DSA-2024-309: Security Update for Dell PowerEdge Server for Improper Input Validation Vulnerability

Summary: Dell PowerEdge Server remediation is available for Improper Input Validation vulnerability that could be exploited by malicious users to compromise the affected systems.

Αυτό το άρθρο ισχύει για Αυτό το άρθρο δεν ισχύει για Αυτό το άρθρο δεν συνδέεται με κάποιο συγκεκριμένο προϊόν. Δεν προσδιορίζονται όλες οι εκδόσεις προϊόντων σε αυτό το άρθρο.
Δείτε άλλους πόρους

Impact

Medium

Details

Proprietary Code CVEs Description CVSS Base Score CVSS Vector String
CVE-2024-38303 Dell PowerEdge Platform, 14G Intel BIOS version(s) prior to 2.22.x, contains an Improper Input Validation vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Information disclosure. 5.3 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:NThis hyperlink is taking you to a website outside of Dell Technologies.
Proprietary Code CVEs Description CVSS Base Score CVSS Vector String
CVE-2024-38303 Dell PowerEdge Platform, 14G Intel BIOS version(s) prior to 2.22.x, contains an Improper Input Validation vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Information disclosure. 5.3 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:NThis hyperlink is taking you to a website outside of Dell Technologies.
Dell Technologies recommends all customers consider both the CVSS base score and any relevant temporal and environmental scores that may impact the potential severity associated with a particular security vulnerability.

Επηρεαζόμενα προϊόντα και αποκατάσταση

Product

Software/Firmware

Affected Versions

Remediated Versions

Link

PowerEdge R740

BIOS

Versions prior to 2.22.2

Version 2.22.2 or later

https://www.dell.com/support/home/product-support/product/poweredge-r740/drivers

PowerEdge R740XD

BIOS

Versions prior to 2.22.2

Version 2.22.2 or later

https://www.dell.com/support/home/product-support/product/poweredge-r740xd/drivers

PowerEdge R640

BIOS

Versions prior to 2.22.2

Version 2.22.2 or later

https://www.dell.com/support/home/product-support/product/poweredge-r640/drivers

PowerEdge R940

BIOS

Versions prior to 2.22.2

Version 2.22.2 or later

https://www.dell.com/support/home/product-support/product/poweredge-r940/drivers

PowerEdge R540

BIOS

Versions prior to 2.22.1

Version 2.22.1 or later

https://www.dell.com/support/home/product-support/product/poweredge-r540/drivers

PowerEdge R440

BIOS

Versions prior to 2.22.1

Version 2.22.1 or later

https://www.dell.com/support/home/product-support/product/poweredge-r440/drivers

PowerEdge T440

BIOS

Versions prior to 2.22.1

Version 2.22.1 or later

https://www.dell.com/support/home/product-support/product/poweredge-t440/drivers

PowerEdge XR2

BIOS

Versions prior to 2.22.1

Version 2.22.1 or later

https://www.dell.com/support/home/product-support/product/oth-r440-xr/drivers

PowerEdge R740XD2

BIOS

Versions prior to 2.22.1

Version 2.22.1 or later

https://www.dell.com/support/home/product-support/product/poweredge-r740xd2/drivers

PowerEdge R840

BIOS

Versions prior to 2.22.1

Version 2.22.1 or later

https://www.dell.com/support/homeproduct-support/product/poweredge-r840/drivers

PowerEdge R940XA

BIOS

Versions prior to 2.22.1

Version 2.22.1 or later

https://www.dell.com/support/home/product-support/product/poweredge-r940xa/drivers

PowerEdge T640

BIOS

Versions prior to 2.22.1

Version 2.22.1 or later

https://www.dell.com/support/home/product-support/product/poweredge-t640/drivers

PowerEdge C6420

BIOS

Versions prior to 2.22.2

Version 2.22.2 or later

https://www.dell.com/support/home/product-support/product/poweredge-c6420/drivers

