Dell PowerEdge Server BIOS Vulnerability Allows Low-Privilege Attackers to Read Non-SMM Stack Memory
CVE-2024-0154

3.3LOW

Key Information:

Vendor: Dell
Status: Poweredge Platform
Vendor: CVE Published:; 13 March 2024

Summary

Dell PowerEdge Server BIOS and Dell Precision Rack BIOS contain an improper parameter initialization vulnerability. A local low privileged attacker could potentially exploit this vulnerability to read the contents of non-SMM stack memory.

Affected Version(s)

PowerEdge Platform < 2.0.0

PowerEdge Platform < 1.7.6

PowerEdge Platform < 1.7.2

References

https://www.dell.com/support/kbdoc/en-us/000222898/dsa-20...

vendor-advisory

CVSS V3.1

Score:

3.3

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 13, 2024
Vulnerability Reserved
Dec 14, 2023

Credit

Dell would like to thank codebreaker1337 for reporting this issue.