CVE-2021-21555
14.06.2021, 19:15
Dell PowerEdge R640, R740, R740XD, R840, R940, R940xa, MX740c, MX840c, and T640 Server BIOS contain a heap-based buffer overflow vulnerability in systems with NVDIMM-N installed. A local malicious user with high privileges may potentially exploit this vulnerability, leading to a denial of Service, arbitrary code execution, or information disclosure in UEFI or BIOS Preboot Environment.Enginsight
| Vendor | Product | Version |
|---|---|---|
| dell | poweredge_r640_firmware | 𝑥 < 2.11.2 |
| dell | poweredge_r740_firmware | 𝑥 < 2.11.2 |
| dell | poweredge_r740xd_firmware | 𝑥 < 2.11.2 |
| dell | poweredge_r940_firmware | 𝑥 < 2.11.2 |
| dell | poweredge_r840_firmware | 𝑥 < 2.11.2 |
| dell | poweredge_r940xa_firmware | 𝑥 < 2.11.2 |
| dell | poweredge_t640_firmware | 𝑥 < 2.11.2 |
| dell | poweredge_mx740c_firmware | 𝑥 < 2.11.2 |
| dell | poweredge_mx840c_firmware | 𝑥 < 2.11.2 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
- CWE-122 - Heap-based Buffer OverflowA heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().
- CWE-787 - Out-of-bounds WriteThe software writes data past the end, or before the beginning, of the intended buffer.