Join us on the Linux Gaming community on Lemmy, the federated open source alternative to Reddit.

Have a Dell desktop or laptop? You should upgrade your firmware now

By - | Views: 12,277

Cloud security company Eclypsium has revealed that Dell desktops, laptops and tablets have multiple vulnerabilities. Seems like we finally know why LVFS (Linux Vendor Firmware Service) had a huge spike in activity recently, with it supplying over 100,000 firmware updates in a single day as shown by developer Richard Hughes on Twitter.

Even with Secure Boot enabled it seems it doesn't really help and affects at least 129 different models of Dell laptops, tablets, and desktops. Eclypsium estimate around 30 million devices will be affected by this. It doesn't specifically state it's an issue for Linux and does mention Windows explicitly but the point is the same, you'll be vulnerable if you don't ensure you're up to date. The series of issues allows a "privileged network attacker to gain arbitrary code execution within the BIOS of vulnerable machines".

If you do have a Dell device, it would be worth ensuring you've run all updates and checked for the latest firmware. You can do firmware upgrades on Linux with services provided by LVFS. You can run updates using this command in terminal:

sudo fwupdmgr update

Most distributions should have an up to date GNOME Software or KDE Discover that support it too, so you can use those if you prefer.

See more in the announcement from Eclypsium and also from Dell directly.

Article taken from GamingOnLinux.com.
10 Likes , Who?
We do often include affiliate links to earn us some pennies. We are currently affiliated with GOG and Humble Store. See more here.
About the author -
author picture
I am the owner of GamingOnLinux. After discovering Linux back in the days of Mandrake in 2003, I constantly came back to check on the progress of Linux until Ubuntu appeared on the scene and it helped me to really love it. You can reach me easily by emailing GamingOnLinux directly.
See more from me
8 comments

If one is truly worried about vulnerabilities then after updating you should look into a Libreboot laptop and either a Libreboot desktop or a Power9 desktop. Running a BIOS that has closed source code is begging for vulnerabilities.
grigi 24 Jun
At least Dell provides updates for most of their notebooks, other manufacturers like MSI rarely even has one update.
emphy 24 Jun
QuoteIt doesn't specifically state it's an issue for Linux and does mention Windows explicitly but the point is the same, you'll be vulnerable if you don't ensure you're up to date.

Since the vulnerability is in a feature designed for remote boot (recovery) it is fairly reasonable to assume that it doesn't require windows to be functional or even present to be exploited.
Pit 25 Jun
As far as I understood, this is an issue in one of Dells pre-installed Windows Service programs that has access to the BIOS area, and can do bad stuff there. But without those (Windows) programs installed, you're not affected. So it is not a direct issue in the BIOS itself.
Nanobang 25 Jun
Dude! You're getting a vulnerable BIOS Dell!
14 26 Jun
View PC info
  • Supporter Plus
Thanks for posting. Updating firmware is kind of scary to watch, but at least the steps are very easy.
BigJ 29 Jun
Quoting: 14Thanks for posting. Updating firmware is kind of scary to watch, but at least the steps are very easy.

It also worries me too! But I just updated and no issues.
Dragunov 6 Jul
It's best not to update firmware/bios unless you are having a very specific problem. I just learned that recently the hard way. Everything has vulnerabilities and you should be backing up your data anyways. These security vulnerabilities are usually blown way out of proportion.

Also, don't touch Beta Bioses with a 10-foot pole. Avoid them like the plague.
While you're here, please consider supporting GamingOnLinux on:

Patreon, Liberapay or PayPal Donation.

This ensures all of our main content remains totally free for everyone with no article paywalls. We also don't have tons of adverts, there's also no tracking and we respect your privacy. Just good, fresh content. Without your continued support, we simply could not continue!

You can find even more ways to support us on this dedicated page any time. If you already are, thank you!
Login / Register

Or login with...
Sign in with Steam Sign in with Twitter Sign in with Google
Social logins require cookies to stay logged in.