PowerEdge FC640

BIOS

Versions prior to 2.22.2

Version 2.22.2 or later

https://www.dell.com/support/home/product-support/product/poweredge-fc640/drivers

PowerEdge M640

BIOS

Versions prior to 2.22.2

Version 2.22.2 or later

https://www.dell.com/support/home/product-support/product/poweredge-m640/drivers

PowerEdge M640 (for PE VRTX)

BIOS

Versions prior to 2.22.2

Version 2.22.2 or later

https://www.dell.com/support/home/product-support/product/poweredge-m640p/drivers

PowerEdge MX740C

BIOS

Versions prior to 2.22.1

Version 2.22.1 or later

https://www.dell.com/support/home/product-support/product/poweredge-mx740c/drivers

PowerEdge MX840C

BIOS

Versions prior to 2.22.1

Version 2.22.1 or later

https://www.dell.com/support/home/product-support/product/poweredge-mx840c/drivers

PowerEdge C4140

BIOS

Versions prior to 2.22.2

Version 2.22.2 or later

https://www.dell.com/support/home/product-support/product/poweredge-c4140/drivers

DSS 8440

BIOS

Versions prior to 2.22.2

Version 2.22.2 or later

https://www.dell.com/support/home/product-support/product/dell-dss-8440/drivers

PowerEdge XE2420

BIOS

Versions prior to 2.22.2

Version 2.22.2 or later

https://www.dell.com/support/home/product-support/product/poweredge-xe2420/drivers

PowerEdge XE7420

BIOS

Versions prior to 2.22.2

Version 2.22.2 or later

https://www.dell.com/support/home/product-support/product/poweredge-xe7420/drivers

PowerEdge XE7440

BIOS

Versions prior to 2.22.2

Version 2.22.2 or later

https://www.dell.com/support/home/product-support/product/poweredge-xe7440/drivers

Dell EMC Storage NX3240

BIOS

Versions prior to 2.22.2

Version 2.22.2 or later

https://www.dell.com/support/home/product-support/product/storage-nx3240/drivers

Dell EMC Storage NX3340

BIOS

Versions prior to 2.22.2

Version 2.22.2 or later

https://www.dell.com/support/home/product-support/product/storage-nx3340/drivers

Dell EMC XC Core 6420 System

BIOS

Versions prior to 2.22.2

Version 2.22.2 or later

https://www.dell.com/support/home/product-support/product/dell-xc6420-ent-xc/drivers

Dell EMC XC Core XC640 System

BIOS

Versions prior to 2.22.2

Version 2.22.2 or later

https://www.dell.com/support/home/product-support/product/dell-xc640-ent-xc/drivers

Dell EMC XC Core XC740xd System

BIOS

Versions prior to 2.22.2

Version 2.22.2 or later

https://www.dell.com/support/home/product-support/product/dell-xc740xd-ent-xc/drivers

Dell EMC XC Core XC740xd2

BIOS

Versions prior to 2.22.1

Version 2.22.1 or later

https://www.dell.com/support/home/product-support/product/dell-emc-xc740-xd2/drivers

Dell EMC XC Core XC940 System

BIOS

Versions prior to 2.22.2

Version 2.22.2 or later

https://www.dell.com/support/home/product-support/product/dell-xc940-ent-xc/drivers

Dell EMC XC Core XCXR2

BIOS

Versions prior to 2.22.1

Version 2.22.1 or later

https://www.dell.com/support/home/product-support/product/dell-emc-xc-core-xcxr2/drivers

Product

Software/Firmware

Affected Versions

Remediated Versions

Link

PowerEdge R740

BIOS

Versions prior to 2.22.2

Version 2.22.2 or later

https://www.dell.com/support/home/product-support/product/poweredge-r740/drivers

PowerEdge R740XD

BIOS

Versions prior to 2.22.2

Version 2.22.2 or later

https://www.dell.com/support/home/product-support/product/poweredge-r740xd/drivers

