Artikelnummer: 000213550

DSA-2023-098: Security Update for Dell PowerEdge 14G Server BIOS for an Out of Bounds Write Vulnerability

Zusammenfassung: Dell PowerEdge 14G server BIOS remediation is available for an Out of Bounds write vulnerability that could be exploited by malicious users to compromise the affected system.

Dieser Artikel wurde möglicherweise automatisch übersetzt. Wenn Sie eine Rückmeldung bezüglich dessen Qualität geben möchten, teilen Sie uns diese über das Formular unten auf dieser Seite mit.

Artikelinhalt

Auswirkungen

Medium

Details

Proprietary Code CVE(s)	Description	CVSS Base Score	CVSS Vector String
CVE-2023-25537	Dell PowerEdge 14G server BIOS versions prior to 2.18.1 and Dell Precision BIOS versions prior to 2.18.2, contain an Out of Bounds write vulnerability. A local attacker with low privileges could potentially exploit this vulnerability leading to exposure of some SMRAM stack/data/code in System Management Mode, leading to arbitrary code execution or escalation of privilege.	6.1	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H

Proprietary Code CVE(s)	Description	CVSS Base Score	CVSS Vector String
CVE-2023-25537	Dell PowerEdge 14G server BIOS versions prior to 2.18.1 and Dell Precision BIOS versions prior to 2.18.2, contain an Out of Bounds write vulnerability. A local attacker with low privileges could potentially exploit this vulnerability leading to exposure of some SMRAM stack/data/code in System Management Mode, leading to arbitrary code execution or escalation of privilege.	6.1	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H

Dell Technologies empfiehlt allen Kunden, sowohl die CVSS-Gesamtbewertung als auch alle relevanten zeitlichen und umweltbezogenen Bewertungen zu berücksichtigen, die sich auf den potenziellen Schweregrad einer bestimmten Sicherheitsschwachstelle auswirken können.

