DSA-2026-245: Security Update for Dell VxRail for Multiple Third-Party Component Vulnerabilities
Summary: Dell VxRail remediation is available for multiple security vulnerabilities that could be exploited by malicious users to compromise the affected system.
Impact
Critical
Details
| Third-party Component | CVEs | More Information |
| Linux Kernel | CVE-2023-2058, CVE-2023-20585, CVE-2023-53817, CVE-2024-12084, CVE-2024-12085, CVE-2024-12086, CVE-2024-12087, CVE-2024-12088, CVE-2024-12747, CVE-2024-38542, CVE-2025-6075, CVE-2025-10158, CVE-2025-11468, CVE-2025-12084, CVE-2025-13462, CVE-2025-13836, CVE-2025-13837, CVE-2025-15282, CVE-2025-37861, CVE-2025-39817, CVE-2025-39964, CVE-2025-39998, CVE-2025-40099, CVE-2025-40103, CVE-2025-40253, CVE-2025-45582, CVE-2025-54518, CVE-2025-66614, CVE-2025-71066, CVE-2025-71113, CVE-2025-71231, CVE-2026-0672, CVE-2026-0865, CVE-2026-1299, CVE-2026-1502, CVE-2026-1519, CVE-2026-1801, CVE-2026-1965, CVE-2026-2291, CVE-2026-2297, CVE-2026-3446, CVE-2026-3479, CVE-2026-3644, CVE-2026-3833, CVE-2026-4046, CVE-2026-4105, CVE-2026-4224, CVE-2026-4271, CVE-2026-4437, CVE-2026-4438, CVE-2026-4519, CVE-2026-4786, CVE-2026-4873, CVE-2026-4878, CVE-2026-4890, CVE-2026-4891, CVE-2026-4892, CVE-2026-4893, CVE-2026-5172, CVE-2026-5260, CVE-2026-5419, CVE-2026-5450, CVE-2026-5545, CVE-2026-5928, CVE-2026-6019, CVE-2026-6100, CVE-2026-6253, CVE-2026-6276, CVE-2026-6429, CVE-2026-6472, CVE-2026-6473, CVE-2026-6474, CVE-2026-6475, CVE-2026-6476, CVE-2026-6477, CVE-2026-6478, CVE-2026-6479, CVE-2026-6507, CVE-2026-6575, CVE-2026-6637, CVE-2026-6638, CVE-2026-21620, CVE-2026-22007, CVE-2026-22013, CVE-2026-22016, CVE-2026-22018, CVE-2026-22021, CVE-2026-23004, CVE-2026-23054, CVE-2026-23060, CVE-2026-23074, CVE-2026-23089, CVE-2026-23103, CVE-2026-23111, CVE-2026-23141, CVE-2026-23157, CVE-2026-23191, CVE-2026-23202, CVE-2026-23204, CVE-2026-23207, CVE-2026-23209, CVE-2026-23214, CVE-2026-23231, CVE-2026-23239, CVE-2026-23240, CVE-2026-23243, CVE-2026-23268, CVE-2026-23269, CVE-2026-23271, CVE-2026-23272, CVE-2026-23273, CVE-2026-23274, CVE-2026-23278, CVE-2026-23293, CVE-2026-23317, CVE-2026-23351, CVE-2026-23381, CVE-2026-23393, CVE-2026-23398, CVE-2026-23403, CVE-2026-23404, CVE-2026-23405, CVE-2026-23406, CVE-2026-23407, CVE-2026-23408, CVE-2026-23409, CVE-2026-23410, CVE-2026-23411, CVE-2026-23412, CVE-2026-23413, CVE-2026-23449, CVE-2026-23450, CVE-2026-23458, CVE-2026-23461, CVE-2026-23462, CVE-2026-23865, CVE-2026-23918, CVE-2026-23941, CVE-2026-23942, CVE-2026-23943, CVE-2026-24880, CVE-2026-25854, CVE-2026-27135, CVE-2026-28387, CVE-2026-28388, CVE-2026-28389, CVE-2026-28390, CVE-2026-28808, CVE-2026-29111, CVE-2026-29129, CVE-2026-29145, CVE-2026-29146, CVE-2026-29518, CVE-2026-31402, CVE-2026-31403, CVE-2026-31405, CVE-2026-31408, CVE-2026-31413, CVE-2026-31431, CVE-2026-31436, CVE-2026-31470, CVE-2026-31473, CVE-2026-31504, CVE-2026-31505, CVE-2026-