DSA-2021-121: Dell Client Platform Security Update for BIOS Vulnerabilities

요약: Dell Client BIOS remediation is available for multiple security vulnerabilities in the BIOS that may be exploited by malicious users to compromise the affected systems.

이 문서는 다음에 적용됩니다. 이 문서는 다음에 적용되지 않습니다. 이 문서는 특정 제품과 관련이 없습니다. 모든 제품 버전이 이 문서에 나와 있는 것은 아닙니다.
기타 리소스 확인

영향

High

세부 정보

Proprietary Code CVEs
 		 Description CVSS Base Score CVSS Vector String
CVE-2021-21554
  • Dell PowerEdge R640, R740, R740XD, R840, R940, R940xa, MX740c, MX840c, and, Dell Precision 7920 Rack Workstation BIOS contain a stack-based buffer overflow vulnerability in systems with Intel Optane DC Persistent Memory installed. A local malicious user with high privileges may potentially exploit this vulnerability, leading to a denial of Service, arbitrary code execution, or information disclosure in UEFI or BIOS Preboot Environment.
 6.1 CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:L
CVE-2021-21557
  • Dell PowerEdge Server and select Dell Precision Rack BIOS contain an out-of-bounds array access vulnerability. A local malicious user with high privileges may potentially exploit this vulnerability, leading to a denial of service, arbitrary code execution, or information disclosure in System Management Mode.
 8.1 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:L
Proprietary Code CVEs
 		 Description CVSS Base Score CVSS Vector String
CVE-2021-21554
  • Dell PowerEdge R640, R740, R740XD, R840, R940, R940xa, MX740c, MX840c, and, Dell Precision 7920 Rack Workstation BIOS contain a stack-based buffer overflow vulnerability in systems with Intel Optane DC Persistent Memory installed. A local malicious user with high privileges may potentially exploit this vulnerability, leading to a denial of Service, arbitrary code execution, or information disclosure in UEFI or BIOS Preboot Environment.
 6.1 CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:L
CVE-2021-21557
  • Dell PowerEdge Server and select Dell Precision Rack BIOS contain an out-of-bounds array access vulnerability. A local malicious user with high privileges may potentially exploit this vulnerability, leading to a denial of service, arbitrary code execution, or information disclosure in System Management Mode.
 8.1 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:L
Dell Technologies는 모든 고객이 CVSS 기본 점수와 관련 임시 및 환경 점수를 모두 고려할 것을 권장합니다. 이 경우 특정 보안 취약성과 관련된 잠재적인 심각도에 영향을 미칠 수 있습니다.

영향을 받는 제품 및 문제 해결

Product Update Version (or later) Release Date (MM/DD/YYYY)
Precision 7910 Rack 2.11.2 (addresses CVE-2021-21557) 06/07/2021
Precision 7920 Rack 2.11.2 (addresses CVE-2021-21557 and CVE-2021-21554)
2.9.4 (addresses CVE-2021-21554)
 		 06/07/2021 (2.11.2)
02/12/2021 (2.9.4)
 

Note:
  • The table above may not be a comprehensive list of all affected supported versions and may be updated as more information becomes available.
Product Update Version (or later) Release Date (MM/DD/YYYY)
Precision 7910 Rack 2.11.2 (addresses CVE-2021-21557) 06/07/2021
Precision 7920 Rack 2.11.2 (addresses CVE-2021-21557 and CVE-2021-21554)
2.9.4 (addresses CVE-2021-21554)
 		 06/07/2021 (2.11.2)
02/12/2021 (2.9.4)
 

Note:
  • The table above may not be a comprehensive list of all affected supported versions and may be updated as more information becomes available.

개정 내역

RevisionDateDescription
1.02021-06-10Initial release

감사의 말

Dell Technologies would like to thank Alexander Tereshkin and Alexander Matrosov of NVIDIA Product Security Team for reporting these issues.
 

관련 정보

Dell Security Advisories and Notices
Dell Vulnerability Response Policy
CVSS Scoring Guide

법적 고지 사항

해당 제품

Precision 7920 Rack, Precision Rack 7910

제품

Product Security Information
문서 속성
문서 번호: 000188134
문서 유형: Dell Security Advisory
마지막 수정 시간: 18 9월 2025
다른 Dell 사용자에게 질문에 대한 답변 찾기
지원 서비스
디바이스에 지원 서비스가 적용되는지 확인하십시오.