CVE-2024-38304

Dell PowerEdge Platform, 14G Intel BIOS version(s) prior to 2.22.x, contains an Access of Memory Location After End of Buffer vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Information disclosure.

CVSS v3 3.8 LOW

3.8^/10

CVSS v3 : LOW

V3 Legend

Vector :

Exploitability : 2.0 / Impact : 1.4

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope CHANGED

References

Link	Resource
https://www.dell.com/support/kbdoc/en-us/000228137/dsa-2024-310-security-update-for-dell-poweredge-server-for-access-of-memory-location-after-end-of-buffer-vulnerability	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:dell:emc_xc_core_xcxr2_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:emc_xc_core_xcxr2:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:dell:emc_xc_core_xc940_system_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:emc_xc_core_xc940_system:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:dell:emc_xc_core_xc740xd2_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:emc_xc_core_xc740xd2:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

cpe:2.3:o:dell:emc_xc_core_xc740xd_system_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:emc_xc_core_xc740xd_system:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

cpe:2.3:o:dell:emc_xc_core_xc640_system_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:emc_xc_core_xc640_system:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND

cpe:2.3:o:dell:emc_xc_core_6420_system_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:emc_xc_core_6420_system:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND

cpe:2.3:o:dell:emc_storage_nx3340_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:emc_storage_nx3340:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND

cpe:2.3:o:dell:emc_storage_nx3240_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:emc_storage_nx3240:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND

cpe:2.3:o:dell:poweredge_xe7440_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:poweredge_xe7440:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND

cpe:2.3:o:dell:poweredge_xe7420_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:poweredge_xe7420:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND

cpe:2.3:o:dell:poweredge_xe2420_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:poweredge_xe2420:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND

cpe:2.3:o:dell:dss_8440_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:dss_8440:-:*:*:*:*:*:*:*

Configuration 13 (hide)

AND

cpe:2.3:o:dell:poweredge_c4140_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:poweredge_c4140:-:*:*:*:*:*:*:*

Configuration 14 (hide)

AND

cpe:2.3:o:dell:poweredge_mx840c_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:poweredge_mx840c:-:*:*:*:*:*:*:*

Configuration 15 (hide)

AND

cpe:2.3:o:dell:poweredge_mx740c_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:poweredge_mx740c:-:*:*:*:*:*:*:*

Configuration 16 (hide)

AND

cpe:2.3:o:dell:poweredge_m640_\(for_pe_vrtx\)_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:poweredge_m640_\(for_pe_vrtx\):-:*:*:*:*:*:*:*

Configuration 17 (hide)

AND

cpe:2.3:o:dell:poweredge_m640_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:poweredge_m640:-:*:*:*:*:*:*:*

Configuration 18 (hide)

AND

cpe:2.3:o:dell:poweredge_fc640_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:poweredge_fc640:-:*:*:*:*:*:*:*

Configuration 19 (hide)

AND

cpe:2.3:o:dell:poweredge_c6420_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:poweredge_c6420:-:*:*:*:*:*:*:*

Configuration 20 (hide)

AND

cpe:2.3:o:dell:poweredge_t640_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:poweredge_t640:-:*:*:*:*:*:*:*

Configuration 21 (hide)

AND

cpe:2.3:o:dell:poweredge_r940xa_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:poweredge_r940xa:-:*:*:*:*:*:*:*

Configuration 22 (hide)

AND

cpe:2.3:o:dell:poweredge_r840_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:poweredge_r840:-:*:*:*:*:*:*:*

Configuration 23 (hide)

AND

cpe:2.3:o:dell:poweredge_r740xd2_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:poweredge_r740xd2:-:*:*:*:*:*:*:*

Configuration 24 (hide)

AND

cpe:2.3:o:dell:poweredge_xr2_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:poweredge_xr2:-:*:*:*:*:*:*:*

Configuration 25 (hide)

AND

cpe:2.3:o:dell:poweredge_t440_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:poweredge_t440:-:*:*:*:*:*:*:*

Configuration 26 (hide)

AND

cpe:2.3:o:dell:poweredge_r440_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:poweredge_r440:-:*:*:*:*:*:*:*

Configuration 27 (hide)

AND

cpe:2.3:o:dell:poweredge_r540_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:poweredge_r540:-:*:*:*:*:*:*:*

Configuration 28 (hide)

AND

cpe:2.3:o:dell:poweredge_r940_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:poweredge_r940:-:*:*:*:*:*:*:*

Configuration 29 (hide)

AND

cpe:2.3:o:dell:poweredge_r640_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:poweredge_r640:-:*:*:*:*:*:*:*

Configuration 30 (hide)

AND

cpe:2.3:o:dell:poweredge_r740xd_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:poweredge_r740xd:-:*:*:*:*:*:*:*

Configuration 31 (hide)

AND

cpe:2.3:o:dell:poweredge_r740_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:poweredge_r740:-:*:*:*:*:*:*:*

