DSA-2021-121: Dell Client Platform Security Update for BIOS Vulnerabilities

Resumo: Dell Client BIOS remediation is available for multiple security vulnerabilities in the BIOS that may be exploited by malicious users to compromise the affected systems.

Este artigo aplica-se a Este artigo não se aplica a Este artigo não está vinculado a nenhum produto específico. Nem todas as versões do produto estão identificadas neste artigo.
Confira outros recursos

Impacto

High

Dados

Proprietary Code CVEs
 		 Description CVSS Base Score CVSS Vector String
CVE-2021-21554
  • Dell PowerEdge R640, R740, R740XD, R840, R940, R940xa, MX740c, MX840c, and, Dell Precision 7920 Rack Workstation BIOS contain a stack-based buffer overflow vulnerability in systems with Intel Optane DC Persistent Memory installed. A local malicious user with high privileges may potentially exploit this vulnerability, leading to a denial of Service, arbitrary code execution, or information disclosure in UEFI or BIOS Preboot Environment.
 6.1 CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:L
CVE-2021-21557
  • Dell PowerEdge Server and select Dell Precision Rack BIOS contain an out-of-bounds array access vulnerability. A local malicious user with high privileges may potentially exploit this vulnerability, leading to a denial of service, arbitrary code execution, or information disclosure in System Management Mode.
 8.1 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:L
Proprietary Code CVEs
 		 Description CVSS Base Score CVSS Vector String
CVE-2021-21554
  • Dell PowerEdge R640, R740, R740XD, R840, R940, R940xa, MX740c, MX840c, and, Dell Precision 7920 Rack Workstation BIOS contain a stack-based buffer overflow vulnerability in systems with Intel Optane DC Persistent Memory installed. A local malicious user with high privileges may potentially exploit this vulnerability, leading to a denial of Service, arbitrary code execution, or information disclosure in UEFI or BIOS Preboot Environment.
 6.1 CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:L
CVE-2021-21557
  • Dell PowerEdge Server and select Dell Precision Rack BIOS contain an out-of-bounds array access vulnerability. A local malicious user with high privileges may potentially exploit this vulnerability, leading to a denial of service, arbitrary code execution, or information disclosure in System Management Mode.
 8.1 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:L
A Dell Technologies recomenda que todos os clientes levem em consideração a pontuação base CVSS e as pontuações temporais e ambientais pertinentes que possam afetar a gravidade potencial associada a uma vulnerabilidade de segurança específica.

Produtos afetados e soluções

Product Update Version (or later) Release Date (MM/DD/YYYY)
Precision 7910 Rack 2.11.2 (addresses CVE-2021-21557) 06/07/2021
Precision 7920 Rack 2.11.2 (addresses CVE-2021-21557 and CVE-2021-21554)
2.9.4 (addresses CVE-2021-21554)
 		 06/07/2021 (2.11.2)
02/12/2021 (2.9.4)
 

Note:
  • The table above may not be a comprehensive list of all affected supported versions and may be updated as more information becomes available.
Product Update Version (or later) Release Date (MM/DD/YYYY)
Precision 7910 Rack 2.11.2 (addresses CVE-2021-21557) 06/07/2021
Precision 7920 Rack 2.11.2 (addresses CVE-2021-21557 and CVE-2021-21554)
2.9.4 (addresses CVE-2021-21554)
 		 06/07/2021 (2.11.2)
02/12/2021 (2.9.4)
 

Note:
  • The table above may not be a comprehensive list of all affected supported versions and may be updated as more information becomes available.

Histórico de revisão

RevisionDateDescription
1.02021-06-10Initial release

Agradecimentos

Dell Technologies would like to thank Alexander Tereshkin and Alexander Matrosov of NVIDIA Product Security Team for reporting these issues.
 

Informações relacionadas

Dell Security Advisories and Notices
Dell Vulnerability Response Policy
CVSS Scoring Guide

Aviso de isenção legal

Produtos afetados

Precision 7920 Rack, Precision Rack 7910

Produtos

Product Security Information
Propriedades do artigo
Número do artigo: 000188134
Tipo de artigo: Dell Security Advisory
Último modificado: 18 set. 2025
Encontre as respostas de outros usuários da Dell para suas perguntas.
Serviços de suporte
Verifique se o dispositivo está coberto pelos serviços de suporte.