CVE-2024-0163

MEDIUM

Dell PowerEdge Server BIOS < 2.0.0 (1.8.0 for R860/R960/XE9680/XR5610) - Time-of-check Time-of-use Race Condition

Title source: llm

Description

Dell PowerEdge Server BIOS and Dell Precision Rack BIOS contain a TOCTOU race condition vulnerability. A local low privileged attacker could potentially exploit this vulnerability to gain access to otherwise unauthorized resources.

References (1)

Core 1

Core References

Vendor Advisory vendor-advisory

https://www.dell.com/support/kbdoc/en-us/000222756/dsa-2024-003-security-update-for-dell-poweredge-server-bios-for-a-time-of-check-time-of-use-toctou-vulnerability

Scores

CVSS v3 5.3

EPSS 0.0007

EPSS Percentile 21.8%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-367

Status published

Products (50)

dell/emc_xc_core_xc450_firmware < 1.13.2

dell/emc_xc_core_xc650_firmware < 1.13.2

dell/emc_xc_core_xc6520_firmware < 1.13.2

dell/emc_xc_core_xc750_firmware < 1.13.2

dell/emc_xc_core_xc750xa_firmware < 1.13.2

dell/emc_xc_core_xc7525_firmware < 2.14.1

dell/poweredge_c6520_firmware < 1.13.2

dell/poweredge_c6525_firmware < 2.14.1

dell/poweredge_c6615_firmware < 1.2.3

dell/poweredge_c6620_firmware < 2.0.0

... and 40 more

Published Mar 13, 2024

Tracked Since Feb 18, 2026