DSA-2021-121: Dell Client Platform Security Update for BIOS Vulnerabilities

Yhteenveto: Dell Client BIOS remediation is available for multiple security vulnerabilities in the BIOS that may be exploited by malicious users to compromise the affected systems.

Tämä artikkeli koskee tuotetta Tämä artikkeli ei koske tuotetta Tämä artikkeli ei liity tiettyyn tuotteeseen. Tässä artikkelissa ei yksilöidä kaikkia tuoteversioita.
Tutustu muihin resursseihin

Vaikutus

High

Tiedot

Proprietary Code CVEs
 		 Description CVSS Base Score CVSS Vector String
CVE-2021-21554
  • Dell PowerEdge R640, R740, R740XD, R840, R940, R940xa, MX740c, MX840c, and, Dell Precision 7920 Rack Workstation BIOS contain a stack-based buffer overflow vulnerability in systems with Intel Optane DC Persistent Memory installed. A local malicious user with high privileges may potentially exploit this vulnerability, leading to a denial of Service, arbitrary code execution, or information disclosure in UEFI or BIOS Preboot Environment.
 6.1 CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:L
CVE-2021-21557
  • Dell PowerEdge Server and select Dell Precision Rack BIOS contain an out-of-bounds array access vulnerability. A local malicious user with high privileges may potentially exploit this vulnerability, leading to a denial of service, arbitrary code execution, or information disclosure in System Management Mode.
 8.1 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:L
Proprietary Code CVEs
 		 Description CVSS Base Score CVSS Vector String
CVE-2021-21554
  • Dell PowerEdge R640, R740, R740XD, R840, R940, R940xa, MX740c, MX840c, and, Dell Precision 7920 Rack Workstation BIOS contain a stack-based buffer overflow vulnerability in systems with Intel Optane DC Persistent Memory installed. A local malicious user with high privileges may potentially exploit this vulnerability, leading to a denial of Service, arbitrary code execution, or information disclosure in UEFI or BIOS Preboot Environment.
 6.1 CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:L
CVE-2021-21557
  • Dell PowerEdge Server and select Dell Precision Rack BIOS contain an out-of-bounds array access vulnerability. A local malicious user with high privileges may potentially exploit this vulnerability, leading to a denial of service, arbitrary code execution, or information disclosure in System Management Mode.
 8.1 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:L
Dell Technologies suosittelee, että kaikki asiakkaat ottavat huomioon sekä CVSS-peruspistemäärän että kaikki asiaankuuluvat väliaikaiset ja ympäristöön liittyvät pisteet, jotka voivat vaikuttaa tietyn tietoturvahaavoittuvuuden mahdolliseen vakavuuteen.

Tuotteet, joihin asia vaikuttaa, ja tilanteen korjaaminen

Product Update Version (or later) Release Date (MM/DD/YYYY)
Precision 7910 Rack 2.11.2 (addresses CVE-2021-21557) 06/07/2021
Precision 7920 Rack 2.11.2 (addresses CVE-2021-21557 and CVE-2021-21554)
2.9.4 (addresses CVE-2021-21554)
 		 06/07/2021 (2.11.2)
02/12/2021 (2.9.4)
 

Note:
  • The table above may not be a comprehensive list of all affected supported versions and may be updated as more information becomes available.
Product Update Version (or later) Release Date (MM/DD/YYYY)
Precision 7910 Rack 2.11.2 (addresses CVE-2021-21557) 06/07/2021
Precision 7920 Rack 2.11.2 (addresses CVE-2021-21557 and CVE-2021-21554)
2.9.4 (addresses CVE-2021-21554)
 		 06/07/2021 (2.11.2)
02/12/2021 (2.9.4)
 

Note:
  • The table above may not be a comprehensive list of all affected supported versions and may be updated as more information becomes available.

Versiohistoria

RevisionDateDescription
1.02021-06-10Initial release

Kiitokset

Dell Technologies would like to thank Alexander Tereshkin and Alexander Matrosov of NVIDIA Product Security Team for reporting these issues.
 

Asiaan liittyvät tiedot

Dell Security Advisories and Notices
Dell Vulnerability Response Policy
CVSS Scoring Guide

Vastuuvapauslauseke

Tuotteet, joihin vaikutus kohdistuu

Precision 7920 Rack, Precision Rack 7910

Tuotteet

Product Security Information
Artikkelin ominaisuudet
Artikkelin numero: 000188134
Artikkelin tyyppi: Dell Security Advisory
Viimeksi muutettu: 18 syysk. 2025
Etsi vastauksia kysymyksiisi muilta Dell-käyttäjiltä
Tukipalvelut
Tarkista, kuuluuko laitteesi tukipalveluiden piiriin.