Article Number: 000225476
DSA-2024-168: Security Update for Dell Client BIOS for an Out-of-Bounds Write Vulnerability
Summary: Dell Client BIOS remediation is available for an Out-of-Bounds Write Vulnerability that could be exploited by malicious users to compromise the affected system.
Article Content
Impact
Medium
Details
| Proprietary Code CVEs | Description | CVSS Base Score | CVSS Vector String |
| CVE-2024-28970 | Dell Client BIOS contains an Out-of-bounds Write vulnerability. A local authenticated malicious user with admin privileges could potentially exploit this vulnerability, leading to platform denial of service. | 4.7 |
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:H |
| Proprietary Code CVEs | Description | CVSS Base Score | CVSS Vector String |
| CVE-2024-28970 | Dell Client BIOS contains an Out-of-bounds Write vulnerability. A local authenticated malicious user with admin privileges could potentially exploit this vulnerability, leading to platform denial of service. | 4.7 |
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:H |
Affected Products and Remediation
| Product | Software/Firmware | Affected Version | Remediated Version | Release Date (MM/DD/YYYY) | Link |
|---|---|---|---|---|---|
| Dell G7 7500 | BIOS | Versions prior to 1.32.0 | Versions 1.32.0 or later | 05/30/2024 | Go to the Drivers & Downloads site for updates |
| Dell G7 7700 | BIOS | Versions prior to 1.32.0 | Versions 1.32.0 or later | 05/30/2024 | Go to the Drivers & Downloads site for updates |
| Inspiron 14 Plus 7440 | BIOS | Versions prior to 1.6.0 | Versions 1.6.0 or later | 05/14/2024 | Go to the Drivers & Downloads site for updates |
| Inspiron 16 7640 2-in-1 | BIOS | Versions prior to 1.4.0 | Versions 1.4.0 or later | 05/09/2024 | Go to the Drivers & Downloads site for updates |
| Inspiron 16 Plus 7640 | BIOS | Versions prior to 1.6.0 | Versions 1.6.0 or later | 05/14/2024 | Go to the Drivers & Downloads site for updates |
| Inspiron 24 5420 All-in-One | BIOS | Versions prior to 1.11.0 | Versions 1.11.0 or later | 06/05/2024 | Go to the Drivers & Downloads site for updates |
| Inspiron 27 7720 All-in-One | BIOS | Versions prior to 1.11.0 | Versions 1.11.0 or later | 06/05/2024 | Go to the Drivers & Downloads site for updates |
| Inspiron 5402 | BIOS | Versions prior to 1.30.0 | Versions 1.30.0 or later | 06/07/2024 | Go to the Drivers & Downloads site for updates |
| Inspiron 5409 | BIOS | Versions prior to 1.30.0 | Versions 1.30.0 or later | 06/07/2024 | Go to the Drivers & Downloads site for updates |
| Inspiron 5502 | BIOS | Versions prior to 1.30.0 | Versions 1.30.0 or later | 06/07/2024 | Go to the Drivers & Downloads site for updates |
| Inspiron 5509 | BIOS | Versions prior to 1.30.0 | Versions 1.30.0 or later | 06/07/2024 | Go to the Drivers & Downloads site for updates |
| Precision 3660 | BIOS | Versions prior to 2.14.0 | Versions 2.14.0 or later | 05/08/2024 | Go to the Drivers & Downloads site for updates |
| Vostro 5402 | BIOS | Versions prior to 1.30.0 | Versions 1.30.0 or later | 06/07/2024 | Go to the Drivers & Downloads site for updates |
| Vostro 5502 | BIOS | Versions prior to 1.30.0 | Versions 1.30.0 or later | 06/07/2024 | Go to the Drivers & Downloads site for updates |
| Product | Software/Firmware | Affected Version | Remediated Version | Release Date (MM/DD/YYYY) | Link |
|---|---|---|---|---|---|
| Dell G7 7500 | BIOS | Versions prior to 1.32.0 | Versions 1.32.0 or later | 05/30/2024 | Go to the Drivers & Downloads site for updates |
| Dell G7 7700 | BIOS | Versions prior to 1.32.0 | Versions 1.32.0 or later | 05/30/2024 | Go to the Drivers & Downloads site for updates |
| Inspiron 14 Plus 7440 | BIOS | Versions prior to 1.6.0 | Versions 1.6.0 or later | 05/14/2024 | Go to the Drivers & Downloads site for updates |
| Inspiron 16 7640 2-in-1 | BIOS | Versions prior to 1.4.0 | Versions 1.4.0 or later | 05/09/2024 | Go to the Drivers & Downloads site for updates |
| Inspiron 16 Plus 7640 | BIOS | Versions prior to 1.6.0 | Versions 1.6.0 or later | 05/14/2024 | Go to the Drivers & Downloads site for updates |
| Inspiron 24 5420 All-in-One | BIOS | Versions prior to 1.11.0 | Versions 1.11.0 or later | 06/05/2024 | Go to the Drivers & Downloads site for updates |
| Inspiron 27 7720 All-in-One | BIOS | Versions prior to 1.11.0 | Versions 1.11.0 or later | 06/05/2024 | Go to the Drivers & Downloads site for updates |
| Inspiron 5402 | BIOS | Versions prior to 1.30.0 | Versions 1.30.0 or later | 06/07/2024 | Go to the Drivers & Downloads site for updates |
| Inspiron 5409 | BIOS | Versions prior to 1.30.0 | Versions 1.30.0 or later | 06/07/2024 | Go to the Drivers & Downloads site for updates |
| Inspiron 5502 | BIOS | Versions prior to 1.30.0 | Versions 1.30.0 or later | 06/07/2024 | Go to the Drivers & Downloads site for updates |
| Inspiron 5509 | BIOS | Versions prior to 1.30.0 | Versions 1.30.0 or later | 06/07/2024 | Go to the Drivers & Downloads site for updates |
| Precision 3660 | BIOS | Versions prior to 2.14.0 | Versions 2.14.0 or later | 05/08/2024 | Go to the Drivers & Downloads site for updates |
| Vostro 5402 | BIOS | Versions prior to 1.30.0 | Versions 1.30.0 or later | 06/07/2024 | Go to the Drivers & Downloads site for updates |
| Vostro 5502 | BIOS | Versions prior to 1.30.0 | Versions 1.30.0 or later | 06/07/2024 | Go to the Drivers & Downloads site for updates |
Workarounds and Mitigations
None
Acknowledgements
CVE-2024-28970: Dell would like to thank Maxim Suhanov for reporting this issue
Revision History
| Revision | Date | Description |
| 1.0 | 2024-06-11 | Initial Release |
Related Information
Legal Information
Article Properties
Affected Product
Dell G7 15 7500, Dell G7 17 7700, Inspiron 5402/5409, Inspiron 14 Plus 7440, Inspiron 5502/5509, Inspiron 16 7640 2-in-1, Inspiron 16 Plus 7640, Inspiron 24 5420 All-in-One, Inspiron 27 7720 All-in-One, Precision 3660 XE Tower, Precision 3660 Tower
, Vostro 5402, Vostro 5502
...
Last Published Date
11 Jun 2024
Article Type
Dell Security Advisory