CVE-2024-0162

MEDIUM

Dell PowerEdge Server BIOS < 2.0.0 - Out-of-Bounds Read/Write in SMM Communication Buffer

Title source: llm

Description

Dell PowerEdge Server BIOS and Dell Precision Rack BIOS contain an Improper SMM communication buffer verification vulnerability. A local low privileged attacker could potentially exploit this vulnerability leading to out-of-bound read/writes to SMRAM.

References (1)

Core 1

Core References

Vendor Advisory vendor-advisory

https://www.dell.com/support/kbdoc/en-us/000222812/dsa-2024-004-security-update-for-dell-poweredge-server-bios-for-an-improper-smm-communication-buffer-verification-vulnerability

Scores

CVSS v3 5.3

EPSS 0.0009

EPSS Percentile 25.4%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-119 CWE-787

Status published

Products (50)

dell/emc_xc_core_xc450_firmware < 1.13.2

dell/emc_xc_core_xc650_firmware < 1.13.2

dell/emc_xc_core_xc6520_firmware < 1.13.2

dell/emc_xc_core_xc750_firmware < 1.13.2

dell/emc_xc_core_xc750xa_firmware < 1.13.2

dell/emc_xc_core_xc7525_firmware < 2.14.1

dell/poweredge_c6520_firmware < 1.13.2

dell/poweredge_c6525_firmware < 2.14.1

dell/poweredge_c6615_firmware < 1.2.3

dell/poweredge_c6620_firmware < 2.0.0

... and 40 more

Published Mar 13, 2024

Tracked Since Feb 18, 2026