DSA-2024-039: Security Update for Dell AMD-based PowerEdge Server Vulnerability
Summary: Dell PowerEdge Server remediation is available for AMD Server vulnerability that could be exploited by malicious users to compromise the affected systems.
This article applies to
This article does not apply to
This article is not tied to any specific product.
Not all product versions are identified in this article.
Impact
Medium
Details
| Proprietary Code CVEs | Description | CVSS Base Score | CVSS Vector String |
|---|---|---|---|
| CVE-2024-0171 | Dell PowerEdge Server BIOS contains an TOCTOU race condition vulnerability. A local low privileged attacker could potentially exploit this vulnerability to gain access to otherwise unauthorized resources. | 5.3 | CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L |
| Proprietary Code CVEs | Description | CVSS Base Score | CVSS Vector String |
|---|---|---|---|
| CVE-2024-0171 | Dell PowerEdge Server BIOS contains an TOCTOU race condition vulnerability. A local low privileged attacker could potentially exploit this vulnerability to gain access to otherwise unauthorized resources. | 5.3 | CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L |
Affected Products & Remediation
| Product | Software/Firmware | Affected Versions | Remediated Versions | Link |
|---|---|---|---|---|
| PowerEdge R6615 | BIOS | Versions prior to 1.8.3 | Version 1.8.3 or later | https://www.dell.com/support/home/product-support/product/poweredge-r6615/drivers |
| PowerEdge R7615 | BIOS | Versions prior to 1.8.3 | Version 1.8.3 or later | https://www.dell.com/support/home/product-support/product/poweredge-r7615/drivers |
| PowerEdge R6625 | BIOS | Versions prior to 1.8.3 | Version 1.8.3 or later | https://www.dell.com/support/home/product-support/product/poweredge-r6625/drivers |
| PowerEdge R7625 | BIOS | Versions prior to 1.8.3 | Version 1.8.3 or later | https://www.dell.com/support/home/product-support/product/poweredge-r7625/drivers |
| PowerEdge C6615 | BIOS | Versions prior to 1.3.3 | Version 1.3.3 or later | https://www.dell.com/support/home/product-support/product/poweredge-c6615/drivers |
| Dell XC Core XC7625 | BIOS | Versions prior to 1.8.3 | Version 1.8.3 or later | https://www.dell.com/support/home/product-support/product/dell-xc7625-core/drivers |
| Product | Software/Firmware | Affected Versions | Remediated Versions | Link |
|---|---|---|---|---|
| PowerEdge R6615 | BIOS | Versions prior to 1.8.3 | Version 1.8.3 or later | https://www.dell.com/support/home/product-support/product/poweredge-r6615/drivers |
| PowerEdge R7615 | BIOS | Versions prior to 1.8.3 | Version 1.8.3 or later | https://www.dell.com/support/home/product-support/product/poweredge-r7615/drivers |
| PowerEdge R6625 | BIOS | Versions prior to 1.8.3 | Version 1.8.3 or later | https://www.dell.com/support/home/product-support/product/poweredge-r6625/drivers |
| PowerEdge R7625 | BIOS | Versions prior to 1.8.3 | Version 1.8.3 or later | https://www.dell.com/support/home/product-support/product/poweredge-r7625/drivers |
| PowerEdge C6615 | BIOS | Versions prior to 1.3.3 | Version 1.3.3 or later | https://www.dell.com/support/home/product-support/product/poweredge-c6615/drivers |
| Dell XC Core XC7625 | BIOS | Versions prior to 1.8.3 | Version 1.8.3 or later | https://www.dell.com/support/home/product-support/product/dell-xc7625-core/drivers |
The Affected Products and Remediation table above may not be a comprehensive list of all affected supported versions and may be updated as more information becomes available.
Revision History
| Revision | Date | Description |
|---|---|---|
| 1.0 | 2024-06-24 | Initial release |
| 2.0 | 2024-11-08 | Format update with no content change |
Related Information
Legal Disclaimer
Affected Products
Dell XC Core XC7625, PowerEdge C6615, PowerEdge R6615, PowerEdge R6625, PowerEdge R7615, PowerEdge R7625Article Properties
Article Number: 000226253
Article Type: Dell Security Advisory
Last Modified: 11 Nov 2024
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.