Article Number: 000226253
DSA-2024-039: Security Update for Dell AMD-based PowerEdge Server Vulnerability
Summary: Dell PowerEdge Server remediation is available for AMD Server vulnerability that could be exploited by malicious users to compromise the affected systems.
Article Content
Impact
Medium
Details
| Proprietary Code CVEs | Description | CVSS Base Score | CVSS Vector String |
|---|---|---|---|
| CVE-2024-0171 | Dell PowerEdge Server BIOS contains an TOCTOU race condition vulnerability. A local low privileged attacker could potentially exploit this vulnerability to gain access to otherwise unauthorized resources. | 5.3 | CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L |
| Proprietary Code CVEs | Description | CVSS Base Score | CVSS Vector String |
|---|---|---|---|
| CVE-2024-0171 | Dell PowerEdge Server BIOS contains an TOCTOU race condition vulnerability. A local low privileged attacker could potentially exploit this vulnerability to gain access to otherwise unauthorized resources. | 5.3 | CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L |
Affected Products and Remediation
| Product | Software/Firmware | Affected Versions | Remediated Versions | Link |
|---|---|---|---|---|
| PowerEdge R6615 | BIOS | Versions prior to 1.8.3 | Version 1.8.3 or later | https://www.dell.com/support/home/product-support/product/poweredge-r6615/drivers |
| PowerEdge R7615 | BIOS | Versions prior to 1.8.3 | Version 1.8.3 or later | https://www.dell.com/support/home/product-support/product/poweredge-r7615/drivers |
| PowerEdge R6625 | BIOS | Versions prior to 1.8.3 | Version 1.8.3 or later | https://www.dell.com/support/home/product-support/product/poweredge-r6625/drivers |
| PowerEdge R7625 | BIOS | Versions prior to 1.8.3 | Version 1.8.3 or later | https://www.dell.com/support/home/product-support/product/poweredge-r7625/drivers |
| PowerEdge C6615 | BIOS | Versions prior to 1.3.3 | Version 1.3.3 or later | https://www.dell.com/support/home/product-support/product/poweredge-c6615/drivers |
| Dell XC Core XC7625 | BIOS | Versions prior to 1.8.3 | Version 1.8.3 or later | https://www.dell.com/support/home/product-support/product/dell-xc7625-core/drivers |
| Product | Software/Firmware | Affected Versions | Remediated Versions | Link |
|---|---|---|---|---|
| PowerEdge R6615 | BIOS | Versions prior to 1.8.3 | Version 1.8.3 or later | https://www.dell.com/support/home/product-support/product/poweredge-r6615/drivers |
| PowerEdge R7615 | BIOS | Versions prior to 1.8.3 | Version 1.8.3 or later | https://www.dell.com/support/home/product-support/product/poweredge-r7615/drivers |
| PowerEdge R6625 | BIOS | Versions prior to 1.8.3 | Version 1.8.3 or later | https://www.dell.com/support/home/product-support/product/poweredge-r6625/drivers |
| PowerEdge R7625 | BIOS | Versions prior to 1.8.3 | Version 1.8.3 or later | https://www.dell.com/support/home/product-support/product/poweredge-r7625/drivers |
| PowerEdge C6615 | BIOS | Versions prior to 1.3.3 | Version 1.3.3 or later | https://www.dell.com/support/home/product-support/product/poweredge-c6615/drivers |
| Dell XC Core XC7625 | BIOS | Versions prior to 1.8.3 | Version 1.8.3 or later | https://www.dell.com/support/home/product-support/product/dell-xc7625-core/drivers |
The Affected Products and Remediation table above may not be a comprehensive list of all affected supported versions and may be updated as more information becomes available.
Revision History
| Revision | Date | Description |
|---|---|---|
| 1.0 | 2024-06-24 | Initial release |
Related Information
Legal Information
Article Properties
Affected Product
Dell XC Core XC7625, PowerEdge C6615, PowerEdge R6615, PowerEdge R6625, PowerEdge R7615, PowerEdge R7625
Last Published Date
25 Jun 2024
Article Type
Dell Security Advisory