CVE-2021-21554

Published: Jun 14, 2021Modified: Nov 21, 2024

6.7

Vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Exploitability: 0.8 / Impact: 5.9

Source: NVD

Description

Dell PowerEdge R640, R740, R740XD, R840, R940, R940xa, MX740c, MX840c, and, Dell Precision 7920 Rack Workstation BIOS contain a stack-based buffer overflow vulnerability in systems with Intel Optane DC Persistent Memory installed. A local malicious user with high privileges may potentially exploit this vulnerability, leading to a denial of Service, arbitrary code execution, or information disclosure in UEFI or BIOS Preboot Environment.

Affected (9)

Products: Dell: Poweredge R640 Firmware, Poweredge R740 Firmware, Poweredge R740xd Firmware, Poweredge R940 Firmware, Poweredge R840 Firmware, Poweredge R940xa Firmware, Poweredge Mx740c Firmware, Poweredge Mx840c Firmware, Precision 7920 Firmware

Dell

9 products

Poweredge R640 Firmware

Poweredge R740 Firmware

Poweredge R740xd Firmware

Poweredge R940 Firmware

Poweredge R840 Firmware

Poweredge R940xa Firmware

Poweredge Mx740c Firmware

Poweredge Mx840c Firmware

Precision 7920 Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dell Poweredge R640 Firmware	Before 2.9.4

Running on/with	Platform Versions
Dell Poweredge R640	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dell Poweredge R740 Firmware	Before 2.9.4

Running on/with	Platform Versions
Dell Poweredge R740	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dell Poweredge R740xd Firmware	Before 2.9.4

Running on/with	Platform Versions
Dell Poweredge R740xd	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dell Poweredge R940 Firmware	Before 2.9.4

Running on/with	Platform Versions
Dell Poweredge R940	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dell Poweredge R840 Firmware	Before 2.9.4

Running on/with	Platform Versions
Dell Poweredge R840	All versions

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dell Poweredge R940xa Firmware	Before 2.9.4

Running on/with	Platform Versions
Dell Poweredge R940xa	All versions

Configuration G

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dell Poweredge Mx740c Firmware	Before 2.9.4

Running on/with	Platform Versions
Dell Poweredge Mx740c	All versions

Configuration H

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dell Poweredge Mx840c Firmware	Before 2.9.4

Running on/with	Platform Versions
Dell Poweredge Mx840c	All versions

Configuration I

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dell Precision 7920 Firmware	All versions

Running on/with	Platform Versions
Dell Precision 7920	All versions

Related CWEs

CWE-122

Heap-based Buffer Overflow

A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().

CWE-787

Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

References (2)

https://www.dell.com/support/kbdoc/000187958

Source: security_alert@emc.com

PatchVendor Advisory

https://www.dell.com/support/kbdoc/000187958

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

Timeline

No history available yet.