Which Dell Alienware models are affected by the CVE-2024-39584 vulnerability?

Affected Alienware models include: Area 51m R2 (BIOS versions prior to 1.29.0), Aurora R15 AMD (versions prior to 1.15.0), m15 R3 (versions prior to 1.29.0), m15 R4 (versions prior to 1.24.0), m17 R3 (versions prior to 1.29.0), m17 R4 (versions prior to 1.24.0), x14 (versions prior to 1.21.0), x15 R1 (versions prior to 1.24.0), x15 R2 (versions prior to 1.22.0), x17 R1 (versions prior to 1.24.0), and x17 R2 (versions prior to 1.22.0).

What should Dell users do to protect their systems from the CVE-2024-39584 vulnerability?

Users should immediately update their BIOS to the latest versions available on the Dell Drivers & Downloads site. Dell has released BIOS updates to mitigate this vulnerability, and no alternative workarounds or mitigations are available.

What is the potential impact of the CVE-2024-39584 vulnerability?

The CVE-2024-39584 vulnerability could allow attackers to bypass the Secure Boot mechanism and execute arbitrary code with high privileges, potentially gaining complete control over the affected devices.

Where can users find the necessary BIOS updates for affected Dell products?

Users can find the necessary BIOS updates for affected Dell products on the Dell Drivers & Downloads site. It is crucial to apply these updates immediately to protect systems from potential exploitation.

Are there any workarounds or mitigations for the CVE-2024-39584 vulnerability?

No, there are no alternative workarounds or mitigations available for this vulnerability. Users are advised to update their BIOS as soon as possible to safeguard their systems.

Advisory

Dell Alienware vulnerable to bypassing Secure Boot protections

Q: What is the CVE-2024-39584 vulnerability in Dell Client Platform BIOS?

CVE-2024-39584 is a high-severity 'Use of Default Cryptographic Key' vulnerability in the Dell Client Platform BIOS, allowing a high-privileged attacker with local access to bypass the Secure Boot mechanism and execute arbitrary code. Exploiting this flaw could enable attackers to gain complete control over affected devices.

published: Aug. 29, 2024

Take action: This is not a panic mode flaw - it requires physical access or already having high privilege access to the machine to bypass Secure Boot. But such access is not impossible - either through malware on the computer or through theft or accessing unattended computers. So best to schedule a BIOS update of your Alienware.

Learn More

A high severity vulnerability in the Dell Client Platform BIOS, tracked as CVE-2024-39584 (CVSS score 8.2), has been discovered, which could allow attackers to hijack compromised systems.

The flaw, categorized as a "Use of Default Cryptographic Key" vulnerability, allows a high-privileged attacker with local access to bypass the Secure Boot mechanism and execute arbitrary code. Attackers exploiting this vulnerability could potentially gain complete control over the affected devices

Dell has identified the following products as vulnerable, with specific BIOS versions requiring updates:

Alienware Models:

Area 51m R2: Versions prior to 1.29.0
Aurora R15 AMD: Versions prior to 1.15.0
m15 R3: Versions prior to 1.29.0
m15 R4: Versions prior to 1.24.0
m17 R3: Versions prior to 1.29.0
m17 R4: Versions prior to 1.24.0
x14: Versions prior to 1.21.0
x15 R1: Versions prior to 1.24.0
x15 R2: Versions prior to 1.22.0
x17 R1: Versions prior to 1.24.0
x17 R2: Versions prior to 1.22.0

Dell has released BIOS updates to mitigate this vulnerability. Users are urged to update their BIOS to the latest versions available on the Dell Drivers & Downloads site.

There are no alternative workarounds or mitigations available. Therefore, it is advised for users to apply these updates immediately to protect their systems from potential exploitation.

Dell Alienware vulnerable to bypassing Secure Boot protections