CVE-2024-0161
Severity CVSS v4.0:
Pending analysis
Type:
CWE-20
Input Validation
Publication date:
13/03/2024
Last modified:
04/02/2025
Description
Dell PowerEdge Server BIOS and Dell Precision Rack BIOS contain an Improper SMM communication buffer verification vulnerability. A local low privileged attacker could potentially exploit this vulnerability leading to arbitrary writes to SMRAM.
Impact
Base Score 3.x
7.20
Severity 3.x
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:dell:poweredge_t360_firmware:*:*:*:*:*:*:*:* | 1.1.1 (excluding) | |
| cpe:2.3:h:dell:poweredge_t360:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:dell:poweredge_r360_firmware:*:*:*:*:*:*:*:* | 1.1.1 (excluding) | |
| cpe:2.3:h:dell:poweredge_r360:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:dell:poweredge_r650_firmware:*:*:*:*:*:*:*:* | 1.13.2 (excluding) | |
| cpe:2.3:h:dell:poweredge_r650:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:dell:poweredge_r750_firmware:*:*:*:*:*:*:*:* | 1.13.2 (excluding) | |
| cpe:2.3:h:dell:poweredge_r750:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:dell:poweredge_r750xa_firmware:*:*:*:*:*:*:*:* | 1.13.2 (excluding) | |
| cpe:2.3:h:dell:poweredge_r750xa:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:dell:poweredge_c6520_firmware:*:*:*:*:*:*:*:* | 1.13.2 (excluding) | |
| cpe:2.3:h:dell:poweredge_c6520:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:dell:poweredge_mx750c_firmware:*:*:*:*:*:*:*:* | 1.13.2 (excluding) | |
| cpe:2.3:h:dell:poweredge_mx750c:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:dell:poweredge_r550_firmware:*:*:*:*:*:*:*:* | 1.13.2 (excluding) |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- https://www.dell.com/support/kbdoc/en-us/000222979/dsa-2024-006-security-update-for-dell-poweredge-server-bios-for-an-improper-smm-communication-buffer-verification-vulnerability
- https://www.dell.com/support/kbdoc/en-us/000222979/dsa-2024-006-security-update-for-dell-poweredge-server-bios-for-an-improper-smm-communication-buffer-verification-vulnerability