CVE-2024-0162

MEDIUM

5.3

Description

Dell PowerEdge Server BIOS and Dell Precision Rack BIOS contain an Improper SMM communication buffer verification vulnerability. A local low privileged attacker could potentially exploit this vulnerability leading to out-of-bound read/writes to SMRAM.

CVE Details

CVSS v3.1 Score5.3

SeverityMEDIUM

CVSS VectorCVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L

Attack VectorLOCAL

ComplexityHIGH

Privileges RequiredLOW

User InteractionNONE

Published3/13/2024

Last Modified2/4/2025

Sourcenvd

Honeypot Sightings0

Affected Products

dell:emc_xc_core_xc450dell:emc_xc_core_xc450_firmwaredell:emc_xc_core_xc650dell:emc_xc_core_xc650_firmwaredell:emc_xc_core_xc6520dell:emc_xc_core_xc6520_firmwaredell:emc_xc_core_xc750dell:emc_xc_core_xc750_firmwaredell:emc_xc_core_xc750xadell:emc_xc_core_xc750xa_firmwaredell:emc_xc_core_xc7525dell:emc_xc_core_xc7525_firmwaredell:poweredge_c6520dell:poweredge_c6520_firmwaredell:poweredge_c6525dell:poweredge_c6525_firmwaredell:poweredge_c6615dell:poweredge_c6615_firmwaredell:poweredge_c6620dell:poweredge_c6620_firmwaredell:poweredge_hs5610dell:poweredge_hs5610_firmwaredell:poweredge_hs5620dell:poweredge_hs5620_firmwaredell:poweredge_mx750cdell:poweredge_mx750c_firmwaredell:poweredge_mx760cdell:poweredge_mx760c_firmwaredell:poweredge_r250dell:poweredge_r250_firmwaredell:poweredge_r350dell:poweredge_r350_firmwaredell:poweredge_r450dell:poweredge_r450_firmwaredell:poweredge_r550dell:poweredge_r550_firmwaredell:poweredge_r650dell:poweredge_r650_firmwaredell:poweredge_r650xsdell:poweredge_r650xs_firmwaredell:poweredge_r6515dell:poweredge_r6515_firmwaredell:poweredge_r6525dell:poweredge_r6525_firmwaredell:poweredge_r660dell:poweredge_r660_firmwaredell:poweredge_r660xsdell:poweredge_r660xs_firmwaredell:poweredge_r6615dell:poweredge_r6615_firmwaredell:poweredge_r6625dell:poweredge_r6625_firmwaredell:poweredge_r750dell:poweredge_r750_firmwaredell:poweredge_r750xadell:poweredge_r750xa_firmwaredell:poweredge_r750xsdell:poweredge_r750xs_firmwaredell:poweredge_r7515dell:poweredge_r7515_firmwaredell:poweredge_r7525dell:poweredge_r7525_firmwaredell:poweredge_r760dell:poweredge_r760_firmwaredell:poweredge_r760xadell:poweredge_r760xa_firmwaredell:poweredge_r760xd2dell:poweredge_r760xd2_firmwaredell:poweredge_r760xsdell:poweredge_r760xs_firmwaredell:poweredge_r7615dell:poweredge_r7615_firmwaredell:poweredge_r7625dell:poweredge_r7625_firmwaredell:poweredge_r860dell:poweredge_r860_firmwaredell:poweredge_r960dell:poweredge_r960_firmwaredell:poweredge_t150dell:poweredge_t150_firmwaredell:poweredge_t350dell:poweredge_t350_firmwaredell:poweredge_t550dell:poweredge_t550_firmwaredell:poweredge_t560dell:poweredge_t560_firmwaredell:poweredge_xe8545dell:poweredge_xe8545_firmwaredell:poweredge_xe8640dell:poweredge_xe8640_firmwaredell:poweredge_xe9640dell:poweredge_xe9640_firmwaredell:poweredge_xe9680dell:poweredge_xe9680_firmwaredell:poweredge_xr11dell:poweredge_xr11_firmwaredell:poweredge_xr12dell:poweredge_xr12_firmwaredell:poweredge_xr4510cdell:poweredge_xr4510c_firmwaredell:poweredge_xr4520cdell:poweredge_xr4520c_firmwaredell:poweredge_xr5610dell:poweredge_xr5610_firmwaredell:poweredge_xr7620dell:poweredge_xr7620_firmwaredell:poweredge_xr8610tdell:poweredge_xr8610t_firmwaredell:poweredge_xr8620tdell:poweredge_xr8620t_firmwaredell:xc_core_xc660dell:xc_core_xc660_firmwaredell:xc_core_xc760dell:xc_core_xc760_firmwaredell:xc_core_xc7625dell:xc_core_xc7625_firmware

Weaknesses (CWE)

CWE-119CWE-787

References

https://www.dell.com/support/kbdoc/en-us/000222812/dsa-2024-004-security-update-for-dell-poweredge-server-bios-for-an-improper-smm-communication-buffer-verification-vulnerability(security_alert@emc.com)

IOC Correlations

No correlations recorded

This product uses data from the NVD API but is not endorsed or certified by the NVD.