Ga naar hoofdinhoud
  • Snel en eenvoudig bestellen
  • Bestellingen en de verzendstatus bekijken
  • Een lijst met producten maken en openen
  • Beheer uw Dell EMC locaties, producten en contactpersonen op productniveau met Company Administration.

Artikelnummer: 000187958


DSA-2021-103: Dell PowerEdge Server Security Update for BIOS Vulnerabilities

Samenvatting: Dell PowerEdge Server BIOS remediation is available for multiple security vulnerabilities in the BIOS that may be exploited by malicious users to compromise the affected system.

Article content


Impact

High

Gegevens

Proprietary Code CVEs Description CVSS Base Score CVSS Vector String
CVE-2021-21554
  • Dell PowerEdge R640, R740, R740XD, R840, R940, R940xa, MX740c, MX840c, and, Dell Precision 7920 Rack Workstation BIOS contain a stack-based buffer overflow vulnerability in systems with Intel Optane DC Persistent Memory installed. A local malicious user with high privileges may potentially exploit this vulnerability, leading to a denial of Service, arbitrary code execution, or information disclosure in UEFI or BIOS Preboot Environment.
6.1 CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:L
CVE-2021-21555
  • Dell PowerEdge R640, R740, R740XD, R840, R940, R940xa, MX740c, MX840c, and T640 Server BIOS contain a heap-based buffer overflow vulnerability in systems with NVDIMM-N installed. A local malicious user with high privileges may potentially exploit this vulnerability, leading to a denial of Service, arbitrary code execution, or information disclosure in UEFI or BIOS Preboot Environment.
6.1

CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:L

CVE-2021-21556
  • Dell PowerEdge R640, R740, R740XD, R840, R940, R940xa, MX740c, MX840c, and T640 Server BIOS contain a stack-based buffer overflow vulnerability in systems with NVDIMM-N installed. A local malicious user with high privileges may potentially exploit this vulnerability, leading to a denial of Service, arbitrary code execution, or information disclosure in UEFI or BIOS Preboot Environment.
6.1 CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:L
CVE-2021-21557
  • Dell PowerEdge Server BIOS and Dell Precision Rack BIOS contain an out-of-bounds array access vulnerability. A local malicious user with high privileges may potentially exploit this vulnerability, leading to a denial of service, arbitrary code execution, or information disclosure in System Management Mode.
8.1 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:L
Proprietary Code CVEs Description CVSS Base Score CVSS Vector String
CVE-2021-21554
  • Dell PowerEdge R640, R740, R740XD, R840, R940, R940xa, MX740c, MX840c, and, Dell Precision 7920 Rack Workstation BIOS contain a stack-based buffer overflow vulnerability in systems with Intel Optane DC Persistent Memory installed. A local malicious user with high privileges may potentially exploit this vulnerability, leading to a denial of Service, arbitrary code execution, or information disclosure in UEFI or BIOS Preboot Environment.
6.1 CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:L
CVE-2021-21555
  • Dell PowerEdge R640, R740, R740XD, R840, R940, R940xa, MX740c, MX840c, and T640 Server BIOS contain a heap-based buffer overflow vulnerability in systems with NVDIMM-N installed. A local malicious user with high privileges may potentially exploit this vulnerability, leading to a denial of Service, arbitrary code execution, or information disclosure in UEFI or BIOS Preboot Environment.
6.1

CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:L

CVE-2021-21556
  • Dell PowerEdge R640, R740, R740XD, R840, R940, R940xa, MX740c, MX840c, and T640 Server BIOS contain a stack-based buffer overflow vulnerability in systems with NVDIMM-N installed. A local malicious user with high privileges may potentially exploit this vulnerability, leading to a denial of Service, arbitrary code execution, or information disclosure in UEFI or BIOS Preboot Environment.
6.1 CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:L
CVE-2021-21557
  • Dell PowerEdge Server BIOS and Dell Precision Rack BIOS contain an out-of-bounds array access vulnerability. A local malicious user with high privileges may potentially exploit this vulnerability, leading to a denial of service, arbitrary code execution, or information disclosure in System Management Mode.
8.1 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:L

Dell Technologies raadt aan dat alle klanten rekening houden met zowel de basisscore van CVSS als alle relevante tijdelijke en omgevingsscores die gevolgen kunnen hebben voor de mogelijke ernst van de specifieke beveiligingsproblemen.

