Stack-Based Buffer Overflow in Dell PowerEdge and Precision Systems with Intel Optane
CVE-2021-21554

6.1MEDIUM

Key Information:

Vendor: Dell
Status: Poweredge BiOS Intel 15g
Vendor: CVE Published:; 14 June 2021

What is CVE-2021-21554?

A stack-based buffer overflow vulnerability exists in the BIOS of multiple Dell PowerEdge and Precision systems that use Intel Optane DC Persistent Memory. This vulnerability can be exploited by a local malicious user with elevated privileges, which may result in unauthorized access to sensitive information, denial of service, or arbitrary code execution within the UEFI or BIOS Preboot Environment. Organizations using the affected systems should implement necessary security measures to safeguard against potential exploitation.

Affected Version(s)

PowerEdge BIOS Intel 15G < 2.9.4

References

https://www.dell.com/support/kbdoc/000187958

x_refsource_MISC

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 14, 2021
Vulnerability Reserved
Jan 4, 2021