DSA-2024-086: Security Update for Dell iDRAC Service Module for Memory Corruption Vulnerabilities
摘要: Dell iDRAC Service Module remediation is available for multiple security vulnerabilities that could be exploited by malicious users to compromise the affected system.
本文章適用於
本文章不適用於
本文無關於任何特定產品。
本文未識別所有產品版本。
影響
Medium
詳細資料
| Proprietary Code CVEs | Description | CVSS Base Score | CVSS Vector String |
|---|---|---|---|
| CVE-2024-25948 | Dell iDRAC Service Module version 5.3.0.0 and prior, contain a Out of bound Write Vulnerability. A privileged local attacker could execute arbitrary code potentially resulting in a denial of service event. | 4.8 | CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:H |
| CVE-2024-25947 | Dell iDRAC Service Module version 5.3.0.0 and prior, contain an Out of bound Read Vulnerability. A privileged local attacker could execute arbitrary code potentially resulting in a denial of service event. | 4.8 | CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:H |
| CVE-2024-38489 | Dell iDRAC Service Module version 5.3.0.0 and prior contains Out of bound write Vulnerability. A privileged local attacker could execute arbitrary code potentially resulting in a denial of service (partial) event. | 3.1 | CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:L |
| CVE-2024-38490 | Dell iDRAC Service Module version 5.3.0.0 and prior, contain a Out of bound Write Vulnerability. A privileged local attacker could execute arbitrary code potentially resulting in a denial of service event. | 5.8 | CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:H |
| CVE-2024-38481 | Dell iDRAC Service Module version 5.3.0.0 and prior, contain a Out of bound Read Vulnerability. A privileged local attacker could execute arbitrary code potentially resulting in a denial of service event. | 4.8 | CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:H |
| Proprietary Code CVEs | Description | CVSS Base Score | CVSS Vector String |
|---|---|---|---|
| CVE-2024-25948 | Dell iDRAC Service Module version 5.3.0.0 and prior, contain a Out of bound Write Vulnerability. A privileged local attacker could execute arbitrary code potentially resulting in a denial of service event. | 4.8 | CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:H |
| CVE-2024-25947 | Dell iDRAC Service Module version 5.3.0.0 and prior, contain an Out of bound Read Vulnerability. A privileged local attacker could execute arbitrary code potentially resulting in a denial of service event. | 4.8 | CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:H |
| CVE-2024-38489 | Dell iDRAC Service Module version 5.3.0.0 and prior contains Out of bound write Vulnerability. A privileged local attacker could execute arbitrary code potentially resulting in a denial of service (partial) event. | 3.1 | CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:L |
| CVE-2024-38490 | Dell iDRAC Service Module version 5.3.0.0 and prior, contain a Out of bound Write Vulnerability. A privileged local attacker could execute arbitrary code potentially resulting in a denial of service event. | 5.8 | CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:H |
| CVE-2024-38481 | Dell iDRAC Service Module version 5.3.0.0 and prior, contain a Out of bound Read Vulnerability. A privileged local attacker could execute arbitrary code potentially resulting in a denial of service event. | 4.8 | CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:H |
受影響的產品與補救措施
| Product | Affected Versions | Remediated Versions | Link |
|---|---|---|---|
| iDRAC Service Module | Versions prior to 5.3.0.0 | 5.3.1.0, A00 | Dell iDRAC Service Module for Windows, v5.3.1.0 |
| iDRAC Service Module | Versions prior to 5.3.0.0 | 5.3.1.0, A00 | Dell iDRAC Service Module for Linux, v5.3.1.0 |
| iDRAC Service Module | Versions prior to 5.3.0.0 | 5.3.1.0, A00 | Dell iDRAC Service Module for ESXi 8.0 U3, v5.3.1.0 |
| iDRAC Service Module | Versions prior to 5.3.0.0 | 5.3.1.0, A00 | Dell iDRAC Service Module for OS DUP, v5.3.1.0 |
| iDRAC Service Module | Versions prior to 5.3.0.0 | 5.3.1.0, A00 | Dell iDRAC Service Module for ESXi 7.0 U3, v5.3.1.0 |
| Product | Affected Versions | Remediated Versions | Link |
|---|---|---|---|
| iDRAC Service Module | Versions prior to 5.3.0.0 | 5.3.1.0, A00 | Dell iDRAC Service Module for Windows, v5.3.1.0 |
| iDRAC Service Module | Versions prior to 5.3.0.0 | 5.3.1.0, A00 | Dell iDRAC Service Module for Linux, v5.3.1.0 |
| iDRAC Service Module | Versions prior to 5.3.0.0 | 5.3.1.0, A00 | Dell iDRAC Service Module for ESXi 8.0 U3, v5.3.1.0 |
| iDRAC Service Module | Versions prior to 5.3.0.0 | 5.3.1.0, A00 | Dell iDRAC Service Module for OS DUP, v5.3.1.0 |
| iDRAC Service Module | Versions prior to 5.3.0.0 | 5.3.1.0, A00 | Dell iDRAC Service Module for ESXi 7.0 U3, v5.3.1.0 |
修訂歷史記錄
| Revision | Date | Description |
|---|---|---|
| 1.0 | 2024-07-31 | Initial release |
| 2.0 | 2024-07-31 | Formatting changes only. No changes to content. |
相關資訊
法律免責聲明
受影響的產品
iDRAC Service Module文章屬性
文章編號: 000227444
文章類型: Dell Security Advisory
上次修改時間: 31 7月 2024
向其他 Dell 使用者尋求您問題的答案
支援服務
檢查您的裝置是否在支援服務的涵蓋範圍內。