Betroffene Produkte und Problembehebung

Product	Software/Firmware	Affected Version(s)	Remediated Version(s)	Link to Update
PowerEdge R740	BIOS	Versions prior to 2.18.1	Version 2.18.1 or later	https://www.dell.com/support/home/product-support/product/poweredge-r740/drivers
PowerEdge R740XD	BIOS	Versions prior to 2.18.1	Version 2.18.1 or later	https://www.dell.com/support/home/product-support/product/poweredge-r740xd/drivers
PowerEdge R640	BIOS	Versions prior to 2.18.1	Version 2.18.1 or later	https://www.dell.com/support/home/product-support/product/poweredge-r640/drivers
PowerEdge R940	BIOS	Versions prior to 2.18.1	Version 2.18.1 or later	https://www.dell.com/support/home/product-support/product/poweredge-r940/drivers
PowerEdge R540	BIOS	Versions prior to 2.18.1	Version 2.18.1 or later	https://www.dell.com/support/home/product-support/product/poweredge-r540/drivers
PowerEdge R440	BIOS	Versions prior to 2.18.1	Version 2.18.1 or later	https://www.dell.com/support/home/product-support/product/poweredge-r440/drivers
PowerEdge T440	BIOS	Versions prior to 2.18.1	Version 2.18.1 or later	https://www.dell.com/support/home/product-support/product/poweredge-t440/drivers
PowerEdge XR2	BIOS	Versions prior to 2.18.1	Version 2.18.1 or later	https://www.dell.com/support/home/product-support/product/oth-r440-xr/drivers
PowerEdge R740xD2	BIOS	Versions prior to 2.18.1	Version 2.18.1 or later	https://www.dell.com/support/home/product-support/product/poweredge-r740xd2/drivers
PowerEdge R840	BIOS	Versions prior to 2.18.1	Version 2.18.1 or later	https://www.dell.com/support/home/product-support/product/poweredge-r840/drivers
PowerEdge R940xa	BIOS	Versions prior to 2.18.1	Version 2.18.1 or later	https://www.dell.com/support/home/product-support/product/poweredge-r940xa/drivers
PowerEdge T640	BIOS	Versions prior to 2.18.1	Version 2.18.1 or later	https://www.dell.com/support/home/product-support/product/poweredge-t640/drivers
PowerEdge C6420	BIOS	Versions prior to 2.18.1	Version 2.18.1 or later	https://www.dell.com/support/home/product-support/product/poweredge-c6420/drivers
PowerEdge FC640	BIOS	Versions prior to 2.18.1	Version 2.18.1 or later	https://www.dell.com/support/home/product-support/product/poweredge-fc640/drivers
PowerEdge M640	BIOS	Versions prior to 2.18.1	Version 2.18.1 or later	https://www.dell.com/support/home/product-support/product/poweredge-m640/drivers
PowerEdge M640 (for PE VRTX)	BIOS	Versions prior to 2.18.1	Version 2.18.1 or later	https://www.dell.com/support/home/product-support/product/poweredge-m640p/drivers
PowerEdge MX740c	BIOS	Versions prior to 2.18.1	Version 2.18.1 or later	https://www.dell.com/support/home/product-support/product/poweredge-mx740c/drivers
PowerEdge MX840c	BIOS	Versions prior to 2.18.1	Version 2.18.1 or later	https://www.dell.com/support/home/product-support/product/poweredge-mx840c/drivers
PowerEdge C4140	BIOS	Versions prior to 2.18.1	Version 2.18.1 or later	https://www.dell.com/support/home/product-support/product/poweredge-c4140/drivers
DSS 8440	BIOS	Versions prior to 2.18.1	Version 2.18.1 or later	https://www.dell.com/support/home/product-support/product/dell-dss-8440/drivers
PowerEdge XE2420	BIOS	Versions prior to 2.18.1	Version 2.18.1 or later	https://www.dell.com/support/home/product-support/product/poweredge-xe2420/drivers
PowerEdge XE7420	BIOS	Versions prior to 2.18.1	Version 2.18.1 or later	https://www.dell.com/support/home/product-support/product/poweredge-xe7420/drivers
PowerEdge XE7440	BIOS	Versions prior to 2.18.1	Version 2.18.1 or later	https://www.dell.com/support/home/product-support/product/poweredge-xe7440/drivers
Dell EMC Storage NX3240	BIOS	Versions prior to 2.18.1	Version 2.18.1 or later	https://www.dell.com/support/home/product-support/product/storage-nx3240/drivers
Dell EMC Storage NX3340	BIOS	Versions prior to 2.18.1	Version 2.18.1 or later	https://www.dell.com/support/home/product-support/product/storage-nx3340/drivers
Dell EMC XC Core 6420 System	BIOS	Versions prior to 2.18.1	Version 2.18.1 or later	https://www.dell.com/support/home/product-support/product/dell-xc6420-ent-xc/drivers
Dell EMC XC Core XC640 System	BIOS	Versions prior to 2.18.1	Version 2.18.1 or later	https://www.dell.com/support/home/product-support/product/dell-xc640-ent-xc/drivers
Dell EMC XC Core XC740xd System	BIOS	Versions prior to 2.18.1	Version 2.18.1 or later	https://www.dell.com/support/home/product-support/product/dell-xc740xd-ent-xc/drivers
Dell EMC XC Core XC740xd2	BIOS	Versions prior to 2.18.1	Version 2.18.1 or later	https://www.dell.com/support/home/product-support/product/dell-emc-xc740-xd2/drivers
Dell EMC XC Core XC940 System	BIOS	Versions prior to 2.18.1	Version 2.18.1 or later	https://www.dell.com/support/home/product-support/product/dell-xc940-ent-xc/drivers
Dell EMC XC Core XCXR2	BIOS	Versions prior to 2.18.1	Version 2.18.1 or later	https://www.dell.com/support/home/product-support/product/dell-emc-xc-core-xcxr2/drivers
Microsoft Azure Stack Hub	BIOS	Versions prior to 2.18.1	Version 2.18.1 or later	For more information, see the Dell Patch and Update Automation Framework section of the Dell Integrated System for Microsoft Azure Stack Hub Patch and Update - Valid from Dell 2303 release Installation Guide

