CVE-2024-38304

LOW

Dell PowerEdge Platform <2.22.x - Info Disclosure

Title source: llm

Description

Dell PowerEdge Platform, 14G Intel BIOS version(s) prior to 2.22.x, contains an Access of Memory Location After End of Buffer vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Information disclosure.

References (1)

[Vendor Advisory] https://www.dell.com/support/kbdoc/en-us/000228137/dsa-2024-310-security-update-for-dell-poweredge-server-for-access-of-memory-location-after-end-of-buffer-vulnerability

Scores

CVSS v3 3.8

EPSS 0.0011

EPSS Percentile 29.3%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-788

Status published

Products (31)

dell/dss_8440_firmware < 2.22.2

dell/emc_storage_nx3240_firmware < 2.22.2

dell/emc_storage_nx3340_firmware < 2.22.2

dell/emc_xc_core_6420_system_firmware < 2.22.2

dell/emc_xc_core_xc640_system_firmware < 2.22.2

dell/emc_xc_core_xc740xd2_firmware < 2.22.1

dell/emc_xc_core_xc740xd_system_firmware < 2.22.2

dell/emc_xc_core_xc940_system_firmware < 2.22.2

dell/emc_xc_core_xcxr2_firmware < 2.22.1

dell/poweredge_c4140_firmware < 2.22.2

... and 21 more

Published Aug 29, 2024

Tracked Since Feb 18, 2026