CVE-2024-38304 - Vulnerability Details

Dell PowerEdge Platform, 14G Intel BIOS version(s) prior to 2.22.x, contains an Access of Memory Location After End of Buffer vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Information disclosure.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Dell	Dss 8440 Dss 8440 Firmware Emc Storage Nx3240 Emc Storage Nx3240 Firmware Emc Storage Nx3340 Emc Storage Nx3340 Firmware Emc Xc Core 6420 System Emc Xc Core 6420 System Firmware Emc Xc Core Xc640 System Emc Xc Core Xc640 System Firmware Emc Xc Core Xc740xd2 Emc Xc Core Xc740xd2 Firmware Emc Xc Core Xc740xd System Emc Xc Core Xc740xd System Firmware Emc Xc Core Xc940 System Emc Xc Core Xc940 System Firmware Emc Xc Core Xcxr2 Emc Xc Core Xcxr2 Firmware Poweredge C4140 Poweredge C4140 Firmware Poweredge C6420 Poweredge C6420 Firmware Poweredge Fc640 Poweredge Fc640 Firmware Poweredge M640 Poweredge M640 \(for Pe Vrtx\) Poweredge M640 \(for Pe Vrtx\) Firmware Poweredge M640 Firmware Poweredge Mx740c Poweredge Mx740c Firmware Poweredge Mx840c Poweredge Mx840c Firmware Poweredge R440 Poweredge R440 Firmware Poweredge R540 Poweredge R540 Firmware Poweredge R640 Poweredge R640 Firmware Poweredge R740 Poweredge R740 Firmware Poweredge R740xd Poweredge R740xd2 Poweredge R740xd2 Firmware Poweredge R740xd Firmware Poweredge R840 Poweredge R840 Firmware Poweredge R940 Poweredge R940 Firmware Poweredge R940xa Poweredge R940xa Firmware Poweredge T440 Poweredge T440 Firmware Poweredge T640 Poweredge T640 Firmware Poweredge Xe2420 Poweredge Xe2420 Firmware Poweredge Xe7420 Poweredge Xe7420 Firmware Poweredge Xe7440 Poweredge Xe7440 Firmware Poweredge Xr2 Poweredge Xr2 Firmware

Configuration 1 [-]

AND

cpe:2.3:o:dell:emc_xc_core_xcxr2_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:emc_xc_core_xcxr2:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:dell:emc_xc_core_xc940_system_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:emc_xc_core_xc940_system:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:dell:emc_xc_core_xc740xd2_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:emc_xc_core_xc740xd2:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:dell:emc_xc_core_xc740xd_system_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:emc_xc_core_xc740xd_system:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:dell:emc_xc_core_xc640_system_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:emc_xc_core_xc640_system:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND

cpe:2.3:o:dell:emc_xc_core_6420_system_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:emc_xc_core_6420_system:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND

cpe:2.3:o:dell:emc_storage_nx3340_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:emc_storage_nx3340:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND

cpe:2.3:o:dell:emc_storage_nx3240_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:emc_storage_nx3240:-:*:*:*:*:*:*:*

Configuration 9 [-]

AND

cpe:2.3:o:dell:poweredge_xe7440_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:poweredge_xe7440:-:*:*:*:*:*:*:*

Configuration 10 [-]

AND

cpe:2.3:o:dell:poweredge_xe7420_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:poweredge_xe7420:-:*:*:*:*:*:*:*

Configuration 11 [-]

AND

cpe:2.3:o:dell:poweredge_xe2420_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:poweredge_xe2420:-:*:*:*:*:*:*:*

Configuration 12 [-]

AND

cpe:2.3:o:dell:dss_8440_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:dss_8440:-:*:*:*:*:*:*:*

Configuration 13 [-]

AND

cpe:2.3:o:dell:poweredge_c4140_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:poweredge_c4140:-:*:*:*:*:*:*:*

Configuration 14 [-]

AND

cpe:2.3:o:dell:poweredge_mx840c_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:poweredge_mx840c:-:*:*:*:*:*:*:*

Configuration 15 [-]

AND

cpe:2.3:o:dell:poweredge_mx740c_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:poweredge_mx740c:-:*:*:*:*:*:*:*

Configuration 16 [-]

AND

cpe:2.3:o:dell:poweredge_m640_\(for_pe_vrtx\)_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:poweredge_m640_\(for_pe_vrtx\):-:*:*:*:*:*:*:*

