and 10th Generation Intel(R) Core(TM) Processor families may allow an unauthenticated user to potentially enable escalation of privilege via local access.

  • CVE-2020-0528

    Improper buffer restrictions in BIOS firmware for 7th, 8th, 9th and 10th Generation Intel(R) Core(TM) Processor families may allow an authenticated user to potentially enable escalation of privilege and/or denial of service via local access.

  • CVE-2020-0549

    Cleanup errors in some data cache evictions for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.

  • CVE-2020-0548

    Cleanup errors in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.

  • CVE-2020-5362

    Dell Client Consumer and Commercial platforms include an improper authorization vulnerability in the Dell Manageability interface for which an unauthorized actor, with local system access with OS administrator privileges, could bypass the BIOS Administrator authentication to restore BIOS Setup configuration to default values.

  • INTEL-TA-00404
  • INTEL-SA-00295
  • INTEL-SA-00322
  • INTEL-SA-00329
  • INTEL-SA-00320
Licenses
Security
Release Gating
Download Archive Firmware Details Compare with previous

Version 1.7.0
2020-05-25 02:18:25

This stable release fixes the following issues:

  • Firmware updates to address.

Some new functionality has also been added:

  • Updated the Embedded Controller Engine firmware.

Urgency critical
Reported Success 100% (high confidence)
Fixed issues:
  • CVE-2020-5363

    Select Dell Client Consumer and Commercial platforms include an issue that allows the BIOS Admin password to be changed through Dell's manageability interface without knowledge of the current BIOS Admin password. This could potentially allow an unauthorized actor, with physical access and/or OS administrator privileges to the device, to gain privileged access to the platform and the hard drive.
Licenses
Security
Release Gating
Download Archive Firmware Details Compare with previous

Version 1.6.0
2020-04-08 01:12:56

This stable release fixes the following issues:

  • Firmware updates to address security advisory
  • Firmware updates to address the Intel Security Advisories and.
  • Fixed the issue where the keyboard and touchpad lags when the system is connected to a Dell U2419HC monitor using the USB Type-C port.
  • Fixed the issue where the system updates the BIOS continuously when the embedded controller firmware is upgraded or downgraded.

Some new functionality has also been added:

  • Updated the BIOS warning message that is displayed when an AC adapter with low wattage is connected to the system.
  • Updated the Enhanced Pre-Boot System Assessment (ePSA) firmware.
  • Updated the Power Delivery firmware.

Urgency critical
Reported Success 98% (high confidence)
Fixed issues:
  • CVE-2019-14607

    Improper conditions check in multiple IntelĀ® Processors may allow an authenticated user to potentially enable partial escalation of privilege, denial of service and/or information disclosure via local access.

  • CVE-2019-11157

    Improper conditions check in voltage settings for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege and/or information disclosure via local access.

  • CVE-2019-14598

    Improper Authentication in subsystem in Intel(R) CSME versions 12.0 through 12.0.48 (IOT only: 12.0.56), versions 13.0 through 13.0.20, versions 14.0 through 14.0.10 may allow a privileged user to potentially enable escalation of privilege, denial of service or information disclosure via local access.

  • INTEL-SA-00317
  • INTEL-SA-00289
  • INTEL-SA-00307
Licenses
Security
Release Gating
Download Archive Firmware Details Compare with previous

Version 1.5.0
2020-01-14 08:46:08

This stable release fixes the following issues:

  • Fixed the issue where the system cannot be charged using the USB Type-C port.
  • Fixed the issue where the Power Delivery firmware of the dock cable fails when the Dell Dock WD15 or Dell Thunderbolt Dock TB16 is updated.

Urgency critical
Reported Success 100% (high confidence)
Licenses
Security
Release Gating
Download Archive Firmware Details Compare with previous

Version 1.4.0
2019-12-10 08:56:42

This stable release fixes the following issues:

  • Firmware updates to address security advisories.
  • Fixed a BIOS Setup configuration issue that occurs after clearing the CMOS.
  • Fixed an issue with preboot TPM detection and error logging.
  • Removed the IpSec driver and application.
  • Fixed the issue where the BitLocker prompts for recovery.It occurs when Auto Power On option in BIOS setup is set to wake up the system at a specific time.
  • Fixed the issue where the system cannot be charged while connecting to a USB Type-C adapter.

Some new functionality has also been added:

  • Updated the Dell Firmware Update Utility.
  • Added a new feature to automatically suspend BitLocker before upgrading the firmware.After the firmware upgrade is complete, BitLocker is automatically enabled.
  • Added an enhancement to extend the BIOS password configuration measurements into the TPM.
  • Modified battery algorithm to prolong lifespan and minimize risk of swelling.

Urgency critical
Reported Success 100% (medium confidence)
Fixed issues:
  • CVE-2019-0184

    Insufficient access control in protected memory subsystem for Intel(R) TXT for 6th, 7th, 8th and 9th Generation Intel(R) Core(TM) Processor Families; Intel(R) Xeon(R) Processor E3-1500 v5 and v6 Families; Intel(R) Xeon(R) E-2100 and E-2200 Processor Families with Intel(R) Processor Graphics and Intel(R) TXT may allow a privileged user to potentially enable information disclosure via local access.