31507, CVE-2026-31512, CVE-2026-31528, CVE-2026-31533, CVE-2026-31568, CVE-2026-31570, CVE-2026-31586, CVE-2026-31588, CVE-2026-31602, CVE-2026-31607, CVE-2026-31613, CVE-2026-31614, CVE-2026-31622, CVE-2026-31629, CVE-2026-31649, CVE-2026-31656, CVE-2026-31662, CVE-2026-31669, CVE-2026-31685, CVE-2026-31694, CVE-2026-31700, CVE-2026-31738, CVE-2026-31758, CVE-2026-31786, CVE-2026-31787, CVE-2026-31788, CVE-2026-31789, CVE-2026-31790, CVE-2026-32776, CVE-2026-32777, CVE-2026-32778, CVE-2026-32990, CVE-2026-33412, CVE-2026-33416, CVE-2026-33636, CVE-2026-33845, CVE-2026-33846, CVE-2026-34268, CVE-2026-34282, CVE-2026-34477, CVE-2026-34483, CVE-2026-34486, CVE-2026-34487, CVE-2026-34500, CVE-2026-34714, CVE-2026-34743, CVE-2026-34982, CVE-2026-35328, CVE-2026-35329, CVE-2026-35330, CVE-2026-35332, CVE-2026-35333, CVE-2026-35334, CVE-2026-35385, CVE-2026-35414, CVE-2026-35535, CVE-2026-41035, CVE-2026-41054, CVE-2026-42009, CVE-2026-42010, CVE-2026-42011, CVE-2026-42012, CVE-2026-42013, CVE-2026-42014, CVE-2026-42015, CVE-2026-42198, CVE-2026-42307, CVE-2026-42945, CVE-2026-43025, CVE-2026-43027, CVE-2026-43037, CVE-2026-43038, CVE-2026-43044, CVE-2026-43050, CVE-2026-43110, CVE-2026-43120, CVE-2026-43126, CVE-2026-43190, CVE-2026-43206, CVE-2026-43214, CVE-2026-43284, CVE-2026-43329, CVE-2026-43330, CVE-2026-43334, CVE-2026-43362, CVE-2026-43365, CVE-2026-43366, CVE-2026-43437, CVE-2026-43494, CVE-2026-43499, CVE-2026-43500, CVE-2026-43501, CVE-2026-43503, CVE-2026-46331, CVE-2026-43617, CVE-2026-43618, CVE-2026-43619, CVE-2026-43620, CVE-2026-43961, CVE-2026-44656, CVE-2026-45130, CVE-2026-45232, CVE-2026-45852, CVE-2026-45910, CVE-2026-45970, CVE-2026-46004, CVE-2026-46021, CVE-2026-46043, CVE-2026-46113, CVE-2026-46114, CVE-2026-46243, CVE-2026-46300, CVE-2026-46333, CVE-2026-46483 | https://nvd.nist.gov/vuln/search |
| Intel Processor Firmware | CVE-2025-31648 | DSA-2026-012 |
| Platform Initialization (PI) Firmware | CVE-2025-54510, CVE-2025-54502, CVE-2025-54509, CVE-2025-61972, CVE-2025-61971, CVE-2024-36315 | DSA-2026-041 , DSA-2026-042 , DSA-2026-043 , DSA-2026-076 |
| Tianocore EDK2 | CVE-2024-38798 | DSA-2026-040 |
| OpenSSL | CVE-2025-68160, CVE-2025-69418, CVE-2025-69419, CVE-2025-69420, CVE-2025-69421, CVE-2026-22795, CVE-2026-22796 | DSA-2026-154 , DSA-2026-136 |
| Python | CVE-2026-26950, CVE-2025-13836 | https://nvd.nist.gov/vuln/search |
| UEFI Reference Firmware Advisory | CVE-2025-35991 | DSA-2026-027 |
| vCenter 8.0 Update 3i vulnerabilities | CVE-2026-2004, CVE-2026-2005, CVE-2026-2003, CVE-2026-2006, CVE-2019-16884, CVE-2025-52881, CVE-2025-52565, CVE-2025-31133, CVE-2026-1965, CVE-2026-3783, CVE-2026-3784, CVE-2025-58767, CVE-2025-13151, CVE-2026-28387, CVE-2026-28388, CVE-2026-28389, CVE-2026-28390, CVE-2026-31789, CVE-2026-31790, CVE-2025-0395, CVE-2025-8058, CVE-2026-0861, CVE-2026-0915, CVE-2025-15281, CVE-2025-70873, CVE-2026-25749, CVE-2026-28422, CVE-2026-28417, CVE-2026-28419, CVE-2026-28420, CVE-2026-28421, CVE-2026-28418, CVE-2020-14779, CVE-2020-14781, CVE-2020-14782, CVE-2020-14796, CVE-2020-14797, CVE-2021-2163, CVE-2021-2161, CVE-2021-2341, CVE-2021-2369, CVE-2021-2388, CVE-2021-35550, CVE-2021-35556, CVE-2021-35559, CVE-2021-35561, CVE-2021-35565, CVE-2021-35567, CVE-2021-35586, CVE-2021-35603, CVE-2022-21248, CVE-2022-21277, CVE-2022-21282, CVE-2022-21283, CVE-2022-21291, CVE-2022-21293, CVE-2022-21294, CVE-2022-21296, CVE-2022-21299, CVE-2022-21305, CVE-2022-21340, CVE-2022-21341, CVE-2022-21360, CVE-2022-21365, CVE-2022-21366, CVE-2022-21271, CVE-2022-21426, CVE-2022-21434, CVE-2022-21443, CVE-2022-21496, CVE-2022-21476, CVE-2022-21540, CVE-2022-21541, CVE-2022-34169, CVE-2022-21618, CVE-2022-21619, CVE-2022-21624, CVE-2022-21626, CVE-2022-21628, CVE-2022-39399, CVE-2023-22006, CVE-2023-22036, CVE-2023-22041, CVE-2023-22045, CVE-2023-22049, CVE-2023-22081, CVE-2024-20918, CVE-2024-20919, CVE-2024-20921, CVE-2024-20926, CVE-2024-20945, CVE-2024-20952, CVE-2024-21011, CVE-2024-21012, CVE-2024-21068, CVE-2024-21085, CVE-2024-21094, CVE-2024-21131, CVE-2024-21138, CVE-2024-21140, CVE-2024-21145, CVE-2024-21147, CVE-2024-21144, CVE-2024-21208, CVE-2024-21210, CVE-2024-21217, CVE-2024-21235, CVE-2025-21502, CVE-2025-21587, CVE-2025-30691, CVE-2025-30698, CVE-2026-21925, CVE-2026-21932, CVE-2026-21933, CVE-2026-21945, CVE-2026-25068, CVE-2025-61662, CVE-2025-61663, CVE-2025-61664, CVE-2025-14087, CVE-2025-14512, CVE-2026-21925, CVE-2026-21932, CVE-2026-21933, CVE-2026-21945, CVE-2026-2781CVE-2026-2004, CVE-2026-2005, CVE-2026-2003, CVE-2026-2006, CVE-2019-16884, CVE-2025-52881, CVE-2025-52565, CVE-2025-31133, CVE-2026-1965, CVE-2026-3783, CVE-2026-3784, CVE-2025-58767, CVE-2025-13151, CVE-2026-28387, CVE-2026-28388, CVE-2026-28389, CVE-2026-28390, CVE-2026-31789, CVE-2026-31790, CVE-2025-0395, CVE-2025-8058, CVE-2026-0861, CVE-2026-0915, CVE-2025-15281, CVE-2025-70873, CVE-2026-25749, CVE-2026-28422, CVE-2026-28417, CVE-2026-28419, CVE-2026-28420, CVE-2026-28421, CVE-2026-28418, CVE-2020-14779, CVE-2020-14781, CVE-2020-14782, CVE-2020-14796, CVE-2020-14797, CVE-2021-2163, CVE-2021-2161, CVE-2021-2341, CVE-2021-2369, CVE-2021-2388, CVE-2021-35550, CVE-2021-35556, CVE-2021-35559, CVE-2021-35561, CVE-2021-35565, CVE-2021-35567, CVE-2021-35586, CVE-2021-35603, CVE-2022-21248, CVE-2022-21277, CVE-2022-21282, CVE-2022-21283, CVE-2022-21291, CVE-2022-21293, CVE-2022-21294, CVE-2022-21296, CVE-2022-21299, CVE-2022-21305, CVE-2022-21340, CVE-2022-21341, CVE-2022-21360, CVE-2022-21365, CVE-2022-21366, CVE-2022-21271, CVE-2022-21426, CVE-2022-21434, CVE-2022-21443, CVE-2022-21496, CVE-2022-21476, CVE-2022-21540, CVE-2022-21541, CVE-2022-34169, CVE-2022-21618, CVE-2022-21619, CVE-2022-21624, CVE-2022-21626, CVE-2022-21628, CVE-2022-39399, CVE-2023-22006, CVE-2023-22036, CVE-2023-22041, CVE-2023-22045, CVE-2023-22049, CVE-2023-22081, CVE