Getroffen producten en herstel

CVEs Addressed Product Affected Versions Updated Versions and Newer Link to Update
CVE-2021-21554
 
R640 Before 2.9.4 2.9.4 R640 Drivers & Downloads
R740 R740 Drivers & Downloads
R740XD R740XD Drivers & Downloads
R940 R940 Drivers & Downloads
R840 R840 Drivers & Downloads
R940XA R940XA Drivers & Downloads
MX740C MX740C Drivers & Downloads
MX840C MX840C Drivers & Downloads
CVE-2021-21555
CVE-2021-21556
R640 Before 2.11.2 2.11.2 R640 Drivers & Downloads
R740 R740 Drivers & Downloads
R740XD R740XD Drivers & Downloads
R940 R940 Drivers & Downloads
R840 R840 Drivers & Downloads
R940XA R940XA Drivers & Downloads
T640 T640 Drivers & Downloads
MX740C MX740C Drivers & Downloads
MX840C MX840C Drivers & Downloads
CVE-2021-21557
 
R640 Before 2.11.2 2.11.2 R640 Drivers & Downloads
R740 R740 Drivers & Downloads
R740XD R740XD Drivers & Downloads
R940 R940 Drivers & Downloads
R540 Before 2.11.2 2.11.2 R540 Drivers & Downloads
R440 R440 Drivers & Downloads
T440 T440 Drivers & Downloads
XR2 XR2 Drivers & Downloads
R740XD2 Before 2.11.2 2.11.2 R740XD2 Drivers & Downloads
R840 Before 2.11.2 2.11.2
 
R840 Drivers & Downloads
R940XA R940XA Drivers & Downloads
T640 Before 2.11.2 2.11.2 T640 Drivers & Downloads
C6420 Before 2.11.2   C6420 Drivers & Downloads
FC640 Before 2.11.2 2.11.2 FC640 Drivers & Downloads
M640 M640 Drivers & Downloads
M640P M640P Drivers & Downloads
MX740C Before 2.11.2 2.11.2 MX740C Drivers & Downloads
MX840C Before 2.11.2 2.11.2 MX840C Drivers & Downloads
C4140 Before 2.11.2 2.11.2 C4140 Drivers & Downloads
T140 Before 2.5.1 2.5.1 T140 Drivers & Downloads
T340 T340 Drivers & Downloads
R240 R240 Drivers & Downloads
R340 R340 Drivers & Downloads
R6415 Before 1.16.1 1.16.1 R6415 Drivers & Downloads
R7415 R7415 Drivers & Downloads
R7425 Before 1.16.1 1.16.1 R7425 Drivers & Downloads
R6515 Before 2.2.4 2.2.4 R6515 Drivers & Downloads
R7515 R7515 Drivers & Downloads
R6525 Before 2.2.5 2.2.5 R6525 Drivers & Downloads
R7525 R7525 Drivers & Downloads
C6525 Before 2.2.4 2.2.4 C6525 Drivers & Downloads

Note:
  • The table above may not be a comprehensive list of all affected supported versions and may be updated as more information becomes available.
CVEs Addressed Product Affected Versions Updated Versions and Newer Link to Update
CVE-2021-21554
 
R640 Before 2.9.4 2.9.4 R640 Drivers & Downloads
R740 R740 Drivers & Downloads
R740XD R740XD Drivers & Downloads
R940 R940 Drivers & Downloads
R840 R840 Drivers & Downloads
R940XA R940XA Drivers & Downloads
MX740C MX740C Drivers & Downloads
MX840C MX840C Drivers & Downloads
CVE-2021-21555
CVE-2021-21556
R640 Before 2.11.2 2.11.2 R640 Drivers & Downloads
R740 R740 Drivers & Downloads
R740XD R740XD Drivers & Downloads
R940 R940 Drivers & Downloads
R840 R840 Drivers & Downloads
R940XA R940XA Drivers & Downloads
T640 T640 Drivers & Downloads
MX740C MX740C Drivers & Downloads
MX840C MX840C Drivers & Downloads
CVE-2021-21557
 
R640 Before 2.11.2 2.11.2 R640 Drivers & Downloads
R740 R740 Drivers & Downloads
R740XD R740XD Drivers & Downloads
R940 R940 Drivers & Downloads
R540 Before 2.11.2 2.11.2 R540 Drivers & Downloads
R440 R440 Drivers & Downloads
T440 T440 Drivers & Downloads
XR2 XR2 Drivers & Downloads
R740XD2 Before 2.11.2 2.11.2 R740XD2 Drivers & Downloads
R840 Before 2.11.2 2.11.2
 