Configuration 17 [-]

AND

cpe:2.3:o:dell:poweredge_m640_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:poweredge_m640:-:*:*:*:*:*:*:*

Configuration 18 [-]

AND

cpe:2.3:o:dell:poweredge_fc640_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:poweredge_fc640:-:*:*:*:*:*:*:*

Configuration 19 [-]

AND

cpe:2.3:o:dell:poweredge_c6420_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:poweredge_c6420:-:*:*:*:*:*:*:*

Configuration 20 [-]

AND

cpe:2.3:o:dell:poweredge_t640_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:poweredge_t640:-:*:*:*:*:*:*:*

Configuration 21 [-]

AND

cpe:2.3:o:dell:poweredge_r940xa_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:poweredge_r940xa:-:*:*:*:*:*:*:*

Configuration 22 [-]

AND

cpe:2.3:o:dell:poweredge_r840_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:poweredge_r840:-:*:*:*:*:*:*:*

Configuration 23 [-]

AND

cpe:2.3:o:dell:poweredge_r740xd2_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:poweredge_r740xd2:-:*:*:*:*:*:*:*

Configuration 24 [-]

AND

cpe:2.3:o:dell:poweredge_xr2_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:poweredge_xr2:-:*:*:*:*:*:*:*

Configuration 25 [-]

AND

cpe:2.3:o:dell:poweredge_t440_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:poweredge_t440:-:*:*:*:*:*:*:*

Configuration 26 [-]

AND

cpe:2.3:o:dell:poweredge_r440_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:poweredge_r440:-:*:*:*:*:*:*:*

Configuration 27 [-]

AND

cpe:2.3:o:dell:poweredge_r540_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:poweredge_r540:-:*:*:*:*:*:*:*

Configuration 28 [-]

AND

cpe:2.3:o:dell:poweredge_r940_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:poweredge_r940:-:*:*:*:*:*:*:*

Configuration 29 [-]

AND

cpe:2.3:o:dell:poweredge_r640_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:poweredge_r640:-:*:*:*:*:*:*:*

Configuration 30 [-]

AND

cpe:2.3:o:dell:poweredge_r740xd_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:poweredge_r740xd:-:*:*:*:*:*:*:*

Configuration 31 [-]

AND

cpe:2.3:o:dell:poweredge_r740_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:poweredge_r740:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://www.dell.com/support/kbdoc/en-us/000228137/dsa-2024-310-security-update-for-dell-poweredge-server-for-access-of-memory-location-after-end-of-buffer-vulnerability

