CVE-2024-0162
Severity CVSS v4.0:
Pending analysis
Type:
CWE-119
Buffer Errors
Publication date:
13/03/2024
Last modified:
04/02/2025
Description
Dell PowerEdge Server BIOS and Dell Precision Rack BIOS contain an Improper SMM communication buffer verification vulnerability. A local low privileged attacker could potentially exploit this vulnerability leading to out-of-bound read/writes to SMRAM.
Impact
Base Score 3.x
5.30
Severity 3.x
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:dell:poweredge_r660_firmware:*:*:*:*:*:*:*:* | 2.0.0 (excluding) | |
| cpe:2.3:h:dell:poweredge_r660:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:dell:poweredge_r760_firmware:*:*:*:*:*:*:*:* | 2.0.0 (excluding) | |
| cpe:2.3:h:dell:poweredge_r760:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:dell:poweredge_c6620_firmware:*:*:*:*:*:*:*:* | 2.0.0 (excluding) | |
| cpe:2.3:h:dell:poweredge_c6620:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:dell:poweredge_mx760c_firmware:*:*:*:*:*:*:*:* | 2.0.0 (excluding) | |
| cpe:2.3:h:dell:poweredge_mx760c:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:dell:poweredge_r860_firmware:*:*:*:*:*:*:*:* | 1.8.0 (excluding) | |
| cpe:2.3:h:dell:poweredge_r860:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:dell:poweredge_r960_firmware:*:*:*:*:*:*:*:* | 1.8.0 (excluding) | |
| cpe:2.3:h:dell:poweredge_r960:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:dell:poweredge_hs5610_firmware:*:*:*:*:*:*:*:* | 2.0.0 (excluding) | |
| cpe:2.3:h:dell:poweredge_hs5610:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:dell:poweredge_hs5620_firmware:*:*:*:*:*:*:*:* | 2.0.0 (excluding) |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- https://www.dell.com/support/kbdoc/en-us/000222812/dsa-2024-004-security-update-for-dell-poweredge-server-bios-for-an-improper-smm-communication-buffer-verification-vulnerability
- https://www.dell.com/support/kbdoc/en-us/000222812/dsa-2024-004-security-update-for-dell-poweredge-server-bios-for-an-improper-smm-communication-buffer-verification-vulnerability