CVE-2024-25942

Dell PowerEdge Server BIOS contains an Improper SMM communication buffer verification vulnerability. A physical high privileged attacker could potentially exploit this vulnerability leading to arbitrary writes to SMRAM.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.4 MEDIUM
PHYSICAL
HIGH
HIGH
CVSS:3.1/AV:P/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:L
dellCNA
4.4 MEDIUM
PHYSICAL
HIGH
HIGH
CVSS:3.1/AV:P/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:L
CVEADP
---
---
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 8%
VendorProductVersion
dellpoweredge_r730_firmware
𝑥
< 2.19.0
dellpoweredge_r730xd_firmware
𝑥
< 2.19.0
dellpoweredge_r630_firmware
𝑥
< 2.19.0
dellpoweredge_c4130_firmware
𝑥
< 2.19.0
dellpoweredge_r930_firmware
𝑥
< 2.14.0
dellpoweredge_m630_firmware
𝑥
< 2.19.0
dellpoweredge_m630_\(pe_vrtx\)_firmware
𝑥
< 2.19.0
dellpoweredge_fc630_firmware
𝑥
< 2.19.0
dellpoweredge_fc430_firmware
𝑥
< 2.19.0
dellpoweredge_m830_firmware
𝑥
< 2.19.0
dellpoweredge_m830_\(pe_vrtx\)_firmware
𝑥
< 2.19.0
dellpoweredge_fc830_firmware
𝑥
< 2.19.0
dellpoweredge_t630_firmware
𝑥
< 2.19.0
dellpoweredge_r530_firmware
𝑥
< 2.19.0
dellpoweredge_r430_firmware
𝑥
< 2.19.0
dellpoweredge_t430_firmware
𝑥
< 2.19.0
dellpoweredge_r830_firmware
𝑥
< 1.19.0
dellpoweredge_c6320_firmware
𝑥
< 2.19.0
dellnx3230_firmware
𝑥
< 2.19.0
dellnx3330_firmware
𝑥
< 2.19.0
dellxc6320_firmware
𝑥
< 2.19.0
dellxc430_firmware
𝑥
< 2.19.0
dellxc630_firmware
𝑥
< 2.19.0
dellxc730_firmware
𝑥
< 2.19.0
dellxc730xd_firmware
𝑥
< 2.19.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.dell.com/support/kbdoc/en-us/000223210/dsa-2024-104-security-update-for-dell-poweredge-server-bios-for-an-improper-smm-communication-buffer-verification-vulnerability
https://www.dell.com/support/kbdoc/en-us/000223210/dsa-2024-104-security-update-for-dell-poweredge-server-bios-for-an-improper-smm-communication-buffer-verification-vulnerability