Skip to main content
Sign Out

Welcome to Dell

My Account
  • Place orders quickly and easily
  • View orders and track your shipping status
  • Enjoy members-only rewards and discounts
  • Create and access a list of your products
Sign In Create an Account Dell Financial Services Premier Sign In Partner Program Sign In
Contact Us

Your Dell.com Carts

DSA-2024-260: Security Update for Dell Client Platform BIOS for an Improper Input Validation Vulnerability

Summary: Dell Client Platform BIOS remediation is available for an Improper Input Validation vulnerability that could be exploited by malicious users to compromise the affected system.

This article applies to   This article does not apply to 
Check out resources for

Impact

Medium

Details

Proprietary Code CVEs
Description
CVSS Base Score
CVSS Vector String
CVE-2024-38483
Dell BIOS contains an Improper Input Validation vulnerability in an externally developed component. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution.

 
5.8
Proprietary Code CVEs
Description
CVSS Base Score
CVSS Vector String
CVE-2024-38483
Dell BIOS contains an Improper Input Validation vulnerability in an externally developed component. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution.

 
5.8
Dell Technologies recommends all customers consider both the CVSS base score and any relevant temporal and environmental scores that may impact the potential severity associated with a particular security vulnerability.

Affected Products & Remediation

Product Software/
Firmware		 Affected Versions Remediated Versions Release Date (MM/DD/YYYY) Link
Latitude 5290 2-in-1 BIOS Versions prior to 1.35.0 Versions 1.35.0 or later 08/08/2024 Go to the Drivers & Downloads site for updates
Precision 3420 Tower BIOS Versions prior to 2.32.0 Versions 2.32.0 or later 08/09/2024 Go to the Drivers & Downloads site for updates
Precision 3620 Tower BIOS Versions prior to 2.32.0 Versions 2.32.0 or later 08/09/2024 Go to the Drivers & Downloads site for updates
Wyse 7040 Thin Client BIOS Versions prior to 1.26.0 Versions 1.26.0 or later 08/09/2024 Go to the Drivers & Downloads site for updates
Product Software/
Firmware		 Affected Versions Remediated Versions Release Date (MM/DD/YYYY) Link
Latitude 5290 2-in-1 BIOS Versions prior to 1.35.0 Versions 1.35.0 or later 08/08/2024 Go to the Drivers & Downloads site for updates
Precision 3420 Tower BIOS Versions prior to 2.32.0 Versions 2.32.0 or later 08/09/2024 Go to the Drivers & Downloads site for updates
Precision 3620 Tower BIOS Versions prior to 2.32.0 Versions 2.32.0 or later 08/09/2024 Go to the Drivers & Downloads site for updates
Wyse 7040 Thin Client BIOS Versions prior to 1.26.0 Versions 1.26.0 or later 08/09/2024 Go to the Drivers & Downloads site for updates

Workarounds & Mitigations

None

Revision History

Revision
Date
Description
1.0
2024-08-13
Initial Release

Acknowledgements

CVE-2024-38483: Dell Technologies would like to thank codebreaker1337 for reporting this issue.
 

Related Information

Dell Security Advisories and Notices
Dell Vulnerability Response Policy
CVSS Scoring Guide

Legal Disclaimer

Affected Products

Latitude 5290 2-in-1, Dell Precision Tower 3420, Dell Precision Tower 3620, Wyse 7040 Thin Client