  • CVE-2019-0151

    Insufficient memory protection in Intel(R) TXT for certain Intel(R) Core Processors and Intel(R) Xeon(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access.

  • CVE-2019-11135

    TSX Asynchronous Abort condition on some CPUs utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access.

  • CVE-2019-0123

    Insufficient memory protection in Intel(R) 6th Generation Core Processors and greater, supporting SGX, may allow a privileged user to potentially enable escalation of privilege via local access.

  • CVE-2019-0117

    Insufficient access control in protected memory subsystem for Intel(R) SGX for 6th, 7th, 8th, 9th Generation Intel(R) Core(TM) Processor Families; Intel(R) Xeon(R) Processor E3-1500 v5, v6 Families; Intel(R) Xeon(R) E-2100 & E-2200 Processor Families with Intel(R) Processor Graphics may allow a privileged user to potentially enable information disclosure via local access.

  • CVE-2019-0185

    Insufficient access control in protected memory subsystem for SMM for 6th, 7th, 8th and 9th Generation Intel(R) Core(TM) Processor families; Intel(R) Xeon(R) Processor E3-1500 v5 and v6 families; Intel(R) Xeon(R) E-2100 and E-2200 Processor families with Intel(R) Processor Graphics may allow a privileged user to potentially enable information disclosure via local access.

  • CVE-2019-0154

    Insufficient access control in subsystem for Intel (R) processor graphics in 6th, 7th, 8th and 9th Generation Intel(R) Core(TM) Processor Families; Intel(R) Pentium(R) Processor J, N, Silver and Gold Series; Intel(R) Celeron(R) Processor J, N, G3900 and G4900 Series; Intel(R) Atom(R) Processor A and E3900 Series; Intel(R) Xeon(R) Processor E3-1500 v5 and v6 and E-2100 Processor Families may allow an authenticated user to potentially enable denial of service via local access.

  • CVE-2019-0124

    Insufficient memory protection in Intel(R) 6th Generation Core Processors and greater, supporting TXT, may allow a privileged user to potentially enable escalation of privilege via local access.

  • CVE-2019-11131

    Logic issue in subsystem in Intel(R) AMT before versions 11.8.70, 11.11.70, 11.22.70 and 12.0.45 may allow an unauthenticated user to potentially enable escalation of privilege via network access.

  • CVE-2019-11132

    Cross site scripting in subsystem in Intel(R) AMT before versions 11.8.70, 11.11.70, 11.22.70 and 12.0.45 may allow a privileged user to potentially enable escalation of privilege via network access.

  • CVE-2019-11086

    Insufficient input validation in subsystem for Intel(R) AMT before version 12.0.45 may allow an unauthenticated user to potentially enable escalation of privilege via physical access.

  • CVE-2019-11107

    Insufficient input validation in the subsystem for Intel(R) AMT before version 12.0.45 may allow an unauthenticated user to potentially enable escalation of privilege via network access.

  • CVE-2019-11100

    Insufficient input validation in the subsystem for Intel(R) AMT before versions 11.8.70, 11.11.70, 11.22.70 and 12.0.45 may allow an unauthenticated user to potentially enable information disclosure via physical access.

  • CVE-2019-0166

    Insufficient input validation in the subsystem for Intel(R) AMT before versions 11.8.70, 11.11.70, 11.22.70 and 12.0.45 may allow an unauthenticated user to potentially enable information disclosure via network access.

  • CVE-2019-0131

    Insufficient input validation in subsystem in Intel(R) AMT before versions 11.8.70, 11.11.70, 11.22.70 and 12.0.45 may allow an unauthenticated user to potentially enable denial of service or information disclosure via adjacent access.

  • CVE-2019-11088

    Insufficient input validation in subsystem in Intel(R) AMT before versions 11.8.70, 11.11.70, 11.22.70 and 12.0.45 may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access.

  • CVE-2019-11147

    Insufficient access control in hardware abstraction driver for MEInfo software for Intel(R) CSME before versions 11.8.70, 11.11.70, 11.22.70, 12.0.45, 13.0.0, 14.0.10; TXEInfo software for Intel(R) TXE before versions 3.1.70 and 4.0.20; INTEL-SA-00086 Detection Tool version 1.2.7.0 or before; INTEL-SA-00125 Detection Tool version 1.0.45.0 or before may allow an authenticated user to potentially enable escalation of privilege via local access.

  • CVE-2019-11108

    Insufficient input validation in subsystem for Intel(R) CSME before versions 12.0.45 and 13.0.10 may allow a privileged user to potentially enable escalation of privilege via local access.

  • CVE-2019-11106

    Insufficient session validation in the subsystem for Intel(R) CSME before versions 11.8.70, 12.0.45, 13.0.10 and 14.0.10; Intel(R) TXE before versions 3.1.70 and 4.0.20 may allow a privileged user to potentially enable escalation of privilege via local access.

