Skip to main content
  • Place orders quickly and easily
  • View orders and track your shipping status
  • Enjoy members-only rewards and discounts
  • Create and access a list of your products
  • Manage your Dell EMC sites, products, and product-level contacts using Company Administration.

Article Number: 000187958


DSA-2021-103: Dell PowerEdge Server Security Update for BIOS Vulnerabilities

Summary: Dell PowerEdge Server BIOS remediation is available for multiple security vulnerabilities in the BIOS that may be exploited by malicious users to compromise the affected system.

Article Content


Impact

High

Details

Proprietary Code CVEs Description CVSS Base Score CVSS Vector String
CVE-2021-21554
  • Dell PowerEdge R640, R740, R740XD, R840, R940, R940xa, MX740c, MX840c, and, Dell Precision 7920 Rack Workstation BIOS contain a stack-based buffer overflow vulnerability in systems with Intel Optane DC Persistent Memory installed. A local malicious user with high privileges may potentially exploit this vulnerability, leading to a denial of Service, arbitrary code execution, or information disclosure in UEFI or BIOS Preboot Environment.
6.1 CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:L
CVE-2021-21555
  • Dell PowerEdge R640, R740, R740XD, R840, R940, R940xa, MX740c, MX840c, and T640 Server BIOS contain a heap-based buffer overflow vulnerability in systems with NVDIMM-N installed. A local malicious user with high privileges may potentially exploit this vulnerability, leading to a denial of Service, arbitrary code execution, or information disclosure in UEFI or BIOS Preboot Environment.
6.1

CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:L

CVE-2021-21556
  • Dell PowerEdge R640, R740, R740XD, R840, R940, R940xa, MX740c, MX840c, and T640 Server BIOS contain a stack-based buffer overflow vulnerability in systems with NVDIMM-N installed. A local malicious user with high privileges may potentially exploit this vulnerability, leading to a denial of Service, arbitrary code execution, or information disclosure in UEFI or BIOS Preboot Environment.
6.1 CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:L
CVE-2021-21557
  • Dell PowerEdge Server BIOS and Dell Precision Rack BIOS contain an out-of-bounds array access vulnerability. A local malicious user with high privileges may potentially exploit this vulnerability, leading to a denial of service, arbitrary code execution, or information disclosure in System Management Mode.
8.1 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:L
Proprietary Code CVEs Description CVSS Base Score CVSS Vector String
CVE-2021-21554
  • Dell PowerEdge R640, R740, R740XD, R840, R940, R940xa, MX740c, MX840c, and, Dell Precision 7920 Rack Workstation BIOS contain a stack-based buffer overflow vulnerability in systems with Intel Optane DC Persistent Memory installed. A local malicious user with high privileges may potentially exploit this vulnerability, leading to a denial of Service, arbitrary code execution, or information disclosure in UEFI or BIOS Preboot Environment.
6.1 CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:L
CVE-2021-21555
  • Dell PowerEdge R640, R740, R740XD, R840, R940, R940xa, MX740c, MX840c, and T640 Server BIOS contain a heap-based buffer overflow vulnerability in systems with NVDIMM-N installed. A local malicious user with high privileges may potentially exploit this vulnerability, leading to a denial of Service, arbitrary code execution, or information disclosure in UEFI or BIOS Preboot Environment.
6.1

CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:L

CVE-2021-21556
  • Dell PowerEdge R640, R740, R740XD, R840, R940, R940xa, MX740c, MX840c, and T640 Server BIOS contain a stack-based buffer overflow vulnerability in systems with NVDIMM-N installed. A local malicious user with high privileges may potentially exploit this vulnerability, leading to a denial of Service, arbitrary code execution, or information disclosure in UEFI or BIOS Preboot Environment.
6.1 CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:L
CVE-2021-21557
  • Dell PowerEdge Server BIOS and Dell Precision Rack BIOS contain an out-of-bounds array access vulnerability. A local malicious user with high privileges may potentially exploit this vulnerability, leading to a denial of service, arbitrary code execution, or information disclosure in System Management Mode.
8.1 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:L
Dell Technologies recommends all customers consider both the CVSS base score and any relevant temporal and environmental scores that may impact the potential severity associated with a particular security vulnerability.

Affected Products and Remediation

CVEs Addressed Product Affected Versions Updated Versions and Newer Link to Update
CVE-2021-21554
 
R640 Before 2.9.4 2.9.4 R640 Drivers & Downloads
R740 R740 Drivers & Downloads
R740XD R740XD Drivers & Downloads
R940 R940 Drivers & Downloads
R840 R840 Drivers & Downloads
R940XA R940XA Drivers & Downloads
MX740C MX740C Drivers & Downloads
MX840C MX840C Drivers & Downloads
CVE-2021-21555
CVE-2021-21556
R640 Before 2.11.2 2.11.2 R640 Drivers & Downloads
R740 R740 Drivers & Downloads
R740XD R740XD Drivers & Downloads
R940 R940 Drivers & Downloads
R840 R840 Drivers & Downloads
R940XA R940XA Drivers & Downloads
T640 T640 Drivers & Downloads
MX740C MX740C Drivers & Downloads
MX840C MX840C Drivers & Downloads
CVE-2021-21557
 
R640 Before 2.11.2 2.11.2 R640 Drivers & Downloads
R740 R740 Drivers & Downloads
R740XD R740XD Drivers & Downloads
R940 R940 Drivers & Downloads
R540 Before 2.11.2 2.11.2 R540 Drivers & Downloads
R440 R440 Drivers & Downloads
T440 T440 Drivers & Downloads
XR2 XR2 Drivers & Downloads
R740XD2 Before 2.11.2 2.11.2 R740XD2 Drivers & Downloads
R840 Before 2.11.2 2.11.2
 
