Stack-based Buffer Overflow in Dell PowerEdge Servers
CVE-2021-21556

6.1MEDIUM

Key Information:

Vendor: Dell
Status: Poweredge BiOS Intel 15g
Vendor: CVE Published:; 14 June 2021

What is CVE-2021-21556?

The Dell PowerEdge Server series, including models R640, R740, R740XD, R840, R940, R940xa, MX740c, MX840c, and T640, contains a vulnerability in their BIOS firmware stemming from a stack-based buffer overflow related to NVDIMM-N installations. This flaw can be exploited by a local user with high privileges, potentially leading to a denial of service, arbitrary code execution, or unauthorized access to sensitive information within the UEFI or BIOS Preboot Environment. Organizations should take immediate action to mitigate risks associated with this vulnerability.

Affected Version(s)

PowerEdge BIOS Intel 15G < 2.11.2

References

https://www.dell.com/support/kbdoc/000187958

x_refsource_MISC

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 14, 2021
Vulnerability Reserved
Jan 4, 2021