DSA-2024-445: Security Update for Dell VxFlex Ready Node and PowerFlex Custom Node Multiple Third-Party Component Vulnerabilities

Table of Contents

Detailed Article

Impact

Affected Products & Remediation

Revision History

Related Info

Legal Disclaimer

Affected Products

Provide Feedback

Summary: Dell VxFlex Ready Node and PowerFlex Custom Node remediation is available for multiple security vulnerabilities that could be exploited by malicious users to compromise the affected system. ...

This article applies to This article does not apply to This article is not tied to any specific product. Not all product versions are identified in this article.

Check out other resources

Impact

High

Details

Third-party Component	CVEs	More Information
Dell PowerEdge Server BIOS	CVE-2023-31315 CVE-2024-24980 CVE-2023-31355, CVE-2024-21978, CVE-2024-21980 CVE-2024-0171 CVE-2024-22374, CVE-2024-21801, CVE-2024-22376, CVE-2024-21810, CVE-2024-23497, CVE-2024-23981, CVE-2024-24986, CVE-2024-21807, CVE-2024-21769, CVE-2024-24983, CVE-2024-23499, CVE-2024-21806 CVE-2023-45745, CVE-2023-47855, CVE-2023-49141 CVE-2024-24980 CVE-2024-24980 CVE-2023-49141	DSA-2024-344 DSA-2024-308 DSA-2024-306 DSA-2024-039 DSA-2024-359 DSA-2024-160
iDRAC	CVE-2024-6387 CVE-2024-38433	DSA-2024-342 DSA-2024-223

Third-party Component

CVEs

More Information

Dell PowerEdge Server BIOS

CVE-2023-31315

CVE-2024-24980

CVE-2023-31355, CVE-2024-21978, CVE-2024-21980

CVE-2024-0171

CVE-2024-22374, CVE-2024-21801, CVE-2024-22376, CVE-2024-21810, CVE-2024-23497, CVE-2024-23981, CVE-2024-24986, CVE-2024-21807, CVE-2024-21769, CVE-2024-24983, CVE-2024-23499, CVE-2024-21806

CVE-2023-45745, CVE-2023-47855, CVE-2023-49141

CVE-2024-24980

CVE-2023-49141

iDRAC

CVE-2024-6387

CVE-2024-38433

DSA-2024-342

DSA-2024-223

Dell Technologies recommends all customers consider both the CVSS base score and any relevant temporal and environmental scores that may impact the potential severity associated with a particular security vulnerability.

Affected Products & Remediation

Product	Software/Firmware	Affected Versions	Remediated Versions	Link
VxFlex Ready Node	Dell PowerEdge BIOS –14G R640, R740, R840	Versions prior to 2.21.2	Version 2.21.2	Downloads (in case of upgrade using OME)
PowerFlex Custom Node	Dell PowerEdge BIOS –15G R650 and R750	Versions prior to 1.14.1	Version 1.14.1	Downloads (in case of upgrade using OME)
PowerFlex Custom Node	Dell PowerEdge BIOS –15G AMD R6525	Versions prior to 2.15.2	Version 2.15.2	Downloads (in case of upgrade using OME)
PowerFlex Custom Node	Dell PowerEdge BIOS –16G R660 and R760	Versions prior to 2.2.7	Version 2.2.7	Downloads (in case of upgrade using OME)
PowerFlex Custom Node	Dell PowerEdge BIOS –16G AMD R6625 and R7625	Versions prior to 1.8.3	Version 1.8.3	Downloads (in case of upgrade using OME)

Product	Software/Firmware	Affected Versions	Remediated Versions	Link
VxFlex Ready Node	Dell PowerEdge BIOS –14G R640, R740, R840	Versions prior to 2.21.2	Version 2.21.2	Downloads (in case of upgrade using OME)
PowerFlex Custom Node	Dell PowerEdge BIOS –15G R650 and R750	Versions prior to 1.14.1	Version 1.14.1	Downloads (in case of upgrade using OME)
PowerFlex Custom Node	Dell PowerEdge BIOS –15G AMD R6525	Versions prior to 2.15.2	Version 2.15.2	Downloads (in case of upgrade using OME)
PowerFlex Custom Node	Dell PowerEdge BIOS –16G R660 and R760	Versions prior to 2.2.7	Version 2.2.7	Downloads (in case of upgrade using OME)
PowerFlex Custom Node	Dell PowerEdge BIOS –16G AMD R6625 and R7625	Versions prior to 1.8.3	Version 1.8.3	Downloads (in case of upgrade using OME)

In the case of manual upgrade for VxFlex Ready Note, please see this link: https://www.dell.com/support/home/en-us/product-support/product/scaleio-ready-node--poweredge-14g/docs

In the case of manual upgrade for PowerFlex custom node, please see this link: https://www.dell.com/support/home/product-support/product/powerflex-custom-node/docs

Revision History

Revision	Date	Description
1.0	2024-11-06	Initial Release

Related Information

Legal Disclaimer

Affected Products

VxFlex Ready Nodes, PowerFlex custom node, PowerFlex custom node, PowerFlex custom node R650, PowerFlex custom node R6525, PowerFlex custom node R660, PowerFlex custom node R6625, PowerFlex custom node R750, PowerFlex custom node R760 , PowerFlex custom node R7625, VxFlex Ready Node, VxFlex Ready Node R640, VxFlex Ready Node R740xd, VxFlex Ready Node R840 ...

Article Number: 000245285

Article Type: Dell Security Advisory

Last Modified: 06 Nov 2024

Check if your device is covered by Support Services.

DSA-2024-445: Security Update for Dell VxFlex Ready Node and PowerFlex Custom Node Multiple Third-Party Component Vulnerabilities

Summary: Dell VxFlex Ready Node and PowerFlex Custom Node remediation is available for multiple security vulnerabilities that could be exploited by malicious users to compromise the affected system. ...

Impact

Details

Affected Products & Remediation

Revision History

Related Information

Legal Disclaimer

Affected Products

Article Properties

Find answers to your questions from other Dell users

Support Services

Article Properties

Find answers to your questions from other Dell users

Support Services

DSA-2024-445: Security Update for Dell VxFlex Ready Node and PowerFlex Custom Node Multiple Third-Party Component Vulnerabilities

Summary: Dell VxFlex Ready Node and PowerFlex Custom Node remediation is available for multiple security vulnerabilities that could be exploited by malicious users to compromise the affected system. ... View More View Less

Detailed Article

Impact

Details

Affected Products & Remediation

Revision History

Related Info

Legal Disclaimer

Affected Products

Impact

Details

Affected Products & Remediation

Revision History

Related Information

Legal Disclaimer

Affected Products

Article Properties

Find answers to your questions from other Dell users

Support Services

Article Properties

Find answers to your questions from other Dell users

Support Services

Summary: Dell VxFlex Ready Node and PowerFlex Custom Node remediation is available for multiple security vulnerabilities that could be exploited by malicious users to compromise the affected system. ...