DSA-2024-006: 不適切なSMM通信バッファー検証の脆弱性に対するDell PowerEdgeサーバーBIOSのセキュリティ アップデート
Summary: Dell PowerEdgeサーバーBIOSの修復は、影響を受けるシステムを侵害するために悪意のあるユーザーによって悪用される可能性のある不適切なSMM通信バッファー検証の脆弱性に対して利用できます。
This article applies to
This article does not apply to
This article is not tied to any specific product.
Not all product versions are identified in this article.
Impact
High
Details
| 専用コードCVE | 説明 | CVSS基本スコア | CVSS Vector文字列 |
|---|---|---|---|
| CVE-2024-0161 | Dell PowerEdgeサーバーBIOSおよびDell Precision Rack BIOSには、不適切なSMM通信バッファー検証の脆弱性が含まれています。権限の低いローカルの攻撃者がこの脆弱性を悪用し、SMRAMに任意の書き込みをする可能性があります。 | 7.2 | CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:H/A:H |
| 専用コードCVE | 説明 | CVSS基本スコア | CVSS Vector文字列 |
|---|---|---|---|
| CVE-2024-0161 | Dell PowerEdgeサーバーBIOSおよびDell Precision Rack BIOSには、不適切なSMM通信バッファー検証の脆弱性が含まれています。権限の低いローカルの攻撃者がこの脆弱性を悪用し、SMRAMに任意の書き込みをする可能性があります。 | 7.2 | CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:H/A:H |
Affected Products & Remediation
上記の「対象製品と修復」の表は、サポート対象のすべてのバージョンを網羅したリストではない可能性があり、詳細情報が公開された時点で更新される可能性があります。
Workarounds & Mitigations
なし
Revision History
| リビジョン | 日付 | 説明 |
|---|---|---|
| 1.0 | 2024-03-12 | イニシャル リリース |
| 2.0を切り替える方法 | 2024-03-13 |
|
| 3.0 | 2024-03-18 |
|
| 4.0 | 2024-03-21 |
|
| 5.0 | 2024-04-09 |
|
| 6.0 | 2024-06-13 | 内容を変更せずにプレゼンテーションを強化するために更新しました |
Acknowledgements
この問題の報告は、codebreaker1337 氏および BUPT の schur 氏、Dubhe Lab 氏にお礼申し上げます。
Related Information
Legal Disclaimer
Affected Products
DSS 8440, Dell EMC XC Core XCXR2, Dell EMC XC Core XC450, Dell EMC XC Core XC650, Dell EMC XC Core XC6520, Dell EMC XC Core XC740xd2, Dell EMC XC Core XC750, Dell EMC XC Core XC750xa, Dell XC430 Hyper-converged Appliance
, Dell XC630 Hyper-converged Appliance, Dell XC6320 Hyper-converged Appliance, Dell EMC XC Core XC640 System, Dell EMC XC Core 6420 System, Dell XC730 Hyper-converged Appliance, Dell XC730XD Hyper-converged Appliance, Dell EMC XC Core XC740xd System, Dell EMC XC Core XC940 System, PowerEdge XR2, PowerEdge C4130, Poweredge C4140, PowerEdge c6320, PowerEdge C6420, PowerEdge C6520, Poweredge FC430, Poweredge FC630, PowerEdge FC640, Poweredge FC830, PowerEdge M630, PowerEdge M630 (for PE VRTX), PowerEdge M640, PowerEdge M640 (for PE VRTX), PowerEdge M830, PowerEdge M830 (for PE VRTX), PowerEdge MX740C, PowerEdge MX750c, PowerEdge MX840C, PowerEdge R230, PowerEdge R250, PowerEdge R330, PowerEdge R350, PowerEdge R360, PowerEdge R430, PowerEdge R440, PowerEdge R450, PowerEdge R530, PowerEdge R540, PowerEdge R550, PowerEdge R630, PowerEdge R640, PowerEdge R650, PowerEdge R650xs, PowerEdge R730, PowerEdge R730xd, PowerEdge R740, PowerEdge R740XD, PowerEdge R740XD2, PowerEdge R750, PowerEdge R750XA, PowerEdge R750xs, PowerEdge R830, PowerEdge R840, PowerEdge R930, PowerEdge R940, PowerEdge R940xa, PowerEdge T130, PowerEdge T150, PowerEdge T330, PowerEdge T350, PowerEdge T360, PowerEdge T430, PowerEdge T440, PowerEdge T550, PowerEdge T630, PowerEdge T640, PowerEdge XE2420, PowerEdge XE7420, PowerEdge XE7440, PowerEdge XR11, PowerEdge XR12, PowerEdge XR4510c, PowerEdge XR4520c, Dell Storage NX3230, Dell EMC Storage NX3240, Dell Storage NX3330, Dell EMC Storage NX3340, Dell Storage NX430
...
Article Properties
Article Number: 000222979
Article Type: Dell Security Advisory
Last Modified: 30 Jun 2025
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.