LVFS: ChengMing 3977

Dell ChengMing 3977

Updating the system firmware improves performance.

Version 1.13.0
2021-09-03 01:13:25

This package contains the Dell system BIOS update.BIOS is a firmware package that is embedded on a small memory chip on the system board.It controls the keyboard, monitor, disk drives, and other devices.

Fixes & Enhancements

Firmware updates to address security vulnerabilities.

Urgency	high
Licenses	Proprietary, distributed by agreement
Security	No issues found using FwHunt from Binarly More info Contains Intel Boot Guard More info Update is cryptographically signed More info Added to the LVFS by Dell More info Firmware can be verified after flashing More info Virus checked using ClamAV More info Firmware has no attestation checksums More info Firmware has no detected SBoM More info
Release Gating	Not available to ChromeOS users More info

Download Archive Firmware Details Compare with previous

Version 1.12.0
2021-07-30 01:38:58

Fixes & Enhancements

Fixes: - Firmware updates to address the Intel Security Advisory INTEL SA 00459 (CVE 2020 24507 and CVE 2020 8703).

Firmware updates to address the Intel Security Advisory INTEL SA 00464 (CVE 2020 24512).
Firmware updates to address security vulnerabilities.

Urgency	high
Licenses	Proprietary, distributed by agreement
Security	No issues found using FwHunt from Binarly More info Contains Intel Boot Guard More info Update is cryptographically signed More info Added to the LVFS by Dell More info Firmware can be verified after flashing More info Virus checked using ClamAV More info Firmware has no attestation checksums More info Firmware has no detected SBoM More info
Release Gating	Not available to ChromeOS users More info

Download Archive Firmware Details Compare with previous

Version 1.7.0
2019-07-19 04:15:39

This stable release fixes the following issues:

Firmware updates to address security advisories INTEL-SA-00233
Firmware updates to address security advisory INTEL-SA-00213

Urgency	medium
Fixed issues:	CVE-2019-0093 Insufficient data sanitization vulnerability in HECI subsystem for Intel(R) CSME before versions 11.8.65, 11.11.65, 11.22.65, 12.0.35 and Intel(R) SPS before version SPS_E3_05.00.04.027.0 may allow a privileged user to potentially enable information disclosure via local access. CVE-2019-0091 Code injection vulnerability in installer for Intel(R) CSME before versions 11.8.65, 11.11.65, 11.22.65, 12.0.35 and Intel(R) TXE 3.1.65, 4.0.15 may allow an unprivileged user to potentially enable escalation of privilege via local access. CVE-2019-0086 Insufficient access control vulnerability in Dynamic Application Loader software for Intel(R) CSME before versions 11.8.65, 11.11.65, 11.22.65, 12.0.35 and Intel(R) TXE 3.1.65, 4.0.15 may allow an unprivileged user to potentially enable escalation of privilege via local access. CVE-2019-11091 Microarchitectural Data Sampling Uncacheable Memory (MDSUM): Uncacheable memory on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf CVE-2018-12130 Microarchitectural Fill Buffer Data Sampling (MFBDS): Fill buffers on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf CVE-2018-12127 Microarchitectural Load Port Data Sampling (MLPDS): Load ports on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf CVE-2018-12126 Microarchitectural Store Buffer Data Sampling (MSBDS): Store buffers on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf
Licenses	Proprietary, distributed by agreement
Security	No issues found using FwHunt from Binarly More info Update is cryptographically signed More info Added to the LVFS by Dell More info Firmware can be verified after flashing More info Virus checked using ClamAV More info Firmware has no attestation checksums More info Firmware has no detected SBoM More info
Release Gating	Not available to ChromeOS users More info

Download Archive Firmware Details Compare with previous

Version 1.6.0
2019-03-29 05:52:17

The update contains changes to improve the reliability and availability of your Dell system

Urgency	medium
Licenses	Proprietary, distributed by agreement
Security	No issues found using FwHunt from Binarly More info Update is cryptographically signed More info Added to the LVFS by Dell More info Firmware can be verified after flashing More info Virus checked using ClamAV More info Firmware has no attestation checksums More info Firmware has no detected SBoM More info
Release Gating	Not available to ChromeOS users More info

Download Archive Firmware Details Compare with previous

Version 1.4.0
2018-07-26 07:12:22

Urgency	unknown
Licenses	Proprietary, distributed by agreement
Security	No issues found using FwHunt from Binarly More info Update is cryptographically signed More info Added to the LVFS by Dell More info Firmware can be verified after flashing More info Virus checked using ClamAV More info Firmware has no attestation checksums More info Firmware has no detected SBoM More info
Release Gating	Not available to ChromeOS users More info

Download Archive Firmware Details Compare with previous

Version 1.2.0
2018-02-02 07:22:47

Urgency	None
Licenses	Proprietary, distributed by agreement
Security	No issues found using FwHunt from Binarly More info Update is cryptographically signed More info Added to the LVFS by Dell More info Firmware can be verified after flashing More info Virus checked using ClamAV More info Firmware has no attestation checksums More info Firmware has no detected SBoM More info
Release Gating	Not available to ChromeOS users More info

Download Archive Firmware Details

Dell ChengMing 3977

Version 1.13.0 2021-09-03 01:13:25

Version 1.12.0 2021-07-30 01:38:58

Version 1.7.0 2019-07-19 04:15:39

Version 1.6.0 2019-03-29 05:52:17

Version 1.4.0 2018-07-26 07:12:22

Version 1.2.0 2018-02-02 07:22:47

Version 1.13.0
2021-09-03 01:13:25

Version 1.12.0
2021-07-30 01:38:58

Version 1.7.0
2019-07-19 04:15:39

Version 1.6.0
2019-03-29 05:52:17

Version 1.4.0
2018-07-26 07:12:22

Version 1.2.0
2018-02-02 07:22:47