History

Fri, 20 Dec 2024 15:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Dell Dell dss 8440 Dell dss 8440 Firmware Dell emc Storage Nx3240 Dell emc Storage Nx3240 Firmware Dell emc Storage Nx3340 Dell emc Storage Nx3340 Firmware Dell emc Xc Core 6420 System Dell emc Xc Core 6420 System Firmware Dell emc Xc Core Xc640 System Dell emc Xc Core Xc640 System Firmware Dell emc Xc Core Xc740xd2 Dell emc Xc Core Xc740xd2 Firmware Dell emc Xc Core Xc740xd System Dell emc Xc Core Xc740xd System Firmware Dell emc Xc Core Xc940 System Dell emc Xc Core Xc940 System Firmware Dell emc Xc Core Xcxr2 Dell emc Xc Core Xcxr2 Firmware Dell poweredge C4140 Dell poweredge C4140 Firmware Dell poweredge C6420 Dell poweredge C6420 Firmware Dell poweredge Fc640 Dell poweredge Fc640 Firmware Dell poweredge M640 Dell poweredge M640 \(for Pe Vrtx\) Dell poweredge M640 \(for Pe Vrtx\) Firmware Dell poweredge M640 Firmware Dell poweredge Mx740c Dell poweredge Mx740c Firmware Dell poweredge Mx840c Dell poweredge Mx840c Firmware Dell poweredge R440 Dell poweredge R440 Firmware Dell poweredge R540 Dell poweredge R540 Firmware Dell poweredge R640 Dell poweredge R640 Firmware Dell poweredge R740 Dell poweredge R740 Firmware Dell poweredge R740xd Dell poweredge R740xd2 Dell poweredge R740xd2 Firmware Dell poweredge R740xd Firmware Dell poweredge R840 Dell poweredge R840 Firmware Dell poweredge R940 Dell poweredge R940 Firmware Dell poweredge R940xa Dell poweredge R940xa Firmware Dell poweredge T440 Dell poweredge T440 Firmware Dell poweredge T640 Dell poweredge T640 Firmware Dell poweredge Xe2420 Dell poweredge Xe2420 Firmware Dell poweredge Xe7420 Dell poweredge Xe7420 Firmware Dell poweredge Xe7440 Dell poweredge Xe7440 Firmware Dell poweredge Xr2 Dell poweredge Xr2 Firmware
Weaknesses		NVD-CWE-Other
CPEs		cpe:2.3:h:dell:dss_8440:-:::::::* cpe:2.3:h:dell:emc_storage_nx3240:-:::::::* cpe:2.3:h:dell:emc_storage_nx3340:-:::::::* cpe:2.3:h:dell:emc_xc_core_6420_system:-:::::::* cpe:2.3:h:dell:emc_xc_core_xc640_system:-:::::::* cpe:2.3:h:dell:emc_xc_core_xc740xd2:-:::::::* cpe:2.3:h:dell:emc_xc_core_xc740xd_system:-:::::::* cpe:2.3:h:dell:emc_xc_core_xc940_system:-:::::::* cpe:2.3:h:dell:emc_xc_core_xcxr2:-:::::::* cpe:2.3:h:dell:poweredge_c4140:-:::::::* cpe:2.3:h:dell:poweredge_c6420:-:::::::* cpe:2.3:h:dell:poweredge_fc640:-:::::::* cpe:2.3:h:dell:poweredge_m640:-:::::::* cpe:2.3:h:dell:poweredge_m640_\(for_pe_vrtx\):-:::::::* cpe:2.3:h:dell:poweredge_mx740c:-:::::::* cpe:2.3:h:dell:poweredge_mx840c:-:::::::* cpe:2.3:h:dell:poweredge_r440:-:::::::* cpe:2.3:h:dell:poweredge_r540:-:::::::* cpe:2.3:h:dell:poweredge_r640:-:::::::* cpe:2.3:h:dell:poweredge_r740:-:::::::* cpe:2.3:h:dell:poweredge_r740xd2:-:::::::* cpe:2.3:h:dell:poweredge_r740xd:-:::::::* cpe:2.3:h:dell:poweredge_r840:-:::::::* cpe:2.3:h:dell:poweredge_r940:-:::::::* cpe:2.3:h:dell:poweredge_r940xa:-:::::::* cpe:2.3:h:dell:poweredge_t440:-:::::::* cpe:2.3:h:dell:poweredge_t640:-:::::::* cpe:2.3:h:dell:poweredge_xe2420:-:::::::* cpe:2.3:h:dell:poweredge_xe7420:-:::::::* cpe:2.3:h:dell:poweredge_xe7440:-:::::::* cpe:2.3:h:dell:poweredge_xr2:-:::::::* cpe:2.3:o:dell:dss_8440_firmware:::::::: cpe:2.3:o:dell:emc_storage_nx3240_firmware:::::::: cpe:2.3:o:dell:emc_storage_nx3340_firmware:::::::: cpe:2.3:o:dell:emc_xc_core_6420_system_firmware:::::::: cpe:2.3:o:dell:emc_xc_core_xc640_system_firmware:::::::: cpe:2.3:o:dell:emc_xc_core_xc740xd2_firmware:::::::: cpe:2.3:o:dell:emc_xc_core_xc740xd_system_firmware:::::::: cpe:2.3:o:dell:emc_xc_core_xc940_system_firmware:::::::: cpe:2.3:o:dell:emc_xc_core_xcxr2_firmware:::::::: cpe:2.3:o:dell:poweredge_c4140_firmware:::::::: cpe:2.3:o:dell:poweredge_c6420_firmware:::::::: cpe:2.3:o:dell:poweredge_fc640_firmware:::::::: cpe:2.3:o:dell:poweredge_m640_\(