PowerEdge R640

BIOS

Versions prior to 2.22.2

Version 2.22.2 or later

https://www.dell.com/support/home/product-support/product/poweredge-r640/drivers

PowerEdge R940

BIOS

Versions prior to 2.22.2

Version 2.22.2 or later

https://www.dell.com/support/home/product-support/product/poweredge-r940/drivers

PowerEdge R540

BIOS

Versions prior to 2.22.1

Version 2.22.1 or later

https://www.dell.com/support/home/product-support/product/poweredge-r540/drivers

PowerEdge R440

BIOS

Versions prior to 2.22.1

Version 2.22.1 or later

https://www.dell.com/support/home/product-support/product/poweredge-r440/drivers

PowerEdge T440

BIOS

Versions prior to 2.22.1

Version 2.22.1 or later

https://www.dell.com/support/home/product-support/product/poweredge-t440/drivers

PowerEdge XR2

BIOS

Versions prior to 2.22.1

Version 2.22.1 or later

https://www.dell.com/support/home/product-support/product/oth-r440-xr/drivers

PowerEdge R740XD2

BIOS

Versions prior to 2.22.1

Version 2.22.1 or later

https://www.dell.com/support/home/product-support/product/poweredge-r740xd2/drivers

PowerEdge R840

BIOS

Versions prior to 2.22.1

Version 2.22.1 or later

https://www.dell.com/support/homeproduct-support/product/poweredge-r840/drivers

PowerEdge R940XA

BIOS

Versions prior to 2.22.1

Version 2.22.1 or later

https://www.dell.com/support/home/product-support/product/poweredge-r940xa/drivers

PowerEdge T640

BIOS

Versions prior to 2.22.1

Version 2.22.1 or later

https://www.dell.com/support/home/product-support/product/poweredge-t640/drivers

PowerEdge C6420

BIOS

Versions prior to 2.22.2

Version 2.22.2 or later

https://www.dell.com/support/home/product-support/product/poweredge-c6420/drivers

PowerEdge FC640

BIOS

Versions prior to 2.22.2

Version 2.22.2 or later

https://www.dell.com/support/home/product-support/product/poweredge-fc640/drivers

PowerEdge M640

BIOS

Versions prior to 2.22.2

Version 2.22.2 or later

https://www.dell.com/support/home/product-support/product/poweredge-m640/drivers

PowerEdge M640 (for PE VRTX)

BIOS

Versions prior to 2.22.2

Version 2.22.2 or later

https://www.dell.com/support/home/product-support/product/poweredge-m640p/drivers

PowerEdge MX740C

BIOS

Versions prior to 2.22.1

Version 2.22.1 or later

https://www.dell.com/support/home/product-support/product/poweredge-mx740c/drivers

PowerEdge MX840C

BIOS

Versions prior to 2.22.1

Version 2.22.1 or later

https://www.dell.com/support/home/product-support/product/poweredge-mx840c/drivers

PowerEdge C4140

BIOS

Versions prior to 2.22.2

Version 2.22.2 or later

https://www.dell.com/support/home/product-support/product/poweredge-c4140/drivers

DSS 8440

BIOS

Versions prior to 2.22.2

Version 2.22.2 or later

https://www.dell.com/support/home/product-support/product/dell-dss-8440/drivers

PowerEdge XE2420

BIOS

Versions prior to 2.22.2

Version 2.22.2 or later

https://www.dell.com/support/home/product-support/product/poweredge-xe2420/drivers

PowerEdge XE7420

BIOS

Versions prior to 2.22.2

Version 2.22.2 or later

https://www.dell.com/support/home/product-support/product/poweredge-xe7420/drivers

PowerEdge XE7440

BIOS

Versions prior to 2.22.2

Version 2.22.2 or later

https://www.dell.com/support/home/product-support/product/poweredge-xe7440/drivers

