Dell Unity: Is Unity affected by CVE-2024-6409 Vulnerability (User Correctable)

Summary: This article details the susceptibility of Dell Unity to the vulnerabilities detailed in CVE-2024-6409.

This article applies to This article does not apply to This article is not tied to any specific product. Not all product versions are identified in this article.
Check out other resources

Symptoms

Information on whether or not Dell Unity is vulnerable to CVE-2024-6409.

NVD - CVE-2024-6409This hyperlink is taking you to a website outside of Dell Technologies.

Cause

A race condition vulnerability was discovered in how signals are handled by OpenSSH's server (sshd). If a remote attacker does not authenticate within a set time period, then sshd's SIGALRM handler is called asynchronously. However, this signal handler calls various functions that are not async-signal-safe, for example, syslog(). As a consequence of a successful attack, in the worst case scenario, an attacker may be able to perform a remote code execution (RCE) as an unprivileged user running the sshd server.

Resolution

Unity should not be impacted as the mentioned CVE only impacts Openssh version above 8.7 and the current Unity OE version 5.4 runs Openssh 7.6.

CVE-2024-6409 Common Vulnerabilities and Exposures | SUSEThis hyperlink is taking you to a website outside of Dell Technologies.

Affected Products

Dell EMC Unity, Dell EMC Unity Family |Dell EMC Unity All Flash, Dell EMC Unity Hybrid, Dell EMC UnityVSA Professional Edition/Unity Cloud Edition
Article Properties
Article Number: 000254342
Article Type: Solution
Last Modified: 17 Oct 2025
Version:  2
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.