SecuriTricks - CVE-2024-42425

Description

Dell Precision Rack, 14G Intel BIOS versions prior to 2.22.2, contains an Access of Memory Location After End of Buffer vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Information disclosure.

Product(s) Impacted

Vendor	Product	Versions
Dell	Precision 7920 Firmware Precision 7920 7920 Xl Firmware 7920 Xl	* - * -

Weaknesses

Common security weaknesses mapped to this vulnerability.

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.

CWE-788

Access of Memory Location After End of Buffer

The product reads or writes to a buffer using an index or pointer that references a memory location after the end of the buffer.

*CPE(s)

Affected systems and software identified for this CVE.

Type	Vendor	Product	Version	Update	Edition	Language	Software Edition	Target Software	Target Hardware	Other Information
o	dell	precision_7920_firmware	/	/	/	/	/	/	/	/
h	dell	precision_7920	-	/	/	/	/	/	/	/
o	dell	7920_xl_firmware	/	/	/	/	/	/	/	/
h	dell	7920_xl	-	/	/	/	/	/	/	/

References

https://www.dell.com/support/kbdoc/en-us/000227015/dsa-2024-328

CVSS Score

5.5 / 10

CVSS Data - 3.1

Attack Vector: LOCAL
Attack Complexity: LOW
Privileges Required: LOW
Scope: UNCHANGED
Confidentiality Impact: HIGH
Integrity Impact: NONE
Availability Impact: NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

View Vector String

Timeline

Published: Sept. 10, 2024, 9:15 a.m.
Last Modified: Sept. 16, 2024, 3:46 p.m.

Status : Analyzed

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

security_alert@emc.com

CVE-2024-42425