R840 Drivers & Downloads
R940XA R940XA Drivers & Downloads
T640 Before 2.11.2 2.11.2 T640 Drivers & Downloads
C6420 Before 2.11.2   C6420 Drivers & Downloads
FC640 Before 2.11.2 2.11.2 FC640 Drivers & Downloads
M640 M640 Drivers & Downloads
M640P M640P Drivers & Downloads
MX740C Before 2.11.2 2.11.2 MX740C Drivers & Downloads
MX840C Before 2.11.2 2.11.2 MX840C Drivers & Downloads
C4140 Before 2.11.2 2.11.2 C4140 Drivers & Downloads
T140 Before 2.5.1 2.5.1 T140 Drivers & Downloads
T340 T340 Drivers & Downloads
R240 R240 Drivers & Downloads
R340 R340 Drivers & Downloads
R6415 Before 1.16.1 1.16.1 R6415 Drivers & Downloads
R7415 R7415 Drivers & Downloads
R7425 Before 1.16.1 1.16.1 R7425 Drivers & Downloads
R6515 Before 2.2.4 2.2.4 R6515 Drivers & Downloads
R7515 R7515 Drivers & Downloads
R6525 Before 2.2.5 2.2.5 R6525 Drivers & Downloads
R7525 R7525 Drivers & Downloads
C6525 Before 2.2.4 2.2.4 C6525 Drivers & Downloads

Note:
  • The table above may not be a comprehensive list of all affected supported versions and may be updated as more information becomes available.
CVEs Addressed Product Affected Versions Updated Versions and Newer Link to Update
CVE-2021-21554
 
R640 Before 2.9.4 2.9.4 R640 Drivers & Downloads
R740 R740 Drivers & Downloads
R740XD R740XD Drivers & Downloads
R940 R940 Drivers & Downloads
R840 R840 Drivers & Downloads
R940XA R940XA Drivers & Downloads
MX740C MX740C Drivers & Downloads
MX840C MX840C Drivers & Downloads
CVE-2021-21555
CVE-2021-21556
R640 Before 2.11.2 2.11.2 R640 Drivers & Downloads
R740 R740 Drivers & Downloads
R740XD R740XD Drivers & Downloads
R940 R940 Drivers & Downloads
R840 R840 Drivers & Downloads
R940XA R940XA Drivers & Downloads
T640 T640 Drivers & Downloads
MX740C MX740C Drivers & Downloads
MX840C MX840C Drivers & Downloads
CVE-2021-21557
 
R640 Before 2.11.2 2.11.2 R640 Drivers & Downloads
R740 R740 Drivers & Downloads
R740XD R740XD Drivers & Downloads
R940 R940 Drivers & Downloads
R540 Before 2.11.2 2.11.2 R540 Drivers & Downloads
R440 R440 Drivers & Downloads
T440 T440 Drivers & Downloads
XR2 XR2 Drivers & Downloads
R740XD2 Before 2.11.2 2.11.2 R740XD2 Drivers & Downloads
R840 Before 2.11.2 2.11.2
 
R840 Drivers & Downloads
R940XA R940XA Drivers & Downloads
T640 Before 2.11.2 2.11.2 T640 Drivers & Downloads
C6420 Before 2.11.2   C6420 Drivers & Downloads
FC640 Before 2.11.2 2.11.2 FC640 Drivers & Downloads
M640 M640 Drivers & Downloads
M640P M640P Drivers & Downloads
MX740C Before 2.11.2 2.11.2 MX740C Drivers & Downloads
MX840C Before 2.11.2 2.11.2 MX840C Drivers & Downloads
C4140 Before 2.11.2 2.11.2 C4140 Drivers & Downloads
T140 Before 2.5.1 2.5.1 T140 Drivers & Downloads
T340 T340 Drivers & Downloads
R240 R240 Drivers & Downloads
R340 R340 Drivers & Downloads
R6415 Before 1.16.1 1.16.1 R6415 Drivers & Downloads
R7415 R7415 Drivers & Downloads
R7425 Before 1.16.1 1.16.1 R7425 Drivers & Downloads
R6515 Before 2.2.4 2.2.4 R6515 Drivers & Downloads
R7515 R7515 Drivers & Downloads
R6525 Before 2.2.5 2.2.5 R6525 Drivers & Downloads
R7525 R7525 Drivers & Downloads
C6525 Before 2.2.4 2.2.4 C6525 Drivers & Downloads

Note:
  • The table above may not be a comprehensive list of all affected supported versions and may be updated as more information becomes available.

Acknowledgements

Dell Technologies would like to thank Alexander Tereshkin and Alexander Matrosov of NVIDIA Product Security Team for reporting these issues.

Revision History

RevisionDateDescription
1.02021-06-08Initial release

Related Information


Article Properties


Affected Product
PowerEdge, PowerEdge XR2, Poweredge C4140, PowerEdge C6420, PowerEdge C6525, PowerEdge FC640, PowerEdge M640, PowerEdge M640 (for PE VRTX), PowerEdge MX740C, PowerEdge MX840C, PowerEdge R240, PowerEdge R340, PowerEdge R440, PowerEdge R540 , PowerEdge R640, PowerEdge R6415, PowerEdge R6515, PowerEdge R6525, PowerEdge R740, PowerEdge R740XD, PowerEdge R740XD2, PowerEdge R7415, PowerEdge R7425, PowerEdge R7515, PowerEdge R7525, PowerEdge R840, PowerEdge R940, PowerEdge R940xa, PowerEdge T140, PowerEdge T340, PowerEdge T440, PowerEdge T640, Product Security Information ...
Last Published Date

11 Jun 2021

Version

2

Article Type

Dell Security Advisory