DSA-2024-034: Security Update for Dell PowerEdge Server BIOS for an Improper Parameter Initialization Vulnerability
Summary:Dell PowerEdge Server BIOS remediation is available for an improper parameter initialization vulnerability that could be exploited by malicious users to compromise the affected system.
Please select a product to check article relevancy
This article applies to This article does not apply toThis article is not tied to any specific product.Not all product versions are identified in this article.
Dell PowerEdge Server BIOS and Dell Precision Rack BIOS contain an improper parameter initialization vulnerability. A local low privileged attacker could potentially exploit this vulnerability to read the contents of non-SMM stack memory.
Dell PowerEdge Server BIOS and Dell Precision Rack BIOS contain an improper parameter initialization vulnerability. A local low privileged attacker could potentially exploit this vulnerability to read the contents of non-SMM stack memory.
Dell PowerEdge Server BIOS and Dell Precision Rack BIOS contain an improper parameter initialization vulnerability. A local low privileged attacker could potentially exploit this vulnerability to read the contents of non-SMM stack memory.
Dell PowerEdge Server BIOS and Dell Precision Rack BIOS contain an improper parameter initialization vulnerability. A local low privileged attacker could potentially exploit this vulnerability to read the contents of non-SMM stack memory.
Dell Technologies recommends all customers consider both the CVSS base score and any relevant temporal and environmental scores that may impact the potential severity associated with a particular security vulnerability.
The Affected Products and Remediation table above may not be a comprehensive list of all affected supported versions and may be updated as more information becomes available.
Due to updates to address a functional issue, the previous BIOS version 1.7.6 for 16G E5 platforms was replaced by 1.8.0. Dell recommends all customers update to BIOS version 1.8.0.
Workarounds & Mitigations
None
Revision History
Revision
Date
Description
1.0
2024-03-12
Initial release
2.0
2024-03-13
Updated the CVE description to add "Dell Precision Rack BIOS"
Updated the BIOS availability for DSS 8440, PowerEdge XE2420, PowerEdge XE7420, PowerEdge XE7440
Corrected the BIOS version for PowerEdge T130, PowerEdge R230, PowerEdge T330, PowerEdge R330, Dell Storage NX430
Updated release versions for 16G platforms due to BIOS re-spin.
Updated the wordings "Due to updates to address a functional issue, the previous BIOS version 1.7.6 for 16G E5 platforms was replaced by 1.8.0. Dell recommends all customers update to BIOS version 1.8.0." under the Additional Information section.
Added Dell EMC NX440 to the list of impacted products.
6.0
2024-04-09
Updated the downloadable links for DSS 8440, PowerEdge XE2420, PowerEdge XE7420, PowerEdge XE7440
Corrected the BIOS version for PowerEdge XE2420
7.0
2024-06-13
Updated for enhanced presentation with no changes to content
Acknowledgements
Dell would like to thank codebreaker1337 for reporting this issue.