DSA-2026-086: Security Update for Dell Avamar Data Store Gen5A Multiple Third-Party Component Vulnerabilities
Resumo: Dell Avamar Data Store Gen5A remediation is available for multiple security vulnerabilities that could be exploited by malicious users to compromise the affected system.
Este artigo aplica-se a
Este artigo não se aplica a
Este artigo não está vinculado a nenhum produto específico.
Nem todas as versões do produto estão identificadas neste artigo.
Impacto
High
Dados
| Third-party Component | CVEs | More Information |
| Dell Server PowerEdge BIOS R740xd | CVE-2024-28047 | DSA-2025-041 |
| Intel X710 NIC | CVE-2025-24486, CVE-2025-25273, CVE-2025-21086, CVE-2025-26863, CVE-2025-26697, CVE-2025-24511, CVE-2025-31146 | DSA-2025-324, DSA-2025-430 |
| Integrated Dell Remote Access Controller (iDRAC) | CVE-2025-20064, CVE-2025-20028, CVE-2025-20027 | DSA-2025-297 |
Produtos afetados e soluções
| CVEs | Product | Software/Firmware | Affected Versions | Remediated Versions | Link |
| CVE-2024-28047 | Dell Avamar Data Store Gen5A | Dell Server PowerEdge BIOS R740xd | Versions prior to 2.25.0 | Version 2.25.0 | Avamar Gen5a Jan 2026 firmware block (Hotfix 952820) |
| CVE-2025-24486, CVE-2025-25273, CVE-2025-21086, CVE-2025-26863, CVE-2025-26697, CVE-2025-24511, CVE-2025-31146 | Dell Avamar Data Store Gen5A | Intel X710 NIC | Version prior to 24.0.0 | Version 24.0.0 | Avamar Gen5a Jan 2026 firmware block (Hotfix 952820) |
| CVE-2025-20064, CVE-2025-20028, CVE-2025-20027 | Dell Avamar Data Store Gen5A | Integrated Dell Remote Access Controller (iDRAC) | Version prior to 7.00.00.183 | Version 7.00.00.183 | Avamar Gen5a Jan 2026 firmware block (Hotfix 952820) |
| CVEs | Product | Software/Firmware | Affected Versions | Remediated Versions | Link |
| CVE-2024-28047 | Dell Avamar Data Store Gen5A | Dell Server PowerEdge BIOS R740xd | Versions prior to 2.25.0 | Version 2.25.0 | Avamar Gen5a Jan 2026 firmware block (Hotfix 952820) |
| CVE-2025-24486, CVE-2025-25273, CVE-2025-21086, CVE-2025-26863, CVE-2025-26697, CVE-2025-24511, CVE-2025-31146 | Dell Avamar Data Store Gen5A | Intel X710 NIC | Version prior to 24.0.0 | Version 24.0.0 | Avamar Gen5a Jan 2026 firmware block (Hotfix 952820) |
| CVE-2025-20064, CVE-2025-20028, CVE-2025-20027 | Dell Avamar Data Store Gen5A | Integrated Dell Remote Access Controller (iDRAC) | Version prior to 7.00.00.183 | Version 7.00.00.183 | Avamar Gen5a Jan 2026 firmware block (Hotfix 952820) |
Notes:
- The README file, included in the hotfix .zip download package, provides a comprehensive list of vulnerabilities remediated in this cumulative update, including both recent and previously identified vulnerabilities.
- To schedule a platform security patch installation or server upgrade, please contact Dell Customer Support. Dell recommends upgrading the latest release/version of your product.
- For a detailed example of how to apply an AVP-based hotfix, refer to KB 000069982: How to install an Avamar .avp hotfix using Avamar Installer (AVI).
Known Issue:
- Upgrading directly to the January 2026 firmware, which includes BIOS 2.25.0, may fail on systems running BIOS versions prior to 2.12.2, due to compatibility constraints.
Required Action:
- To verify the BIOS version, run the following command in the Avamar console as an admin/root user:
omreport system version
If the BIOS version is earlier than 2.12.2 contact Dell Customer Support to apply the September 2021 firmware block (AVP: Gen5aSep2021Blk338753.avp) before installing the January 2026 firmware.
Soluções temporárias e atenuações
None
Histórico de revisão
| Revision | Date | Description |
| 1.0 | 2026-03-10 | Initial Release |
| 2.0 | 2026-04-29 | CVE-2025-20064, CVE-2025-20028, CVE-2025-20027 added to DSA |
Informações relacionadas
Aviso de isenção legal
Produtos afetados
Avamar, Avamar Data Store, Avamar Data Store Gen5A, Avamar ServerPropriedades do artigo
Número do artigo: 000437829
Tipo de artigo: Dell Security Advisory
Último modificado: 29 abr. 2026
Encontre as respostas de outros usuários da Dell para suas perguntas.
Serviços de suporte
Verifique se o dispositivo está coberto pelos serviços de suporte.