Product	Software/Firmware	Affected Version(s)	Remediated Version(s)	Link to Update
PowerEdge R740	BIOS	Versions prior to 2.18.1	Version 2.18.1 or later	https://www.dell.com/support/home/product-support/product/poweredge-r740/drivers
PowerEdge R740XD	BIOS	Versions prior to 2.18.1	Version 2.18.1 or later	https://www.dell.com/support/home/product-support/product/poweredge-r740xd/drivers
PowerEdge R640	BIOS	Versions prior to 2.18.1	Version 2.18.1 or later	https://www.dell.com/support/home/product-support/product/poweredge-r640/drivers
PowerEdge R940	BIOS	Versions prior to 2.18.1	Version 2.18.1 or later	https://www.dell.com/support/home/product-support/product/poweredge-r940/drivers
PowerEdge R540	BIOS	Versions prior to 2.18.1	Version 2.18.1 or later	https://www.dell.com/support/home/product-support/product/poweredge-r540/drivers
PowerEdge R440	BIOS	Versions prior to 2.18.1	Version 2.18.1 or later	https://www.dell.com/support/home/product-support/product/poweredge-r440/drivers
PowerEdge T440	BIOS	Versions prior to 2.18.1	Version 2.18.1 or later	https://www.dell.com/support/home/product-support/product/poweredge-t440/drivers
PowerEdge XR2	BIOS	Versions prior to 2.18.1	Version 2.18.1 or later	https://www.dell.com/support/home/product-support/product/oth-r440-xr/drivers
PowerEdge R740xD2	BIOS	Versions prior to 2.18.1	Version 2.18.1 or later	https://www.dell.com/support/home/product-support/product/poweredge-r740xd2/drivers
PowerEdge R840	BIOS	Versions prior to 2.18.1	Version 2.18.1 or later	https://www.dell.com/support/home/product-support/product/poweredge-r840/drivers
PowerEdge R940xa	BIOS	Versions prior to 2.18.1	Version 2.18.1 or later	https://www.dell.com/support/home/product-support/product/poweredge-r940xa/drivers
PowerEdge T640	BIOS	Versions prior to 2.18.1	Version 2.18.1 or later	https://www.dell.com/support/home/product-support/product/poweredge-t640/drivers
PowerEdge C6420	BIOS	Versions prior to 2.18.1	Version 2.18.1 or later	https://www.dell.com/support/home/product-support/product/poweredge-c6420/drivers
PowerEdge FC640	BIOS	Versions prior to 2.18.1	Version 2.18.1 or later	https://www.dell.com/support/home/product-support/product/poweredge-fc640/drivers
PowerEdge M640	BIOS	Versions prior to 2.18.1	Version 2.18.1 or later	https://www.dell.com/support/home/product-support/product/poweredge-m640/drivers
PowerEdge M640 (for PE VRTX)	BIOS	Versions prior to 2.18.1	Version 2.18.1 or later	https://www.dell.com/support/home/product-support/product/poweredge-m640p/drivers
PowerEdge MX740c	BIOS	Versions prior to 2.18.1	Version 2.18.1 or later	https://www.dell.com/support/home/product-support/product/poweredge-mx740c/drivers
PowerEdge MX840c	BIOS	Versions prior to 2.18.1	Version 2.18.1 or later	https://www.dell.com/support/home/product-support/product/poweredge-mx840c/drivers
PowerEdge C4140	BIOS	Versions prior to 2.18.1	Version 2.18.1 or later	https://www.dell.com/support/home/product-support/product/poweredge-c4140/drivers
DSS 8440	BIOS	Versions prior to 2.18.1	Version 2.18.1 or later	https://www.dell.com/support/home/product-support/product/dell-dss-8440/drivers
PowerEdge XE2420	BIOS	Versions prior to 2.18.1	Version 2.18.1 or later	https://www.dell.com/support/home/product-support/product/poweredge-xe2420/drivers
PowerEdge XE7420	BIOS	Versions prior to 2.18.1	Version 2.18.1 or later	https://www.dell.com/support/home/product-support/product/poweredge-xe7420/drivers
PowerEdge XE7440	BIOS	Versions prior to 2.18.1	Version 2.18.1 or later	https://www.dell.com/support/home/product-support/product/poweredge-xe7440/drivers
Dell EMC Storage NX3240	BIOS	Versions prior to 2.18.1	Version 2.18.1 or later	https://www.dell.com/support/home/product-support/product/storage-nx3240/drivers
Dell EMC Storage NX3340	BIOS	Versions prior to 2.18.1	Version 2.18.1 or later	https://www.dell.com/support/home/product-support/product/storage-nx3340/drivers
Dell EMC XC Core 6420 System	BIOS	Versions prior to 2.18.1	Version 2.18.1 or later	https://www.dell.com/support/home/product-support/product/dell-xc6420-ent-xc/drivers
Dell EMC XC Core XC640 System	BIOS	Versions prior to 2.18.1	Version 2.18.1 or later	https://www.dell.com/support/home/product-support/product/dell-xc640-ent-xc/drivers
Dell EMC XC Core XC740xd System	BIOS	Versions prior to 2.18.1	Version 2.18.1 or later	https://www.dell.com/support/home/product-support/product/dell-xc740xd-ent-xc/drivers
Dell EMC XC Core XC740xd2	BIOS	Versions prior to 2.18.1	Version 2.18.1 or later	https://www.dell.com/support/home/product-support/product/dell-emc-xc740-xd2/drivers
Dell EMC XC Core XC940 System	BIOS	Versions prior to 2.18.1	Version 2.18.1 or later	https://www.dell.com/support/home/product-support/product/dell-xc940-ent-xc/drivers
Dell EMC XC Core XCXR2	BIOS	Versions prior to 2.18.1	Version 2.18.1 or later	https://www.dell.com/support/home/product-support/product/dell-emc-xc-core-xcxr2/drivers
Microsoft Azure Stack Hub	BIOS	Versions prior to 2.18.1	Version 2.18.1 or later	For more information, see the Dell Patch and Update Automation Framework section of the Dell Integrated System for Microsoft Azure Stack Hub Patch and Update - Valid from Dell 2303 release Installation Guide

