Back

CVE-2024-38304

Aug. 29, 2024, 1:25 p.m.

Awaiting Analysis
CVE has been recently published to the CVE List and has been received by the NVD.

Products

Dell PowerEdge Platform, 14G Intel BIOS

  • before 2.22.x

Source

security_alert@emc.com

Tags

security_alert@emc.com
CWE-788
2024-08-29
CVE-2024-38304

CVE-2024-38304 details

Published : Aug. 29, 2024, 11:15 a.m.
Last Modified : Aug. 29, 2024, 1:25 p.m.

Description

Dell PowerEdge Platform, 14G Intel BIOS version(s) prior to 2.22.x, contains an Access of Memory Location After End of Buffer vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Information disclosure.

CVSS Score

1 2 3.8 4 5 6 7 8 9 10

Weakness

Weakness Name Description
CWE-788 Access of Memory Location After End of Buffer The product reads or writes to a buffer using an index or pointer that references a memory location after the end of the buffer.

CVSS Data

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

Base Score

3.8

Exploitability Score

2.0

Impact Score

1.4

Base Severity

LOW

Vector String : CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N

References

URL Source
https://www.dell.com/support/kbdoc/en-us/000228137/dsa-2024-310-security-update-for-dell-poweredge-server-for-access-of-memory-location-after-end-of-buffer-vulnerability security_alert@emc.com
This website uses the NVD API, but is not approved or certified by it.