CVE-2024-25942

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-25942
Dell PowerEdge Server BIOS contains an Improper SMM communication buffer verification vulnerability. A physical high privileged attacker could potentially exploit this vulnerability leading to arbitrary writes to SMRAM.

4.4 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 0.3 / Impact : 3.7

Attack Vector PHYSICAL

Attack Complexity HIGH

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact LOW

Scope CHANGED

References
Link Resource
https://www.dell.com/support/kbdoc/en-us/000223210/dsa-2024-104-security-update-for-dell-poweredge-server-bios-for-an-improper-smm-communication-buffer-verification-vulnerability Vendor Advisory
https://www.dell.com/support/kbdoc/en-us/000223210/dsa-2024-104-security-update-for-dell-poweredge-server-bios-for-an-improper-smm-communication-buffer-verification-vulnerability Vendor Advisory
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:dell:poweredge_r730_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:poweredge_r730:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:dell:poweredge_r730xd_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:poweredge_r730xd:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:dell:poweredge_r630_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:poweredge_r630:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:dell:poweredge_c4130_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:poweredge_c4130:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:dell:poweredge_r930_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:poweredge_r930:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:o:dell:poweredge_m630_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:poweredge_m630:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
cpe:2.3:o:dell:poweredge_m630_\(pe_vrtx\)_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:poweredge_m630_\(pe_vrtx\):-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND
cpe:2.3:o:dell:poweredge_fc630_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:poweredge_fc630:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND
cpe:2.3:o:dell:poweredge_fc430_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:poweredge_fc430:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND
cpe:2.3:o:dell:poweredge_m830_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:poweredge_m830:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND
cpe:2.3:o:dell:poweredge_m830_\(pe_vrtx\)_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:poweredge_m830_\(pe_vrtx\):-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND
cpe:2.3:o:dell:poweredge_fc830_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:poweredge_fc830:-:*:*:*:*:*:*:*

Configuration 13 (hide)

AND
cpe:2.3:o:dell:poweredge_t630_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:poweredge_t630:-:*:*:*:*:*:*:*

Configuration 14 (hide)

AND
cpe:2.3:o:dell:poweredge_r530_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:poweredge_r530:-:*:*:*:*:*:*:*

Configuration 15 (hide)

AND
cpe:2.3:o:dell:poweredge_r430_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:poweredge_r430:-:*:*:*:*:*:*:*

Configuration 16 (hide)

AND
cpe:2.3:o:dell:poweredge_t430_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:poweredge_t430:-:*:*:*:*:*:*:*

Configuration 17 (hide)

AND
cpe:2.3:o:dell:poweredge_r830_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:poweredge_r830:-:*:*:*:*:*:*:*

Configuration 18 (hide)

AND
cpe:2.3:o:dell:poweredge_c6320_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:poweredge_c6320:-:*:*:*:*:*:*:*

Configuration 19 (hide)

AND
cpe:2.3:o:dell:nx3230_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:nx3230:-:*:*:*:*:*:*:*

Configuration 20 (hide)

AND
cpe:2.3:o:dell:nx3330_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:nx3330:-:*:*:*:*:*:*:*

Configuration 21 (hide)

AND
cpe:2.3:o:dell:xc6320_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:xc6320:-:*:*:*:*:*:*:*

Configuration 22 (hide)

AND
cpe:2.3:o:dell:xc430_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:xc430:-:*:*:*:*:*:*:*

Configuration 23 (hide)

AND
cpe:2.3:o:dell:xc630_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:xc630:-:*:*:*:*:*:*:*

Configuration 24 (hide)

AND
cpe:2.3:o:dell:xc730_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:xc730:-:*:*:*:*:*:*:*

Configuration 25 (hide)

AND
cpe:2.3:o:dell:xc730xd_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:xc730xd:-:*:*:*:*:*:*:*
History

No history.

Information

Published : 2024-03-19 08:15

Updated : 2025-02-04 17:32

NVD link : CVE-2024-25942

Mitre link : CVE-2024-25942

CVE.ORG link : CVE-2024-25942

JSON object : View

Products Affected

dell

  • poweredge_r630
  • poweredge_m630
  • poweredge_m830_firmware
  • poweredge_c4130_firmware
  • xc730_firmware
  • xc630
  • poweredge_fc430_firmware
  • poweredge_r630_firmware
  • poweredge_t630
  • poweredge_c4130
  • poweredge_r930_firmware
  • xc6320
  • poweredge_r430
  • poweredge_r830_firmware
  • poweredge_m830_\(pe_vrtx\)_firmware
  • xc430_firmware
  • poweredge_r830
  • xc730xd_firmware
  • poweredge_r530
  • poweredge_c6320_firmware
  • poweredge_fc830
  • poweredge_r730_firmware
  • nx3330
  • poweredge_m630_firmware
  • nx3230
  • poweredge_r930
  • poweredge_fc430
  • poweredge_t630_firmware
  • poweredge_r730xd
  • poweredge_r530_firmware
  • nx3230_firmware
  • xc6320_firmware
  • poweredge_m630_\(pe_vrtx\)_firmware
  • poweredge_t430
  • poweredge_fc630_firmware
  • poweredge_fc830_firmware
  • nx3330_firmware
  • poweredge_m630_\(pe_vrtx\)
  • poweredge_fc630
  • xc730xd
  • poweredge_r730
  • poweredge_m830
  • poweredge_t430_firmware
  • poweredge_c6320
  • poweredge_r730xd_firmware
  • xc630_firmware
  • poweredge_r430_firmware
  • xc430
  • xc730
  • poweredge_m830_\(pe_vrtx\)
CWE
CWE-20

Improper Input Validation

CWE-787

Out-of-bounds Write