DSA-2024-086: Security Update for Dell iDRAC Service Module for Memory Corruption Vulnerabilities
Resumen: Dell iDRAC Service Module remediation is available for multiple security vulnerabilities that could be exploited by malicious users to compromise the affected system.
Este artículo se aplica a:
Este artículo no se aplica a:
Este artículo no está vinculado a ningún producto específico.
En este artículo no se identifican todas las versiones de los productos.
Impacto
Medium
Detalles
| Proprietary Code CVEs | Description | CVSS Base Score | CVSS Vector String |
|---|---|---|---|
| CVE-2024-25948 | Dell iDRAC Service Module version 5.3.0.0 and prior, contain a Out of bound Write Vulnerability. A privileged local attacker could execute arbitrary code potentially resulting in a denial of service event. | 4.8 | CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:H |
| CVE-2024-25947 | Dell iDRAC Service Module version 5.3.0.0 and prior, contain an Out of bound Read Vulnerability. A privileged local attacker could execute arbitrary code potentially resulting in a denial of service event. | 4.8 | CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:H |
| CVE-2024-38489 | Dell iDRAC Service Module version 5.3.0.0 and prior contains Out of bound write Vulnerability. A privileged local attacker could execute arbitrary code potentially resulting in a denial of service (partial) event. | 3.1 | CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:L |
| CVE-2024-38490 | Dell iDRAC Service Module version 5.3.0.0 and prior, contain a Out of bound Write Vulnerability. A privileged local attacker could execute arbitrary code potentially resulting in a denial of service event. | 5.8 | CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:H |
| CVE-2024-38481 | Dell iDRAC Service Module version 5.3.0.0 and prior, contain a Out of bound Read Vulnerability. A privileged local attacker could execute arbitrary code potentially resulting in a denial of service event. | 4.8 | CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:H |
| Proprietary Code CVEs | Description | CVSS Base Score | CVSS Vector String |
|---|---|---|---|
| CVE-2024-25948 | Dell iDRAC Service Module version 5.3.0.0 and prior, contain a Out of bound Write Vulnerability. A privileged local attacker could execute arbitrary code potentially resulting in a denial of service event. | 4.8 | CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:H |
| CVE-2024-25947 | Dell iDRAC Service Module version 5.3.0.0 and prior, contain an Out of bound Read Vulnerability. A privileged local attacker could execute arbitrary code potentially resulting in a denial of service event. | 4.8 | CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:H |
| CVE-2024-38489 | Dell iDRAC Service Module version 5.3.0.0 and prior contains Out of bound write Vulnerability. A privileged local attacker could execute arbitrary code potentially resulting in a denial of service (partial) event. | 3.1 | CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:L |
| CVE-2024-38490 | Dell iDRAC Service Module version 5.3.0.0 and prior, contain a Out of bound Write Vulnerability. A privileged local attacker could execute arbitrary code potentially resulting in a denial of service event. | 5.8 | CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:H |
| CVE-2024-38481 | Dell iDRAC Service Module version 5.3.0.0 and prior, contain a Out of bound Read Vulnerability. A privileged local attacker could execute arbitrary code potentially resulting in a denial of service event. | 4.8 | CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:H |
Productos afectados y corrección
| Product | Affected Versions | Remediated Versions | Link |
|---|---|---|---|
| iDRAC Service Module | Versions prior to 5.3.0.0 | 5.3.1.0, A00 | Dell iDRAC Service Module for Windows, v5.3.1.0 |
| iDRAC Service Module | Versions prior to 5.3.0.0 | 5.3.1.0, A00 | Dell iDRAC Service Module for Linux, v5.3.1.0 |
| iDRAC Service Module | Versions prior to 5.3.0.0 | 5.3.1.0, A00 | Dell iDRAC Service Module for ESXi 8.0 U3, v5.3.1.0 |
| iDRAC Service Module | Versions prior to 5.3.0.0 | 5.3.1.0, A00 | Dell iDRAC Service Module for OS DUP, v5.3.1.0 |
| iDRAC Service Module | Versions prior to 5.3.0.0 | 5.3.1.0, A00 | Dell iDRAC Service Module for ESXi 7.0 U3, v5.3.1.0 |
| Product | Affected Versions | Remediated Versions | Link |
|---|---|---|---|
| iDRAC Service Module | Versions prior to 5.3.0.0 | 5.3.1.0, A00 | Dell iDRAC Service Module for Windows, v5.3.1.0 |
| iDRAC Service Module | Versions prior to 5.3.0.0 | 5.3.1.0, A00 | Dell iDRAC Service Module for Linux, v5.3.1.0 |
| iDRAC Service Module | Versions prior to 5.3.0.0 | 5.3.1.0, A00 | Dell iDRAC Service Module for ESXi 8.0 U3, v5.3.1.0 |
| iDRAC Service Module | Versions prior to 5.3.0.0 | 5.3.1.0, A00 | Dell iDRAC Service Module for OS DUP, v5.3.1.0 |
| iDRAC Service Module | Versions prior to 5.3.0.0 | 5.3.1.0, A00 | Dell iDRAC Service Module for ESXi 7.0 U3, v5.3.1.0 |
Historial de revisiones
| Revision | Date | Description |
|---|---|---|
| 1.0 | 2024-07-31 | Initial release |
| 2.0 | 2024-07-31 | Formatting changes only. No changes to content. |
Información relacionada
Aviso legal
Productos afectados
iDRAC Service ModulePropiedades del artículo
Número de artículo: 000227444
Tipo de artículo: Dell Security Advisory
Última modificación: 31 jul 2024
Encuentra las respuestas que necesitas con la ayuda de otros usuarios de Dell
Servicios de asistencia
Comprueba si tu dispositivo está cubierto por los servicios de asistencia.