Article Number: 000227444

DSA-2024-086: Security Update for Dell iDRAC Service Module for Memory Corruption Vulnerabilities

Summary: Dell iDRAC Service Module remediation is available for multiple security vulnerabilities that could be exploited by malicious users to compromise the affected system.

Article Content

Impact

Medium

Details

Proprietary Code CVEs	Description	CVSS Base Score	CVSS Vector String
CVE-2024-25948	Dell iDRAC Service Module version 5.3.0.0 and prior, contain a Out of bound Write Vulnerability. A privileged local attacker could execute arbitrary code potentially resulting in a denial of service event.	4.8	CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:H
CVE-2024-25947	Dell iDRAC Service Module version 5.3.0.0 and prior, contain an Out of bound Read Vulnerability. A privileged local attacker could execute arbitrary code potentially resulting in a denial of service event.	4.8	CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:H
CVE-2024-38489	Dell iDRAC Service Module version 5.3.0.0 and prior contains Out of bound write Vulnerability. A privileged local attacker could execute arbitrary code potentially resulting in a denial of service (partial) event.	3.1	CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:L
CVE-2024-38490	Dell iDRAC Service Module version 5.3.0.0 and prior, contain a Out of bound Write Vulnerability. A privileged local attacker could execute arbitrary code potentially resulting in a denial of service event.	5.8	CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:H
CVE-2024-38481	Dell iDRAC Service Module version 5.3.0.0 and prior, contain a Out of bound Read Vulnerability. A privileged local attacker could execute arbitrary code potentially resulting in a denial of service event.	4.8	CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:H

Proprietary Code CVEs	Description	CVSS Base Score	CVSS Vector String
CVE-2024-25948	Dell iDRAC Service Module version 5.3.0.0 and prior, contain a Out of bound Write Vulnerability. A privileged local attacker could execute arbitrary code potentially resulting in a denial of service event.	4.8	CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:H
CVE-2024-25947	Dell iDRAC Service Module version 5.3.0.0 and prior, contain an Out of bound Read Vulnerability. A privileged local attacker could execute arbitrary code potentially resulting in a denial of service event.	4.8	CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:H
CVE-2024-38489	Dell iDRAC Service Module version 5.3.0.0 and prior contains Out of bound write Vulnerability. A privileged local attacker could execute arbitrary code potentially resulting in a denial of service (partial) event.	3.1	CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:L
CVE-2024-38490	Dell iDRAC Service Module version 5.3.0.0 and prior, contain a Out of bound Write Vulnerability. A privileged local attacker could execute arbitrary code potentially resulting in a denial of service event.	5.8	CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:H
CVE-2024-38481	Dell iDRAC Service Module version 5.3.0.0 and prior, contain a Out of bound Read Vulnerability. A privileged local attacker could execute arbitrary code potentially resulting in a denial of service event.	4.8	CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:H

Dell Technologies recommends all customers consider both the CVSS base score and any relevant temporal and environmental scores that may impact the potential severity associated with a particular security vulnerability.

Affected Products and Remediation

Product	Affected Versions	Remediated Versions	Link
iDRAC Service Module	Versions prior to 5.3.0.0	5.3.1.0, A00	Dell iDRAC Service Module for Windows, v5.3.1.0
iDRAC Service Module	Versions prior to 5.3.0.0	5.3.1.0, A00	Dell iDRAC Service Module for Linux, v5.3.1.0
iDRAC Service Module	Versions prior to 5.3.0.0	5.3.1.0, A00	Dell iDRAC Service Module for ESXi 8.0 U3, v5.3.1.0
iDRAC Service Module	Versions prior to 5.3.0.0	5.3.1.0, A00	Dell iDRAC Service Module for OS DUP, v5.3.1.0
iDRAC Service Module	Versions prior to 5.3.0.0	5.3.1.0, A00	Dell iDRAC Service Module for ESXi 7.0 U3, v5.3.1.0

Product	Affected Versions	Remediated Versions	Link
iDRAC Service Module	Versions prior to 5.3.0.0	5.3.1.0, A00	Dell iDRAC Service Module for Windows, v5.3.1.0
iDRAC Service Module	Versions prior to 5.3.0.0	5.3.1.0, A00	Dell iDRAC Service Module for Linux, v5.3.1.0
iDRAC Service Module	Versions prior to 5.3.0.0	5.3.1.0, A00	Dell iDRAC Service Module for ESXi 8.0 U3, v5.3.1.0
iDRAC Service Module	Versions prior to 5.3.0.0	5.3.1.0, A00	Dell iDRAC Service Module for OS DUP, v5.3.1.0
iDRAC Service Module	Versions prior to 5.3.0.0	5.3.1.0, A00	Dell iDRAC Service Module for ESXi 7.0 U3, v5.3.1.0

Revision History

Revision	Date	Description
1.0	2024-07-31	Initial release
2.0	2024-07-31	Formatting changes only. No changes to content.

DSA-2024-086: Security Update for Dell iDRAC Service Module for Memory Corruption Vulnerabilities

Summary: Dell iDRAC Service Module remediation is available for multiple security vulnerabilities that could be exploited by malicious users to compromise the affected system.

Article Content

Impact

Details

Affected Products and Remediation

Revision History

Related Information

Legal Information

Article Properties

Affected Product

Last Published Date

Article Type

Welcome

Welcome to Dell

DSA-2024-086: Security Update for Dell iDRAC Service Module for Memory Corruption Vulnerabilities

Summary: Dell iDRAC Service Module remediation is available for multiple security vulnerabilities that could be exploited by malicious users to compromise the affected system.

Article Content

Impact

Details

Affected Products and Remediation

Revision History

Related Information

Legal Information

Article Properties

Affected Product

Last Published Date

Article Type