History

20 Dec 2024, 14:41

Type	Values Removed	Values Added
First Time		Dell poweredge R740xd2 Dell poweredge M640 \(for Pe Vrtx\) Dell poweredge Mx840c Firmware Dell poweredge R940xa Dell poweredge Xe2420 Dell poweredge R540 Dell emc Storage Nx3340 Dell emc Xc Core Xcxr2 Dell poweredge R840 Dell poweredge R640 Firmware Dell emc Xc Core Xc740xd System Firmware Dell poweredge R440 Firmware Dell poweredge M640 \(for Pe Vrtx\) Firmware Dell dss 8440 Dell emc Xc Core Xc740xd System Dell emc Storage Nx3240 Firmware Dell emc Xc Core Xcxr2 Firmware Dell poweredge R640 Dell poweredge C4140 Firmware Dell poweredge R740 Dell poweredge T440 Dell emc Storage Nx3240 Dell poweredge Fc640 Firmware Dell emc Xc Core Xc640 System Firmware Dell poweredge Fc640 Dell poweredge Mx740c Dell emc Xc Core Xc640 System Dell poweredge Xe2420 Firmware Dell emc Storage Nx3340 Firmware Dell poweredge C4140 Dell emc Xc Core Xc940 System Dell poweredge Xe7440 Firmware Dell poweredge Xe7420 Dell poweredge C6420 Firmware Dell emc Xc Core Xc740xd2 Firmware Dell emc Xc Core Xc940 System Firmware Dell poweredge Mx740c Firmware Dell poweredge M640 Firmware Dell poweredge C6420 Dell poweredge M640 Dell poweredge R940 Dell poweredge R440 Dell emc Xc Core 6420 System Dell emc Xc Core 6420 System Firmware Dell poweredge T440 Firmware Dell poweredge Xr2 Firmware Dell poweredge T640 Dell poweredge R740xd Dell poweredge Xr2 Dell poweredge Mx840c Dell poweredge R740xd Firmware Dell poweredge T640 Firmware Dell Dell poweredge R940 Firmware Dell poweredge R540 Firmware Dell poweredge R740 Firmware Dell dss 8440 Firmware Dell poweredge R840 Firmware Dell poweredge R740xd2 Firmware Dell emc Xc Core Xc740xd2 Dell poweredge R940xa Firmware Dell poweredge Xe7440 Dell poweredge Xe7420 Firmware
References	~~() https://www.dell.com/support/kbdoc/en-us/000228137/dsa-2024-310-security-update-for-dell-poweredge-server-for-access-of-memory-location-after-end-of-buffer-vulnerability -~~	() https://www.dell.com/support/kbdoc/en-us/000228137/dsa-2024-310-security-update-for-dell-poweredge-server-for-access-of-memory-location-after-end-of-buffer-vulnerability - Vendor Advisory
CPE		cpe:2.3:h:dell:poweredge_c4140:-:::::::* cpe:2.3:o:dell:poweredge_mx840c_firmware:::::::: cpe:2.3:o:dell:emc_storage_nx3340_firmware:::::::: cpe:2.3:h:dell:poweredge_r440:-:::::::* cpe:2.3:h:dell:emc_xc_core_6420_system:-:::::::* cpe:2.3:o:dell:poweredge_xe7440_firmware:::::::: cpe:2.3:o:dell:emc_storage_nx3240_firmware:::::::: cpe:2.3:o:dell:emc_xc_core_xc940_system_firmware:::::::: cpe:2.3:o:dell:poweredge_r540_firmware:::::::: cpe:2.3:o:dell:poweredge_r740xd2_firmware:::::::: cpe:2.3:h:dell:poweredge_xe7420:-:::::::* cpe:2.3:h:dell:poweredge_t640:-:::::::* cpe:2.3:o:dell:poweredge_r840_firmware:::::::: cpe:2.3:h:dell:emc_storage_nx3340:-:::::::* cpe:2.3:o:dell:poweredge_t640_firmware:::::::: cpe:2.3:h:dell:poweredge_m640_\(for_pe_vrtx\):-:::::::* cpe:2.3:h:dell:poweredge_mx840c:-:::::::* cpe:2.3:o:dell:poweredge_r740xd_firmware:::::::: cpe:2.3:h:dell:emc_xc_core_xcxr2:-:::::::* cpe:2.3:o:dell:poweredge_m640_firmware:::::::: cpe:2.3:o:dell:poweredge_mx740c_firmware:::::::: cpe:2.3:o:dell:poweredge_fc640_firmware:::::::: cpe:2.3:o:dell:poweredge_r940_firmware:::::::: cpe:2.3:o:dell:emc_xc_core_xcxr2_firmware:::::::: cpe:2.3:h:dell:poweredge_r740xd2:-:::::::* cpe:2.3:h:dell:poweredge_r740:-:::::::* cpe:2.3:h:dell:poweredge_r840:-:::::::* cpe:2.3:o:dell:dss_8440_firmware:::::::: cpe:2.3:h:dell:emc_storage_nx3240:-:::::::* cpe:2.3:o:dell:emc_xc_core_xc740xd2_firmware:::::::: cpe:2.3:h:dell:emc_xc_core_xc740xd_system:-:::::::* cpe:2.3:h:dell:poweredge_xe2420:-:::::::* cpe:2.3:h:dell:poweredge_r940:-:::::::* cpe:2.3:o:dell:emc_xc_core_xc740xd_system_firmware:::::::: cpe:2.3:h:dell:poweredge_r740xd:-:::::::* cpe:2.3:h:dell:emc_xc_core_xc640_system:-:::::::* cpe:2.3:o:dell:poweredge_r740_firmware:::::::: cpe:2.3:o:dell:poweredge_xe7420_firmware:::::::: cpe:2.3:o:dell:emc_xc_core_6420_system_firmware:::::::: cpe:2.3:o:dell:poweredge_c6420_firmware:::::::: cpe:2.3:h:dell:poweredge_xe7440:-:::::::* cpe:2.3:o:dell:emc_xc_core_xc640_system_firmware:::::::: cpe:2.3:h:dell:poweredge_r540:-:::::::* cpe:2.3:h:dell:emc_xc_core_xc940_system:-:::::::* cpe:2.3:o:dell:poweredge_xr2_firmware:::::::: cpe:2.3:h:dell:emc_xc_core_xc740xd2:-:::::::* cpe:2.3:h:dell:poweredge_r640:-:::::::* cpe:2.3:h:dell:poweredge_fc640:-:::::::* cpe:2.3:o:dell:poweredge_t440_firmware:::::::: cpe:2.3:o:dell:poweredge_m640_\(for_pe_vrtx\)_firmware:::::::: cpe:2.3:o:dell:poweredge_r440_firmware:::::::: cpe:2.3:o:dell:poweredge_c4140_firmware:::::::: cpe:2.3:h:dell:poweredge_mx740c:-:::::::* cpe:2.3:h:dell:poweredge_r940xa:-:::::::* cpe:2.3:h:dell:poweredge_t440:-:::::::* cpe:2.3:o:dell:poweredge_r640_firmware:::::::: cpe:2.3:o:dell:poweredge_xe2420_firmware:::::::: cpe:2.3:h:dell:poweredge_m640:-:::::::* cpe:2.3:o:dell:poweredge_r940xa_firmware:::::::: cpe:2.3:h:dell:poweredge_c6420:-:::::::* cpe:2.3:h:dell:dss_8440:-:::::::* cpe:2.3:h:dell:poweredge_xr2:-:::::::*
CWE		NVD-CWE-Other
Summary		(es) Dell PowerEdge Platform, versión de BIOS de Intel 14G anterior a 2.22.x, contiene una vulnerabilidad de acceso a la ubicación de memoria después del final del búfer. Un atacante con privilegios reducidos y acceso local podría aprovechar esta vulnerabilidad, lo que provocaría la divulgación de información.

