Article Number: 000222292
DSA-2024-033: Security Update for a Dell Digital Delivery Vulnerability
Summary: Dell Digital Delivery remediation is available for a Use After Free vulnerability that could be exploited by malicious users to compromise the affected system.
Article Content
Impact
High
Details
| Proprietary Code CVEs | Description | CVSS Base Score | CVSS Vector String |
|---|---|---|---|
| CVE-2024-0155 | Dell Digital Delivery, versions prior to 5.0.86.0, contain a Use After Free Vulnerability. A local low privileged attacker could potentially exploit this vulnerability, leading to an application crash or execution of arbitrary code. |
7.0 | CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H |
| Proprietary Code CVEs | Description | CVSS Base Score | CVSS Vector String |
|---|---|---|---|
| CVE-2024-0155 | Dell Digital Delivery, versions prior to 5.0.86.0, contain a Use After Free Vulnerability. A local low privileged attacker could potentially exploit this vulnerability, leading to an application crash or execution of arbitrary code. |
7.0 | CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H |
Affected Products and Remediation
| CVEs Addressed | Product | Affected Versions | Remediated Versions | Link |
|---|---|---|---|---|
| CVE-2024-0155 | Dell Digital Delivery | Versions prior to 5.0.86.0 | 5.0.86.0 | How to Download and Install Dell Digital Delivery |
| CVEs Addressed | Product | Affected Versions | Remediated Versions | Link |
|---|---|---|---|---|
| CVE-2024-0155 | Dell Digital Delivery | Versions prior to 5.0.86.0 | 5.0.86.0 | How to Download and Install Dell Digital Delivery |
Acknowledgements
Dell Technologies would like to thank Yue Liu From TIANGONG Team of Legendsec at QI-ANXIN Group for reporting this issue.
Revision History
| Revision | Date | Description |
|---|---|---|
| 1.0 | 2024-03-01 | Initial Release |
Related Information
Legal Information
Article Properties
Affected Product
Utilities
Last Published Date
01 Mar 2024
Article Type
Dell Security Advisory