DSA-2021-103: Dell PowerEdge Server Security Update for BIOS Vulnerabilities

Summary: Dell PowerEdge Server BIOS remediation is available for multiple security vulnerabilities in the BIOS that may be exploited by malicious users to compromise the affected system.

This article applies to This article does not apply to This article is not tied to any specific product. Not all product versions are identified in this article.
Check out other resources

Impact

High

Details

Proprietary Code CVEs Description CVSS Base Score CVSS Vector String
CVE-2021-21554
  • Dell PowerEdge R640, R740, R740XD, R840, R940, R940xa, MX740c, MX840c, and, Dell Precision 7920 Rack Workstation BIOS contain a stack-based buffer overflow vulnerability in systems with Intel Optane DC Persistent Memory installed. A local malicious user with high privileges may potentially exploit this vulnerability, leading to a denial of Service, arbitrary code execution, or information disclosure in UEFI or BIOS Preboot Environment.
 6.1 CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:L
CVE-2021-21555
  • Dell PowerEdge R640, R740, R740XD, R840, R940, R940xa, MX740c, MX840c, and T640 Server BIOS contain a heap-based buffer overflow vulnerability in systems with NVDIMM-N installed. A local malicious user with high privileges may potentially exploit this vulnerability, leading to a denial of Service, arbitrary code execution, or information disclosure in UEFI or BIOS Preboot Environment.
 6.1

CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:L
CVE-2021-21556
  • Dell PowerEdge R640, R740, R740XD, R840, R940, R940xa, MX740c, MX840c, and T640 Server BIOS contain a stack-based buffer overflow vulnerability in systems with NVDIMM-N installed. A local malicious user with high privileges may potentially exploit this vulnerability, leading to a denial of Service, arbitrary code execution, or information disclosure in UEFI or BIOS Preboot Environment.
 6.1 CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:L
CVE-2021-21557
  • Dell PowerEdge Server BIOS and Dell Precision Rack BIOS contain an out-of-bounds array access vulnerability. A local malicious user with high privileges may potentially exploit this vulnerability, leading to a denial of service, arbitrary code execution, or information disclosure in System Management Mode.
 8.1 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:L
Proprietary Code CVEs Description CVSS Base Score CVSS Vector String
CVE-2021-21554
  • Dell PowerEdge R640, R740, R740XD, R840, R940, R940xa, MX740c, MX840c, and, Dell Precision 7920 Rack Workstation BIOS contain a stack-based buffer overflow vulnerability in systems with Intel Optane DC Persistent Memory installed. A local malicious user with high privileges may potentially exploit this vulnerability, leading to a denial of Service, arbitrary code execution, or information disclosure in UEFI or BIOS Preboot Environment.
 6.1 CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:L
CVE-2021-21555
  • Dell PowerEdge R640, R740, R740XD, R840, R940, R940xa, MX740c, MX840c, and T640 Server BIOS contain a heap-based buffer overflow vulnerability in systems with NVDIMM-N installed. A local malicious user with high privileges may potentially exploit this vulnerability, leading to a denial of Service, arbitrary code execution, or information disclosure in UEFI or BIOS Preboot Environment.
 6.1

CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:L
CVE-2021-21556
  • Dell PowerEdge R640, R740, R740XD, R840, R940, R940xa, MX740c, MX840c, and T640 Server BIOS contain a stack-based buffer overflow vulnerability in systems with NVDIMM-N installed. A local malicious user with high privileges may potentially exploit this vulnerability, leading to a denial of Service, arbitrary code execution, or information disclosure in UEFI or BIOS Preboot Environment.
 6.1 CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:L
CVE-2021-21557
  • Dell PowerEdge Server BIOS and Dell Precision Rack BIOS contain an out-of-bounds array access vulnerability. A local malicious user with high privileges may potentially exploit this vulnerability, leading to a denial of service, arbitrary code execution, or information disclosure in System Management Mode.
 8.1 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:L
Dell Technologies recommends all customers consider both the CVSS base score and any relevant temporal and environmental scores that may impact the potential severity associated with a particular security vulnerability.

Affected Products & Remediation

CVEs Addressed Product Affected Versions Updated Versions and Newer Link to Update
CVE-2021-21554
 		 R640 Before 2.9.4 2.9.4 R640 Drivers & Downloads
R740 R740 Drivers & Downloads
R740XD R740XD Drivers & Downloads
R940 R940 Drivers & Downloads
R840 R840 Drivers & Downloads
R940XA R940XA Drivers & Downloads
MX740C MX740C Drivers & Downloads
MX840C MX840C Drivers & Downloads
CVE-2021-21555
CVE-2021-21556		 R640 Before 2.11.2 2.11.2 R640 Drivers & Downloads
R740 R740 Drivers & Downloads
R740XD R740XD Drivers & Downloads
R940 R940 Drivers & Downloads
R840 R840 Drivers & Downloads
R940XA R940XA Drivers & Downloads
T640 T640 Drivers & Downloads
MX740C MX740C Drivers & Downloads
MX840C MX840C Drivers & Downloads
CVE-2021-21557
 		 R640 Before 2.11.2 2.11.2 R640 Drivers & Downloads
R740 R740 Drivers & Downloads
R740XD R740XD Drivers & Downloads
R940 R940 Drivers & Downloads
R540 Before 2.11.2 2.11.2 R540 Drivers & Downloads
R440 R440 Drivers & Downloads
T440 T440 Drivers & Downloads
XR2 XR2 Drivers & Downloads
R740XD2 Before 2.11.2 2.11.2 R740XD2 Drivers & Downloads
R840 Before 2.11.2 2.11.2
 		 R840 Drivers & Downloads
R940XA R940XA Drivers & Downloads
T640 Before 2.11.2 2.11.2 T640 Drivers & Downloads
C6420 Before 2.11.2   C6420 Drivers & Downloads
FC640 Before 2.11.2 2.11.2 FC640 Drivers & Downloads
M640 M640 Drivers & Downloads
M640P M640P Drivers & Downloads
MX740C Before 2.11.2 2.11.2 MX740C Drivers & Downloads
MX840C Before 2.11.2 2.11.2 MX840C Drivers & Downloads
C4140 Before 2.11.2 2.11.2 C4140 Drivers & Downloads
T140 Before 2.5.1 2.5.1 T140 Drivers & Downloads
T340 T340 Drivers & Downloads
R240 R240 Drivers & Downloads
R340 R340 Drivers & Downloads
R6415 Before 1.16.1 1.16.1 R6415 Drivers & Downloads
R7415 R7415 Drivers & Downloads
R7425 Before 1.16.1 1.16.1 R7425 Drivers & Downloads
R6515 Before 2.2.4 2.2.4 R6515 Drivers & Downloads
R7515 R7515 Drivers & Downloads
R6525 Before 2.2.5 2.2.5 R6525 Drivers & Downloads
R7525 R7525 Drivers & Downloads
C6525 Before 2.2.4 2.2.4 C6525 Drivers & Downloads