The Affected Products and Remediation table above may not be a comprehensive list of all affected supported versions and may be updated as more information becomes available.

Behelfslösungen und Abhilfemaßnahmen

Revisionsverlauf

Revision	Date	Description
1.0	2023-05-15	Initial release
2.0	2023-05-19	Updated CVE description
3.0	2023-07-18	Updated Article Properties
4.0	2023-12-13	Format editing with no content changes
5.0	2023.-12-13	Format editing with no content changes

Zugehörige Informationen

Rechtliche Hinweise

Artikeleigenschaften

Betroffenes Produkt

Integrated System for Microsoft Azure Stack Hub, Integrated System for Microsoft Azure Stack Hub 13G, Integrated System for Microsoft Azure Stack Hub 14G, DSS 8440, Dell EMC XC Core XCXR2, Dell EMC XC Core XC740xd2, Dell EMC XC Core XC640 System , Dell EMC XC Core 6420 System, Dell EMC XC Core XC740xd System, Dell EMC XC Core XC940 System, PowerEdge XR2, Poweredge C4140, PowerEdge C6420, PowerEdge FC640, PowerEdge M640, PowerEdge M640 (for PE VRTX), PowerEdge MX740C, PowerEdge MX840C, PowerEdge R440, PowerEdge R540, PowerEdge R640, PowerEdge R740, PowerEdge R740XD, PowerEdge R740XD2, PowerEdge R840, PowerEdge R940, PowerEdge R940xa, PowerEdge T440, PowerEdge T640, PowerEdge XE2420, PowerEdge XE7420, PowerEdge XE7440, Dell EMC Storage NX3240, Dell EMC Storage NX3340 ...

Letztes Veröffentlichungsdatum

13 Dez. 2023

Version

Artikeltyp

Dell Security Advisory

Zurück zum Anfang

Willkommen

Willkommen bei Dell