CVE-2024-38304
LOWDell PowerEdge Platform <2.22.x - Info Disclosure
Title source: llmDescription
Dell PowerEdge Platform, 14G Intel BIOS version(s) prior to 2.22.x, contains an Access of Memory Location After End of Buffer vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Information disclosure.
Scores
CVSS v3
3.8
EPSS
0.0011
EPSS Percentile
29.6%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N
Classification
CWE
CWE-788
Status
published
Affected Products (31)
dell/emc_xc_core_xcxr2_firmware
< 2.22.1
dell/emc_xc_core_xc940_system_firmware
< 2.22.2
dell/emc_xc_core_xc740xd2_firmware
< 2.22.1
dell/emc_xc_core_xc740xd_system_firmware
< 2.22.2
dell/emc_xc_core_xc640_system_firmware
< 2.22.2
dell/emc_xc_core_6420_system_firmware
< 2.22.2
dell/emc_storage_nx3340_firmware
< 2.22.2
dell/emc_storage_nx3240_firmware
< 2.22.2
dell/poweredge_xe7440_firmware
< 2.22.2
dell/poweredge_xe7420_firmware
< 2.22.2
dell/poweredge_xe2420_firmware
< 2.22.2
dell/dss_8440_firmware
< 2.22.2
dell/poweredge_c4140_firmware
< 2.22.2
dell/poweredge_mx840c_firmware
< 2.22.1
dell/poweredge_mx740c_firmware
< 2.22.1
... and 16 more
Timeline
Published
Aug 29, 2024
Tracked Since
Feb 18, 2026