DSA-2024-086: Security Update for Dell iDRAC Service Module for Memory Corruption Vulnerabilities
Sommaire: Dell iDRAC Service Module remediation is available for multiple security vulnerabilities that could be exploited by malicious users to compromise the affected system.
Cet article s’applique à
Cet article ne s’applique pas à
Cet article n’est lié à aucun produit spécifique.
Toutes les versions de produits ne sont pas identifiées dans cet article.
Impact
Medium
Détails
| Proprietary Code CVEs | Description | CVSS Base Score | CVSS Vector String |
|---|---|---|---|
| CVE-2024-25948 | Dell iDRAC Service Module version 5.3.0.0 and prior, contain a Out of bound Write Vulnerability. A privileged local attacker could execute arbitrary code potentially resulting in a denial of service event. | 4.8 | CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:H |
| CVE-2024-25947 | Dell iDRAC Service Module version 5.3.0.0 and prior, contain an Out of bound Read Vulnerability. A privileged local attacker could execute arbitrary code potentially resulting in a denial of service event. | 4.8 | CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:H |
| CVE-2024-38489 | Dell iDRAC Service Module version 5.3.0.0 and prior contains Out of bound write Vulnerability. A privileged local attacker could execute arbitrary code potentially resulting in a denial of service (partial) event. | 3.1 | CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:L |
| CVE-2024-38490 | Dell iDRAC Service Module version 5.3.0.0 and prior, contain a Out of bound Write Vulnerability. A privileged local attacker could execute arbitrary code potentially resulting in a denial of service event. | 5.8 | CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:H |
| CVE-2024-38481 | Dell iDRAC Service Module version 5.3.0.0 and prior, contain a Out of bound Read Vulnerability. A privileged local attacker could execute arbitrary code potentially resulting in a denial of service event. | 4.8 | CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:H |
| Proprietary Code CVEs | Description | CVSS Base Score | CVSS Vector String |
|---|---|---|---|
| CVE-2024-25948 | Dell iDRAC Service Module version 5.3.0.0 and prior, contain a Out of bound Write Vulnerability. A privileged local attacker could execute arbitrary code potentially resulting in a denial of service event. | 4.8 | CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:H |
| CVE-2024-25947 | Dell iDRAC Service Module version 5.3.0.0 and prior, contain an Out of bound Read Vulnerability. A privileged local attacker could execute arbitrary code potentially resulting in a denial of service event. | 4.8 | CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:H |
| CVE-2024-38489 | Dell iDRAC Service Module version 5.3.0.0 and prior contains Out of bound write Vulnerability. A privileged local attacker could execute arbitrary code potentially resulting in a denial of service (partial) event. | 3.1 | CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:L |
| CVE-2024-38490 | Dell iDRAC Service Module version 5.3.0.0 and prior, contain a Out of bound Write Vulnerability. A privileged local attacker could execute arbitrary code potentially resulting in a denial of service event. | 5.8 | CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:H |
| CVE-2024-38481 | Dell iDRAC Service Module version 5.3.0.0 and prior, contain a Out of bound Read Vulnerability. A privileged local attacker could execute arbitrary code potentially resulting in a denial of service event. | 4.8 | CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:H |
Produits touchés et correction
| Product | Affected Versions | Remediated Versions | Link |
|---|---|---|---|
| iDRAC Service Module | Versions prior to 5.3.0.0 | 5.3.1.0, A00 | Dell iDRAC Service Module for Windows, v5.3.1.0 |
| iDRAC Service Module | Versions prior to 5.3.0.0 | 5.3.1.0, A00 | Dell iDRAC Service Module for Linux, v5.3.1.0 |
| iDRAC Service Module | Versions prior to 5.3.0.0 | 5.3.1.0, A00 | Dell iDRAC Service Module for ESXi 8.0 U3, v5.3.1.0 |
| iDRAC Service Module | Versions prior to 5.3.0.0 | 5.3.1.0, A00 | Dell iDRAC Service Module for OS DUP, v5.3.1.0 |
| iDRAC Service Module | Versions prior to 5.3.0.0 | 5.3.1.0, A00 | Dell iDRAC Service Module for ESXi 7.0 U3, v5.3.1.0 |
| Product | Affected Versions | Remediated Versions | Link |
|---|---|---|---|
| iDRAC Service Module | Versions prior to 5.3.0.0 | 5.3.1.0, A00 | Dell iDRAC Service Module for Windows, v5.3.1.0 |
| iDRAC Service Module | Versions prior to 5.3.0.0 | 5.3.1.0, A00 | Dell iDRAC Service Module for Linux, v5.3.1.0 |
| iDRAC Service Module | Versions prior to 5.3.0.0 | 5.3.1.0, A00 | Dell iDRAC Service Module for ESXi 8.0 U3, v5.3.1.0 |
| iDRAC Service Module | Versions prior to 5.3.0.0 | 5.3.1.0, A00 | Dell iDRAC Service Module for OS DUP, v5.3.1.0 |
| iDRAC Service Module | Versions prior to 5.3.0.0 | 5.3.1.0, A00 | Dell iDRAC Service Module for ESXi 7.0 U3, v5.3.1.0 |
Historique de révision
| Revision | Date | Description |
|---|---|---|
| 1.0 | 2024-07-31 | Initial release |
| 2.0 | 2024-07-31 | Formatting changes only. No changes to content. |
Renseignements connexes
Avis de non-responsabilité
Produits touchés
iDRAC Service ModulePropriétés de l’article
Numéro d’article: 000227444
Type d’article: Dell Security Advisory
Dernière modification: 31 juill. 2024
Obtenez des réponses à vos questions auprès d’autre utilisateurs de Dell
Services de soutien
Vérifiez si votre appareil est couvert par les services de soutien.