DSA-2024-086: Security Update for Dell iDRAC Service Module for Memory Corruption Vulnerabilities
摘要: Dell iDRAC Service Module remediation is available for multiple security vulnerabilities that could be exploited by malicious users to compromise the affected system.
本文适用于
本文不适用于
本文并非针对某种特定的产品。
本文并非包含所有产品版本。
影响
Medium
详情
| Proprietary Code CVEs | Description | CVSS Base Score | CVSS Vector String |
|---|---|---|---|
| CVE-2024-25948 | Dell iDRAC Service Module version 5.3.0.0 and prior, contain a Out of bound Write Vulnerability. A privileged local attacker could execute arbitrary code potentially resulting in a denial of service event. | 4.8 | CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:H |
| CVE-2024-25947 | Dell iDRAC Service Module version 5.3.0.0 and prior, contain an Out of bound Read Vulnerability. A privileged local attacker could execute arbitrary code potentially resulting in a denial of service event. | 4.8 | CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:H |
| CVE-2024-38489 | Dell iDRAC Service Module version 5.3.0.0 and prior contains Out of bound write Vulnerability. A privileged local attacker could execute arbitrary code potentially resulting in a denial of service (partial) event. | 3.1 | CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:L |
| CVE-2024-38490 | Dell iDRAC Service Module version 5.3.0.0 and prior, contain a Out of bound Write Vulnerability. A privileged local attacker could execute arbitrary code potentially resulting in a denial of service event. | 5.8 | CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:H |
| CVE-2024-38481 | Dell iDRAC Service Module version 5.3.0.0 and prior, contain a Out of bound Read Vulnerability. A privileged local attacker could execute arbitrary code potentially resulting in a denial of service event. | 4.8 | CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:H |
| Proprietary Code CVEs | Description | CVSS Base Score | CVSS Vector String |
|---|---|---|---|
| CVE-2024-25948 | Dell iDRAC Service Module version 5.3.0.0 and prior, contain a Out of bound Write Vulnerability. A privileged local attacker could execute arbitrary code potentially resulting in a denial of service event. | 4.8 | CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:H |
| CVE-2024-25947 | Dell iDRAC Service Module version 5.3.0.0 and prior, contain an Out of bound Read Vulnerability. A privileged local attacker could execute arbitrary code potentially resulting in a denial of service event. | 4.8 | CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:H |
| CVE-2024-38489 | Dell iDRAC Service Module version 5.3.0.0 and prior contains Out of bound write Vulnerability. A privileged local attacker could execute arbitrary code potentially resulting in a denial of service (partial) event. | 3.1 | CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:L |
| CVE-2024-38490 | Dell iDRAC Service Module version 5.3.0.0 and prior, contain a Out of bound Write Vulnerability. A privileged local attacker could execute arbitrary code potentially resulting in a denial of service event. | 5.8 | CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:H |
| CVE-2024-38481 | Dell iDRAC Service Module version 5.3.0.0 and prior, contain a Out of bound Read Vulnerability. A privileged local attacker could execute arbitrary code potentially resulting in a denial of service event. | 4.8 | CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:H |
受影响的产品和补救措施
| Product | Affected Versions | Remediated Versions | Link |
|---|---|---|---|
| iDRAC Service Module | Versions prior to 5.3.0.0 | 5.3.1.0, A00 | Dell iDRAC Service Module for Windows, v5.3.1.0 |
| iDRAC Service Module | Versions prior to 5.3.0.0 | 5.3.1.0, A00 | Dell iDRAC Service Module for Linux, v5.3.1.0 |
| iDRAC Service Module | Versions prior to 5.3.0.0 | 5.3.1.0, A00 | Dell iDRAC Service Module for ESXi 8.0 U3, v5.3.1.0 |
| iDRAC Service Module | Versions prior to 5.3.0.0 | 5.3.1.0, A00 | Dell iDRAC Service Module for OS DUP, v5.3.1.0 |
| iDRAC Service Module | Versions prior to 5.3.0.0 | 5.3.1.0, A00 | Dell iDRAC Service Module for ESXi 7.0 U3, v5.3.1.0 |
| Product | Affected Versions | Remediated Versions | Link |
|---|---|---|---|
| iDRAC Service Module | Versions prior to 5.3.0.0 | 5.3.1.0, A00 | Dell iDRAC Service Module for Windows, v5.3.1.0 |
| iDRAC Service Module | Versions prior to 5.3.0.0 | 5.3.1.0, A00 | Dell iDRAC Service Module for Linux, v5.3.1.0 |
| iDRAC Service Module | Versions prior to 5.3.0.0 | 5.3.1.0, A00 | Dell iDRAC Service Module for ESXi 8.0 U3, v5.3.1.0 |
| iDRAC Service Module | Versions prior to 5.3.0.0 | 5.3.1.0, A00 | Dell iDRAC Service Module for OS DUP, v5.3.1.0 |
| iDRAC Service Module | Versions prior to 5.3.0.0 | 5.3.1.0, A00 | Dell iDRAC Service Module for ESXi 7.0 U3, v5.3.1.0 |
修订历史记录
| Revision | Date | Description |
|---|---|---|
| 1.0 | 2024-07-31 | Initial release |
| 2.0 | 2024-07-31 | Formatting changes only. No changes to content. |
相关信息
法律免责声明
受影响的产品
iDRAC Service Module文章属性
文章编号: 000227444
文章类型: Dell Security Advisory
上次修改时间: 31 7月 2024
从其他戴尔用户那里查找问题的答案
支持服务
检查您的设备是否在支持服务涵盖的范围内。