Dell EMC Storage NX3240

BIOS

Versions prior to 2.22.2

Version 2.22.2 or later

https://www.dell.com/support/home/product-support/product/storage-nx3240/drivers

Dell EMC Storage NX3340

BIOS

Versions prior to 2.22.2

Version 2.22.2 or later

https://www.dell.com/support/home/product-support/product/storage-nx3340/drivers

Dell EMC XC Core 6420 System

BIOS

Versions prior to 2.22.2

Version 2.22.2 or later

https://www.dell.com/support/home/product-support/product/dell-xc6420-ent-xc/drivers

Dell EMC XC Core XC640 System

BIOS

Versions prior to 2.22.2

Version 2.22.2 or later

https://www.dell.com/support/home/product-support/product/dell-xc640-ent-xc/drivers

Dell EMC XC Core XC740xd System

BIOS

Versions prior to 2.22.2

Version 2.22.2 or later

https://www.dell.com/support/home/product-support/product/dell-xc740xd-ent-xc/drivers

Dell EMC XC Core XC740xd2

BIOS

Versions prior to 2.22.1

Version 2.22.1 or later

https://www.dell.com/support/home/product-support/product/dell-emc-xc740-xd2/drivers

Dell EMC XC Core XC940 System

BIOS

Versions prior to 2.22.2

Version 2.22.2 or later

https://www.dell.com/support/home/product-support/product/dell-xc940-ent-xc/drivers

Dell EMC XC Core XCXR2

BIOS

Versions prior to 2.22.1

Version 2.22.1 or later

https://www.dell.com/support/home/product-support/product/dell-emc-xc-core-xcxr2/drivers
  • The Affected Products and Remediation table above may not be a comprehensive list of all affected supported versions and may be updated as more information becomes available.
  • Due to updates to address a functional issue, the previous BIOS versions for 14G PowerEdge platforms were replaced by the updated versions. Dell recommends all customers update to the available BIOS versions.     

Revision History

RevisionDateDescription
1.02024-08-28Initial Release
2.02024-09-10
  • Updated the 'Remediated Versions' and 'Link' columns under "AFFECTED PRODUCTS AND REMEDIATION" section.
  • Updated the wordings " Due to a sighting, Dell has demoted an earlier version of the BIOS for 14G PowerEdge servers and is working to release an updated version." under Additional Information section.
3.02024-10-11
  • Updated the "AFFECTED PRODUCTS AND REMEDIATION" section for 14G PowerEdge platforms.
  • Updated the Additional Information section.
4.02024-11-01Formatting change with no content update.
5.02024-11-12Formatting change with no content update.

Acknowledgements

Dell would like to thank codebreaker1337 for reporting this issue.

Related Information

Dell Security Advisories and Notices
Dell Vulnerability Response Policy
CVSS Scoring Guide

Νομική αποποίηση ευθύνης

Επηρεαζόμενα προϊόντα

DSS 8440, Dell EMC XC Core XCXR2, Dell EMC XC Core XC740xd2, Dell EMC XC Core XC640 System, Dell EMC XC Core 6420 System, Dell EMC XC Core XC740xd System, Dell EMC XC Core XC940 System, PowerEdge XR2, Poweredge C4140, PowerEdge C6420, PowerEdge FC640 , PowerEdge M640, PowerEdge M640 (for PE VRTX), PowerEdge MX740C, PowerEdge MX840C, PowerEdge R440, PowerEdge R540, PowerEdge R640, PowerEdge R740, PowerEdge R740XD, PowerEdge R740XD2, PowerEdge R840, PowerEdge R940, PowerEdge R940xa, PowerEdge T440, PowerEdge T640, PowerEdge XE2420, PowerEdge XE7420, PowerEdge XE7440, Dell EMC Storage NX3240, Dell EMC Storage NX3340 ...
Ιδιότητες άρθρου
Article Number: 000228135
Article Type: Dell Security Advisory
Τελευταία τροποποίηση: 18 Νοε 2024
Βρείτε απαντήσεις στις ερωτήσεις σας από άλλους χρήστες της Dell
Υπηρεσίες υποστήριξης
Ελέγξτε αν η συσκευή σας καλύπτεται από τις Υπηρεσίες υποστήριξης.