29 Aug 2024, 11:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-08-29 11:15

Updated : 2024-12-20 14:41

NVD link : CVE-2024-38304

Mitre link : CVE-2024-38304

CVE.ORG link : CVE-2024-38304

JSON object : View

Products Affected

dell

emc_xc_core_xc740xd2
emc_xc_core_xc740xd2_firmware
poweredge_mx840c
emc_xc_core_xc640_system
poweredge_c6420
emc_xc_core_xc740xd_system
poweredge_xe2420
poweredge_xe7420_firmware
emc_storage_nx3340_firmware
dss_8440_firmware
poweredge_xe7420
poweredge_m640_firmware
poweredge_r940xa
poweredge_mx740c
poweredge_t440_firmware
emc_xc_core_xc640_system_firmware
poweredge_t640_firmware
poweredge_r740xd2_firmware
poweredge_r740xd
emc_storage_nx3340
poweredge_r940
poweredge_mx740c_firmware
poweredge_r740
poweredge_xr2
poweredge_m640
emc_xc_core_xcxr2_firmware
poweredge_xe7440_firmware
emc_xc_core_xc740xd_system_firmware
poweredge_xe2420_firmware
poweredge_c6420_firmware
poweredge_xe7440
emc_xc_core_xc940_system_firmware
poweredge_c4140
poweredge_r940xa_firmware
poweredge_xr2_firmware
poweredge_c4140_firmware
poweredge_m640_\(for_pe_vrtx\)_firmware
poweredge_r440_firmware
poweredge_t640
poweredge_r440
poweredge_r640_firmware
poweredge_mx840c_firmware
emc_xc_core_6420_system
poweredge_fc640_firmware
poweredge_r740xd_firmware
poweredge_r740xd2
poweredge_fc640
emc_xc_core_xcxr2
poweredge_r540
emc_xc_core_6420_system_firmware
poweredge_r740_firmware
emc_storage_nx3240_firmware
emc_xc_core_xc940_system
poweredge_r640
poweredge_r840
poweredge_t440
poweredge_r940_firmware
poweredge_r840_firmware
dss_8440
poweredge_m640_\(for_pe_vrtx\)
emc_storage_nx3240
poweredge_r540_firmware

CWE

CWE-788

Access of Memory Location After End of Buffer

NVD-CWE-Other

3.8 /10