Note:
  • The table above may not be a comprehensive list of all affected supported versions and may be updated as more information becomes available.
CVEs Addressed Product Affected Versions Updated Versions and Newer Link to Update
CVE-2021-21554
 		 R640 Before 2.9.4 2.9.4 R640 Drivers & Downloads
R740 R740 Drivers & Downloads
R740XD R740XD Drivers & Downloads
R940 R940 Drivers & Downloads
R840 R840 Drivers & Downloads
R940XA R940XA Drivers & Downloads
MX740C MX740C Drivers & Downloads
MX840C MX840C Drivers & Downloads
CVE-2021-21555
CVE-2021-21556		 R640 Before 2.11.2 2.11.2 R640 Drivers & Downloads
R740 R740 Drivers & Downloads
R740XD R740XD Drivers & Downloads
R940 R940 Drivers & Downloads
R840 R840 Drivers & Downloads
R940XA R940XA Drivers & Downloads
T640 T640 Drivers & Downloads
MX740C MX740C Drivers & Downloads
MX840C MX840C Drivers & Downloads
CVE-2021-21557
 		 R640 Before 2.11.2 2.11.2 R640 Drivers & Downloads
R740 R740 Drivers & Downloads
R740XD R740XD Drivers & Downloads
R940 R940 Drivers & Downloads
R540 Before 2.11.2 2.11.2 R540 Drivers & Downloads
R440 R440 Drivers & Downloads
T440 T440 Drivers & Downloads
XR2 XR2 Drivers & Downloads
R740XD2 Before 2.11.2 2.11.2 R740XD2 Drivers & Downloads
R840 Before 2.11.2 2.11.2
 		 R840 Drivers & Downloads
R940XA R940XA Drivers & Downloads
T640 Before 2.11.2 2.11.2 T640 Drivers & Downloads
C6420 Before 2.11.2   C6420 Drivers & Downloads
FC640 Before 2.11.2 2.11.2 FC640 Drivers & Downloads
M640 M640 Drivers & Downloads
M640P M640P Drivers & Downloads
MX740C Before 2.11.2 2.11.2 MX740C Drivers & Downloads
MX840C Before 2.11.2 2.11.2 MX840C Drivers & Downloads
C4140 Before 2.11.2 2.11.2 C4140 Drivers & Downloads
T140 Before 2.5.1 2.5.1 T140 Drivers & Downloads
T340 T340 Drivers & Downloads
R240 R240 Drivers & Downloads
R340 R340 Drivers & Downloads
R6415 Before 1.16.1 1.16.1 R6415 Drivers & Downloads
R7415 R7415 Drivers & Downloads
R7425 Before 1.16.1 1.16.1 R7425 Drivers & Downloads
R6515 Before 2.2.4 2.2.4 R6515 Drivers & Downloads
R7515 R7515 Drivers & Downloads
R6525 Before 2.2.5 2.2.5 R6525 Drivers & Downloads
R7525 R7525 Drivers & Downloads
C6525 Before 2.2.4 2.2.4 C6525 Drivers & Downloads

Note:
  • The table above may not be a comprehensive list of all affected supported versions and may be updated as more information becomes available.

Revision History

RevisionDateDescription
1.02021-06-08Initial release

Acknowledgements

Dell Technologies would like to thank Alexander Tereshkin and Alexander Matrosov of NVIDIA Product Security Team for reporting these issues.

Related Information

Dell Security Advisories and Notices
Dell Vulnerability Response Policy
CVSS Scoring Guide

Legal Disclaimer

Affected Products

PowerEdge, PowerEdge XR2, Poweredge C4140, PowerEdge C6420, PowerEdge C6525, PowerEdge FC640, PowerEdge M640, PowerEdge M640 (for PE VRTX), PowerEdge MX740C, PowerEdge MX840C, PowerEdge R240, PowerEdge R340, PowerEdge R440, PowerEdge R540 , PowerEdge R640, PowerEdge R6415, PowerEdge R6515, PowerEdge R6525, PowerEdge R740, PowerEdge R740XD, PowerEdge R740XD2, PowerEdge R7415, PowerEdge R7425, PowerEdge R7515, PowerEdge R7525, PowerEdge R840, PowerEdge R940, PowerEdge R940xa, PowerEdge T140, PowerEdge T340, PowerEdge T440, PowerEdge T640, Product Security Information ...
Article Properties
Article Number: 000187958
Article Type: Dell Security Advisory
Last Modified: 11 Jun 2021
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.