-2024-20918, CVE-2024-20919, CVE-2024-20921, CVE-2024-20926, CVE-2024-20945, CVE-2024-20952, CVE-2024-21011, CVE-2024-21012, CVE-2024-21068, CVE-2024-21085, CVE-2024-21094, CVE-2024-21131, CVE-2024-21138, CVE-2024-21140, CVE-2024-21145, CVE-2024-21147, CVE-2024-21144, CVE-2024-21208, CVE-2024-21210, CVE-2024-21217, CVE-2024-21235, CVE-2025-21502, CVE-2025-21587, CVE-2025-30691, CVE-2025-30698, CVE-2026-21925, CVE-2026-21932, CVE-2026-21933, CVE-2026-21945, CVE-2026-25068, CVE-2025-61662, CVE-2025-61663, CVE-2025-61664, CVE-2025-14087, CVE-2025-14512, CVE-2026-21925, CVE-2026-21932, CVE-2026-21933, CVE-2026-21945, CVE-2026-2781 | https://techdocs.broadcom.com/us/en/vmware-cis/vsphere/vsphere/8-0/release-notes/vcenter-server-appliance-photonos-security-patches.html |
Affected Products & Remediation
| Product | Affected Versions | Remediated Versions | Link |
| Dell VxRail Appliance | Versions prior to 8.0.390 |
Version 8.0.390 or later |
https://www.dell.com/support/home/product-support/product/vxrail-appliance-series/drivers |
| Product | Affected Versions | Remediated Versions | Link |
| Dell VxRail Appliance | Versions prior to 8.0.390 |
Version 8.0.390 or later |
https://www.dell.com/support/home/product-support/product/vxrail-appliance-series/drivers |
Workarounds & Mitigations
| CVE ID | Workaround and Mitigation |
| CVE-2026-31431 |
For customers who need to mitigate the vulnerability before upgrading, Dell recommends blacklisting the algif_aead kernel module. Steps to Apply the Workaround:
echo "install algif_aead /bin/false" > /etc/modprobe.d/disable-algif-aead.conf
modprobe algif_aead This command should fail (module load denied). lsmod | grep algif_aead This should return empty (module not loaded). Notes on the workaround:
Removing the Workaround After Upgrade After upgrading to VxRail 8.0.390 or later, Dell strongly recommends removing the blacklist configuration to ensure compatibility with potential future enhancements: rm -f /etc/modprobe.d/disable-algif-aead.conf |
| CVE-2026-6923 |
The TPM component used in Dell VxRail does not have a mechanism for updates through standard platform or lifecycle management releases. Customers must contact Dell Support to obtain and apply TPM firmware updates on cluster nodes or refer DSA-2026-224 and use the Drivers & Downloads page for their respective PowerEdge platform to identify the applicable TPM firmware package, search for “TPM”, and select the appropriate Trusted Platform Module firmware package. The package provides detailed installation instructions, including steps for applying the update using iDRAC or Lifecycle Controller. |
Revision History
| Revision | Date | Description |
| 1.0 | 2026-06-05 | Initial Release |
| 2.0 | 2026-07-01 | Updated Affected Products and Remediation table. Target availability changed to July |
| 3.0 | 2026-07-09 | Updated the Third Party Components and Affected Products and Remediation tables |