for_pe_vrtx\)_firmware:::::::: cpe:2.3:o:dell:poweredge_m640_firmware:::::::: cpe:2.3:o:dell:poweredge_mx740c_firmware:::::::: cpe:2.3:o:dell:poweredge_mx840c_firmware:::::::: cpe:2.3:o:dell:poweredge_r440_firmware:::::::: cpe:2.3:o:dell:poweredge_r540_firmware:::::::: cpe:2.3:o:dell:poweredge_r640_firmware:::::::: cpe:2.3:o:dell:poweredge_r740_firmware:::::::: cpe:2.3:o:dell:poweredge_r740xd2_firmware:::::::: cpe:2.3:o:dell:poweredge_r740xd_firmware:::::::: cpe:2.3:o:dell:poweredge_r840_firmware:::::::: cpe:2.3:o:dell:poweredge_r940_firmware:::::::: cpe:2.3:o:dell:poweredge_r940xa_firmware:::::::: cpe:2.3:o:dell:poweredge_t440_firmware:::::::: cpe:2.3:o:dell:poweredge_t640_firmware:::::::: cpe:2.3:o:dell:poweredge_xe2420_firmware:::::::: cpe:2.3:o:dell:poweredge_xe7420_firmware:::::::: cpe:2.3:o:dell:poweredge_xe7440_firmware:::::::: cpe:2.3:o:dell:poweredge_xr2_firmware::::::::
Vendors & Products		Dell Dell dss 8440 Dell dss 8440 Firmware Dell emc Storage Nx3240 Dell emc Storage Nx3240 Firmware Dell emc Storage Nx3340 Dell emc Storage Nx3340 Firmware Dell emc Xc Core 6420 System Dell emc Xc Core 6420 System Firmware Dell emc Xc Core Xc640 System Dell emc Xc Core Xc640 System Firmware Dell emc Xc Core Xc740xd2 Dell emc Xc Core Xc740xd2 Firmware Dell emc Xc Core Xc740xd System Dell emc Xc Core Xc740xd System Firmware Dell emc Xc Core Xc940 System Dell emc Xc Core Xc940 System Firmware Dell emc Xc Core Xcxr2 Dell emc Xc Core Xcxr2 Firmware Dell poweredge C4140 Dell poweredge C4140 Firmware Dell poweredge C6420 Dell poweredge C6420 Firmware Dell poweredge Fc640 Dell poweredge Fc640 Firmware Dell poweredge M640 Dell poweredge M640 \(for Pe Vrtx\) Dell poweredge M640 \(for Pe Vrtx\) Firmware Dell poweredge M640 Firmware Dell poweredge Mx740c Dell poweredge Mx740c Firmware Dell poweredge Mx840c Dell poweredge Mx840c Firmware Dell poweredge R440 Dell poweredge R440 Firmware Dell poweredge R540 Dell poweredge R540 Firmware Dell poweredge R640 Dell poweredge R640 Firmware Dell poweredge R740 Dell poweredge R740 Firmware Dell poweredge R740xd Dell poweredge R740xd2 Dell poweredge R740xd2 Firmware Dell poweredge R740xd Firmware Dell poweredge R840 Dell poweredge R840 Firmware Dell poweredge R940 Dell poweredge R940 Firmware Dell poweredge R940xa Dell poweredge R940xa Firmware Dell poweredge T440 Dell poweredge T440 Firmware Dell poweredge T640 Dell poweredge T640 Firmware Dell poweredge Xe2420 Dell poweredge Xe2420 Firmware Dell poweredge Xe7420 Dell poweredge Xe7420 Firmware Dell poweredge Xe7440 Dell poweredge Xe7440 Firmware Dell poweredge Xr2 Dell poweredge Xr2 Firmware

Thu, 29 Aug 2024 20:30:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Thu, 29 Aug 2024 08:15:00 +0000

Type	Values Removed	Values Added
Description		Dell PowerEdge Platform, 14G Intel BIOS version(s) prior to 2.22.x, contains an Access of Memory Location After End of Buffer vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Information disclosure.
Weaknesses		CWE-788
References		https://www.dell.com/support/kbdoc/en-us/000228137/dsa-2024-310-security-update-for-dell-poweredge-server-for-access-of-memory-location-after-end-of-buffer-vulnerability
Metrics		cvssV3_1 `{'score': 3.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N'}`

MITRE

Status: PUBLISHED

Assigner: dell

Published: 2024-08-29T08:03:40.261Z

Updated: 2024-08-29T13:28:35.429Z

Reserved: 2024-06-13T14:41:01.527Z

Link: CVE-2024-38304

Vulnrichment

Updated: 2024-08-29T13:28:30.928Z

NVD

Status : Analyzed

Published: 2024-08-29T11:15:26.187

Modified: 2024-12-20T14:41:01.273

Link: CVE-2024-38304

Redhat

No data.

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

Exploitation none

Automatable no

Technical Impact partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object