Check out our Monthly Survey Page to see what our users are running.
We do often include affiliate links to earn us some pennies. See more here.

Cloud security company Eclypsium has revealed that Dell desktops, laptops and tablets have multiple vulnerabilities. Seems like we finally know why LVFS (Linux Vendor Firmware Service) had a huge spike in activity recently, with it supplying over 100,000 firmware updates in a single day as shown by developer Richard Hughes on Twitter.

Even with Secure Boot enabled it seems it doesn't really help and affects at least 129 different models of Dell laptops, tablets, and desktops. Eclypsium estimate around 30 million devices will be affected by this. It doesn't specifically state it's an issue for Linux and does mention Windows explicitly but the point is the same, you'll be vulnerable if you don't ensure you're up to date. The series of issues allows a "privileged network attacker to gain arbitrary code execution within the BIOS of vulnerable machines".

If you do have a Dell device, it would be worth ensuring you've run all updates and checked for the latest firmware. You can do firmware upgrades on Linux with services provided by LVFS. You can run updates using this command in terminal:

sudo fwupdmgr update

Most distributions should have an up to date GNOME Software or KDE Discover that support it too, so you can use those if you prefer.

See more in the announcement from Eclypsium and also from Dell directly.

Article taken from GamingOnLinux.com.
10 Likes
About the author -
author picture
I am the owner of GamingOnLinux. After discovering Linux back in the days of Mandrake in 2003, I constantly checked on the progress of Linux until Ubuntu appeared on the scene and it helped me to really love it. You can reach me easily by emailing GamingOnLinux directly.
See more from me
The comments on this article are closed.
All posts need to follow our rules. For users logged in: please hit the Report Flag icon on any post that breaks the rules or contains illegal / harmful content. Guest readers can email us for any issues.
7 comments

PublicNuisance Jun 24, 2021
If one is truly worried about vulnerabilities then after updating you should look into a Libreboot laptop and either a Libreboot desktop or a Power9 desktop. Running a BIOS that has closed source code is begging for vulnerabilities.
grigi Jun 24, 2021
View PC info
  • Supporter Plus
At least Dell provides updates for most of their notebooks, other manufacturers like MSI rarely even has one update.
emphy Jun 24, 2021
It doesn't specifically state it's an issue for Linux and does mention Windows explicitly but the point is the same, you'll be vulnerable if you don't ensure you're up to date.

Since the vulnerability is in a feature designed for remote boot (recovery) it is fairly reasonable to assume that it doesn't require windows to be functional or even present to be exploited.
Nanobang Jun 25, 2021
View PC info
  • Supporter
Dude! You're getting a vulnerable BIOS Dell!
14 Jun 26, 2021
View PC info
  • Supporter Plus
Thanks for posting. Updating firmware is kind of scary to watch, but at least the steps are very easy.
BigJ Jun 29, 2021
Thanks for posting. Updating firmware is kind of scary to watch, but at least the steps are very easy.

It also worries me too! But I just updated and no issues.
Dragunov Jul 6, 2021
It's best not to update firmware/bios unless you are having a very specific problem. I just learned that recently the hard way. Everything has vulnerabilities and you should be backing up your data anyways. These security vulnerabilities are usually blown way out of proportion.

Also, don't touch Beta Bioses with a 10-foot pole. Avoid them like the plague.
While you're here, please consider supporting GamingOnLinux on:

Reward Tiers: Patreon. Plain Donations: PayPal.

This ensures all of our main content remains totally free for everyone! Patreon supporters can also remove all adverts and sponsors! Supporting us helps bring good, fresh content. Without your continued support, we simply could not continue!

You can find even more ways to support us on this dedicated page any time. If you already are, thank you!
The comments on this article are closed.