  • CVE-2019-11101

    Insufficient input validation in the subsystem for Intel(R) CSME before versions 11.8.70, 11.11.70, 11.22.70, 12.0.45, 13.0.10 and 14.0.10; Intel(R) TXE before versions 3.1.70 and 4.0.20 may allow a privileged user to potentially enable information disclosure via local access.

  • CVE-2019-11087

    Insufficient input validation in the subsystem for Intel(R) CSME before versions 11.8.70, 11.11.70, 11.22.70, 12.0.45, 13.0.10 and 14.0.10; Intel(R) TXE before versions 3.1.70 and 4.0.20 may allow a privileged user to potentially enable escalation of privilege, information disclosure or denial of service via local access.

  • CVE-2019-0168

    Insufficient input validation in the subsystem for Intel(R) CSME before versions 11.8.70, 12.0.45 and 13.0.10; Intel(R) TXE before versions 3.1.70 and 4.0.20 may allow a privileged user to potentially enable information disclosure via local access.

  • CVE-2019-11090

    Cryptographic timing conditions in the subsystem for Intel(R) PTT before versions 11.8.70, 11.11.70, 11.22.70, 12.0.45, 13.0.0 and 14.0.10; Intel(R) TXE 3.1.70 and 4.0.20; Intel(R) SPS before versions SPS_E5_04.01.04.305.0, SPS_SoC-X_04.00.04.108.0, SPS_SoC-A_04.00.04.191.0, SPS_E3_04.01.04.086.0, SPS_E3_04.08.04.047.0 may allow an unauthenticated user to potentially enable information disclosure via network access.

  • CVE-2019-11103

    Insufficient input validation in firmware update software for Intel(R) CSME before versions 12.0.45,13.0.10 and 14.0.10 may allow an authenticated user to potentially enable escalation of privilege via local access.

  • CVE-2019-0165

    Insufficient Input validation in the subsystem for Intel(R) CSME before versions 12.0.45,13.0.10 and 14.0.10 may allow a privileged user to potentially enable denial of service via local access.

  • INTEL-SA-00164
  • INTEL-SA-00240
  • INTEL-SA-00270
  • INTEL-SA-00220
  • INTEL-SA-00219
  • INTEL-SA-00254
  • INTEL-SA-00260
  • INTEL-SA-00220
  • INTEL-SA-00241
  • CVE-2019-11104

    Insufficient input validation in MEInfo software for Intel(R) CSME before versions 11.8.70, 11.11.70, 11.22.70, 12.0.45, 13.0.10 and 14.0.10; Intel(R) TXE before versions 3.1.70 and 4.0.20 may allow an authenticated user to potentially enable escalation of privilege via local access.

  • CVE-2019-11105

    Logic issue in subsystem for Intel(R) CSME before versions 12.0.45, 13.0.10 and 14.0.10 may allow a privileged user to potentially enable escalation of privilege and information disclosure via local access.

  • CVE-2019-0169

    Heap overflow in subsystem in Intel(R) CSME before versions 11.8.70, 11.11.70, 11.22.70, 12.0.45; Intel(R) TXE before versions 3.1.70 and 4.0.20 may allow an unauthenticated user to potentially enable escalation of privileges, information disclosure or denial of service via adjacent access.
Licenses
Security
Release Gating
Download Archive Firmware Details Compare with previous

Version 1.3.3
2019-11-12 01:30:47

This stable release fixes the following issues:

  • Firmware updates to address security advisories
  • Corrected the functionality of Thunderbolt devices when enabled or disabled in BIOS.
  • Removed the Preboot Intel RST Manager Optimized Defaults option.
  • Removed the option to enable or disable the Fingerprint Reader Device from BIOS as the feature is inapplicable for this system.

Some new functionality has also been added:

  • This update integrates the BIOSConnect feature into Dell SupportAssist OS Recovery.This feature connects the system to the Dell image server to download and recover the operating system.
  • Updated the Realtek USB LAN UEFI driver version from 2.013 to 2.026 to improve the stability of connection.

Urgency critical
Reported Success 96% (medium confidence)
Fixed issues:
  • CVE-2019-11091

    Microarchitectural Data Sampling Uncacheable Memory (MDSUM): Uncacheable memory on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf

  • CVE-2018-12130

    Microarchitectural Fill Buffer Data Sampling (MFBDS): Fill buffers on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf

  • INTEL-SA-00233
  • CVE-2018-12127

    Microarchitectural Load Port Data Sampling (MLPDS): Load ports on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf

  • CVE-2018-12126

    Microarchitectural Store Buffer Data Sampling (MSBDS): Store buffers on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf
Licenses
Security
Release Gating
Download Archive Firmware Details Compare with previous

Version 1.2.3
2019-08-20 01:06:13

Some new functionality has also been added:

  • Enhances the performance of the system.

Urgency critical
Reported Success 95% (low confidence)
Licenses
Security
Release Gating
Download Archive Firmware Details

LVFS © 2015 Richard Hughes with icons from Font Awesome and GeoIP data from IP2Location.

Linux Vendor Firmware Service Project a Series of LF Projects, LLC :: Charter