R840 Drivers & Downloads
R940XA R940XA Drivers & Downloads
T640 Before 2.11.2 2.11.2 T640 Drivers & Downloads
C6420 Before 2.11.2   C6420 Drivers & Downloads
FC640 Before 2.11.2 2.11.2 FC640 Drivers & Downloads
M640 M640 Drivers & Downloads
M640P M640P Drivers & Downloads
MX740C Before 2.11.2 2.11.2 MX740C Drivers & Downloads
MX840C Before 2.11.2 2.11.2 MX840C Drivers & Downloads
C4140 Before 2.11.2 2.11.2 C4140 Drivers & Downloads
T140 Before 2.5.1 2.5.1 T140 Drivers & Downloads
T340 T340 Drivers & Downloads
R240 R240 Drivers & Downloads
R340 R340 Drivers & Downloads
R6415 Before 1.16.1 1.16.1 R6415 Drivers & Downloads
R7415 R7415 Drivers & Downloads
R7425 Before 1.16.1 1.16.1 R7425 Drivers & Downloads
R6515 Before 2.2.4 2.2.4 R6515 Drivers & Downloads
R7515 R7515 Drivers & Downloads
R6525 Before 2.2.5 2.2.5 R6525 Drivers & Downloads
R7525 R7525 Drivers & Downloads
C6525 Before 2.2.4 2.2.4 C6525 Drivers & Downloads

Note:
  • The table above may not be a comprehensive list of all affected supported versions and may be updated as more information becomes available.
Bevestigingen

Dell Technologies would like to thank Alexander Tereshkin and Alexander Matrosov of NVIDIA Product Security Team for reporting these issues.

Revisiegeschiedenis

RevisionDateDescription
1.02021-06-08Initial release

Verwante informatie

Dell Security Advisories and Notices
Dell Vulnerability Response Policy
CVSS Scoring Guide


Lees en gebruik de informatie in dit Dell Technologies beveiligingsadvies om situaties te voorkomen die zouden kunnen voortvloeien uit de hierin beschreven problemen. Dell Technologies distribueert beveiligingsadviezen om belangrijke beveiligingsinformatie te delen met gebruikers van de betreffende product(en). Dell Technologies bepaalt het risico op basis van een gemiddelde van de risico's over een gevarieerd aantal geïnstalleerde systemen. Hierdoor is het mogelijk dat het gegeven risico mogelijk niet het werkelijke risico vertegenwoordigt voor uw lokale installatie en individuele omgeving. Aanbevolen is dat alle gebruikers voor zichzelf bepalen of deze informatie bruikbaar is voor hun individuele omgevingen en om de juiste acties te ondernemen. De informatie die in dit document wordt verstrekt, is ‘in de huidige staat’ zonder enige vorm van garantie. Dell Technologies wijst nadrukkelijk alle uitdrukkelijke of impliciete garanties af, met inbegrip van de garanties van verkoopbaarheid, geschiktheid voor bepaalde doelen, eigendom en niet-inbreuk. Dell Technologies, gelieerde bedrijven of leveranciers, zijn in geen geval aansprakelijk voor enige schade die voortvloeit uit of gerelateerd is aan de informatie in dit document of handelingen die u op basis hiervan onderneemt, met inbegrip van enige directe, indirecte, incidentele, gevolgschade, winstderving van het bedrijf of speciale schade, zelfs als Dell Technologies, gelieerde bedrijven of leveranciers op de hoogte zijn gesteld van dit soort schades. In sommige rechtsgebieden is de uitsluiting of beperking van incidentele schade of gevolgschade niet toegestaan, waardoor het bovenstaande toepasselijk is voor zover toegestaan door de wetgeving.

Artikeleigenschappen


Getroffen product

PowerEdge, PowerEdge XR2, PowerEdge C4140, PowerEdge C6420, PowerEdge C6525, PowerEdge FC640, PowerEdge M640, PowerEdge M640 (for PE VRTX), PowerEdge MX740c, PowerEdge MX840c, PowerEdge R240, PowerEdge R340, PowerEdge R440, PowerEdge R540PowerEdge, PowerEdge XR2, PowerEdge C4140, PowerEdge C6420, PowerEdge C6525, PowerEdge FC640, PowerEdge M640, PowerEdge M640 (for PE VRTX), PowerEdge MX740c, PowerEdge MX840c, PowerEdge R240, PowerEdge R340, PowerEdge R440, PowerEdge R540, PowerEdge R640, PowerEdge R6415, PowerEdge R6515, PowerEdge R6525, PowerEdge R740, PowerEdge R740xd, PowerEdge R740xd2, PowerEdge R7415, PowerEdge R7425, PowerEdge R7515, PowerEdge R7525, PowerEdge R840, PowerEdge R940, PowerEdge R940xa, PowerEdge T140, PowerEdge T340, PowerEdge T440, PowerEdge T640, Product Security InformationMeer informatie

Datum laatst gepubliceerd

11 jun. 2021

Versie

2

Artikeltype

Dell Security Advisory

Dit artikel beoordelen


Nauwkeurig
Nuttig
Eenvoudig te begrijpen
Was dit artikel nuttig?

0/3000 tekens