CVE-2024-0162

Dell PowerEdge Server BIOS and Dell Precision Rack BIOS contain an Improper SMM communication buffer verification vulnerability. A local low privileged attacker could potentially exploit this vulnerability leading to out-of-bound read/writes to SMRAM.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.3 MEDIUM
LOCAL
HIGH
LOW
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L
dellCNA
5.3 MEDIUM
LOCAL
HIGH
LOW
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L
CVEADP
---
---
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 19%
VendorProductVersion
dellpoweredge_r660_firmware
𝑥
< 2.0.0
dellpoweredge_r760_firmware
𝑥
< 2.0.0
dellpoweredge_c6620_firmware
𝑥
< 2.0.0
dellpoweredge_mx760c_firmware
𝑥
< 2.0.0
dellpoweredge_r860_firmware
𝑥
< 1.8.0
dellpoweredge_r960_firmware
𝑥
< 1.8.0
dellpoweredge_hs5610_firmware
𝑥
< 2.0.0
dellpoweredge_hs5620_firmware
𝑥
< 2.0.0
dellpoweredge_r660xs_firmware
𝑥
< 2.0.0
dellpoweredge_r760xs_firmware
𝑥
< 2.0.0
dellpoweredge_r760xd2_firmware
𝑥
< 2.0.0
dellpoweredge_t560_firmware
𝑥
< 2.0.0
dellpoweredge_r760xa_firmware
𝑥
< 2.0.0
dellpoweredge_xe9680_firmware
𝑥
< 1.8.0
dellpoweredge_xr5610_firmware
𝑥
< 1.8.0
dellpoweredge_xr8610t_firmware
𝑥
< 1.8.0
dellpoweredge_xr8620t_firmware
𝑥
< 1.8.0
dellpoweredge_xr7620_firmware
𝑥
< 1.8.0
dellpoweredge_xe8640_firmware
𝑥
< 1.8.0
dellpoweredge_xe9640_firmware
𝑥
< 1.8.0
dellpoweredge_r6615_firmware
𝑥
< 1.7.2
dellpoweredge_r7615_firmware
𝑥
< 1.7.2
dellpoweredge_r6625_firmware
𝑥
< 1.7.2
dellpoweredge_r7625_firmware
𝑥
< 1.7.2
dellpoweredge_c6615_firmware
𝑥
< 1.2.3
dellpoweredge_r650_firmware
𝑥
< 1.13.2
dellpoweredge_r750_firmware
𝑥
< 1.13.2
dellpoweredge_r750xa_firmware
𝑥
< 1.13.2
dellpoweredge_c6520_firmware
𝑥
< 1.13.2
dellpoweredge_mx750c_firmware
𝑥
< 1.13.2
dellpoweredge_r550_firmware
𝑥
< 1.13.2
dellpoweredge_r450_firmware
𝑥
< 1.13.2
dellpoweredge_r650xs_firmware
𝑥
< 1.13.2
dellpoweredge_r750xs_firmware
𝑥
< 1.13.2
dellpoweredge_t550_firmware
𝑥
< 1.13.2
dellpoweredge_xr11_firmware
𝑥
< 1.13.2
dellpoweredge_xr12_firmware
𝑥
< 1.13.2
dellpoweredge_t150_firmware
𝑥
< 1.9.1
dellpoweredge_t350_firmware
𝑥
< 1.9.1
dellpoweredge_r250_firmware
𝑥
< 1.9.1
dellpoweredge_r350_firmware
𝑥
< 1.9.1
dellpoweredge_xr4510c_firmware
𝑥
< 1.14.1
dellpoweredge_xr4520c_firmware
𝑥
< 1.14.1
dellpoweredge_r6515_firmware
𝑥
< 2.14.1
dellpoweredge_r6525_firmware
𝑥
< 2.14.1
dellpoweredge_r7515_firmware
𝑥
< 2.14.1
dellpoweredge_r7525_firmware
𝑥
< 2.14.1
dellpoweredge_c6525_firmware
𝑥
< 2.14.1
dellpoweredge_xe8545_firmware
𝑥
< 2.14.1
dellxc_core_xc660_firmware
𝑥
< 2.0.0
dellxc_core_xc760_firmware
𝑥
< 2.0.0
dellxc_core_xc7625_firmware
𝑥
< 1.7.2
dellemc_xc_core_xc450_firmware
𝑥
< 1.13.2
dellemc_xc_core_xc650_firmware
𝑥
< 1.13.2
dellemc_xc_core_xc750_firmware
𝑥
< 1.13.2
dellemc_xc_core_xc750xa_firmware
𝑥
< 1.13.2
dellemc_xc_core_xc6520_firmware
𝑥
< 1.13.2
dellemc_xc_core_xc7525_firmware
𝑥
< 2.14.1
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.dell.com/support/kbdoc/en-us/000222812/dsa-2024-004-security-update-for-dell-poweredge-server-bios-for-an-improper-smm-communication-buffer-verification-vulnerability
https://www.dell.com/support/kbdoc/en-us/000222812/dsa-2024-004-security-update-for-dell-poweredge-server-bios-for-an-improper-smm-communication-buffer-verification-vulnerability