Dell PowerEdge R640, R740, R740XD, R840, R940, R940xa, MX740c, MX840c, and, Dell Precision 7920 Rack Workstation BIOS contain a stack-based buffer overflow vulnerability in systems with Intel Optane DC Persistent Memory installed. A local malicious user with high privileges may potentially exploit this vulnerability, leading to a denial of Service, arbitrary code execution, or information disclosure in UEFI or BIOS Preboot Environment.
References
Link | Resource |
---|---|
https://www.dell.com/support/kbdoc/000187958 | Patch Vendor Advisory |
Configurations
Configuration 1 (hide)
AND |
|
Configuration 2 (hide)
AND |
|
Configuration 3 (hide)
AND |
|
Configuration 4 (hide)
AND |
|
Configuration 5 (hide)
AND |
|
Configuration 6 (hide)
AND |
|
Configuration 7 (hide)
AND |
|
Configuration 8 (hide)
AND |
|
Configuration 9 (hide)
AND |
|
History
23 Jun 2021, 18:24
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-787 | |
CVSS |
v2 : v3 : |
v2 : 7.2
v3 : 6.7 |
References | (CONFIRM) https://www.dell.com/support/kbdoc/000187958 - Patch, Vendor Advisory | |
CPE | cpe:2.3:o:dell:poweredge_r940_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:dell:precision_7920_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:dell:poweredge_r640:-:*:*:*:*:*:*:* cpe:2.3:o:dell:poweredge_r840_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:dell:poweredge_mx840c_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:dell:poweredge_r940xa_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:dell:precision_7920:-:*:*:*:*:*:*:* cpe:2.3:o:dell:poweredge_r640_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:dell:poweredge_r740:-:*:*:*:*:*:*:* cpe:2.3:h:dell:poweredge_r840:-:*:*:*:*:*:*:* cpe:2.3:o:dell:poweredge_r740xd_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:dell:poweredge_r740xd:-:*:*:*:*:*:*:* cpe:2.3:h:dell:poweredge_mx740c:-:*:*:*:*:*:*:* cpe:2.3:h:dell:poweredge_r940xa:-:*:*:*:*:*:*:* cpe:2.3:o:dell:poweredge_mx740c_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:dell:poweredge_mx840c:-:*:*:*:*:*:*:* cpe:2.3:o:dell:poweredge_r740_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:dell:poweredge_r940:-:*:*:*:*:*:*:* |
14 Jun 2021, 19:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2021-06-14 19:15
Updated : 2024-02-04 21:47
NVD link : CVE-2021-21554
Mitre link : CVE-2021-21554
CVE.ORG link : CVE-2021-21554
JSON object : View
Products Affected
dell
- poweredge_mx740c_firmware
- poweredge_mx840c
- poweredge_r940xa
- poweredge_r740
- poweredge_r740_firmware
- poweredge_r940
- precision_7920_firmware
- poweredge_r940_firmware
- poweredge_r840_firmware
- poweredge_r840
- precision_7920
- poweredge_r640_firmware
- poweredge_r940xa_firmware
- poweredge_r640
- poweredge_r740xd_firmware
- poweredge_mx740c
- poweredge_mx840c_firmware
- poweredge_r740xd