What is CVE-2015-0949?

CVE-2015-0949 is a vulnerability in the System Management Mode (SMM) implementation in Dell Latitude E6430 BIOS Revision A09 and HP EliteBook 850 G1 BIOS revision L71 Ver. 01.09 which allows local users to bypass the Secure Boot protection mechanism.

What is the severity of CVE-2015-0949?

The severity of CVE-2015-0949 is high with a severity value of 7.8.

Which software versions are affected by CVE-2015-0949?

Dell Latitude E6430 BIOS Revision A09 and HP EliteBook 850 G1 BIOS revision L71 Ver. 01.09 are affected by CVE-2015-0949.

How can local users bypass the Secure Boot protection mechanism?

Local users can bypass the Secure Boot protection mechanism by exploiting the vulnerability in the System Management Mode (SMM) implementation.

Are Dell Latitude E6430 and HP EliteBook 850 G1 vulnerable?

Dell Latitude E6430 and HP EliteBook 850 G1 are vulnerable to CVE-2015-0949 if they are running the affected BIOS revisions.

Vulnerability/
CVE-2015-0949

high

7.8

CWE

269

30/1/2020

6/8/2024

CVE-2015-0949

First published: Thu Jan 30 2020(Updated: )

The System Management Mode (SMM) implementation in Dell Latitude E6430 BIOS Revision A09, HP EliteBook 850 G1 BIOS revision L71 Ver. 01.09, and possibly other BIOS implementations does not ensure that function calls operate on SMRAM memory locations, which allows local users to bypass the Secure Boot protection mechanism and gain privileges by leveraging write access to physical memory.

Credit: cret@cert.org

Affected Software	Affected Version	How to fix
Dell Latitude E6430 Firmware	=a09
Dell Latitude E6430
Hp Elitebook 850 G1 Firmware	=01.09
HP EliteBook 850 G1

Never miss a vulnerability like this again

Reference Links

http://www.kb.cert.org/vuls/id/631788

Frequently Asked Questions

What is CVE-2015-0949?
CVE-2015-0949 is a vulnerability in the System Management Mode (SMM) implementation in Dell Latitude E6430 BIOS Revision A09 and HP EliteBook 850 G1 BIOS revision L71 Ver. 01.09 which allows local users to bypass the Secure Boot protection mechanism.
What is the severity of CVE-2015-0949?
The severity of CVE-2015-0949 is high with a severity value of 7.8.
Which software versions are affected by CVE-2015-0949?
Dell Latitude E6430 BIOS Revision A09 and HP EliteBook 850 G1 BIOS revision L71 Ver. 01.09 are affected by CVE-2015-0949.
How can local users bypass the Secure Boot protection mechanism?
Local users can bypass the Secure Boot protection mechanism by exploiting the vulnerability in the System Management Mode (SMM) implementation.
Are Dell Latitude E6430 and HP EliteBook 850 G1 vulnerable?
Dell Latitude E6430 and HP EliteBook 850 G1 are vulnerable to CVE-2015-0949 if they are running the affected BIOS revisions.

collector/nvd-index
agent/references
agent/severity
agent/author
agent/weakness
agent/type
agent/event
agent/last-modified-date
agent/softwarecombine
agent/first-publish-date
agent/tags
agent/description
collector/mitre-cve
source/MITRE
vendor/dell
canonical/dell latitude e6430 firmware
version/dell latitude e6430 firmware/a09
canonical/dell latitude e6430
vendor/hp
canonical/hp elitebook 850 g1 firmware
version/hp elitebook 850 g1 firmware/01.09
canonical/hp elitebook 850 g1

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.