CVE-2021-21554: Buffer Overflow
First published: Mon Jun 14 2021(Updated: )
Dell PowerEdge R640, R740, R740XD, R840, R940, R940xa, MX740c, MX840c, and, Dell Precision 7920 Rack Workstation BIOS contain a stack-based buffer overflow vulnerability in systems with Intel Optane DC Persistent Memory installed. A local malicious user with high privileges may potentially exploit this vulnerability, leading to a denial of Service, arbitrary code execution, or information disclosure in UEFI or BIOS Preboot Environment.
Credit: security_alert@emc.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Dell Poweredge R640 Firmware | <2.9.4 | |
| Dell PowerEdge R640 | ||
| Dell Poweredge R740 Firmware | <2.9.4 | |
| Dell Poweredge R740 | ||
| Dell Poweredge R740xd Firmware | <2.9.4 | |
| Dell Poweredge R740xd | ||
| Dell Poweredge R940 Firmware | <2.9.4 | |
| Dell Poweredge R940 | ||
| Dell Poweredge R840 Firmware | <2.9.4 | |
| Dell Poweredge R840 | ||
| Dell Poweredge R940xa Firmware | <2.9.4 | |
| Dell Poweredge R940xa | ||
| Dell Poweredge Mx740c Firmware | <2.9.4 | |
| Dell Poweredge Mx740c | ||
| Dell Poweredge Mx840c Firmware | <2.9.4 | |
| Dell Poweredge Mx840c | ||
| Dell Precision 7920 Firmware | ||
| Dell Precision 7920 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2021-21554?
CVE-2021-21554 is a stack-based buffer overflow vulnerability found in Dell PowerEdge R640, R740, R740XD, R840, R940, R940xa, MX740c, MX840c, and Dell Precision 7920 Rack Workstation BIOS.
How does CVE-2021-21554 affect Dell PowerEdge R640?
Dell PowerEdge R640 systems with Intel Optane DC Persistent Memory installed are affected by CVE-2021-21554.
How severe is CVE-2021-21554?
CVE-2021-21554 has a severity rating of 6.7 (high).
How can a local malicious user exploit CVE-2021-21554?
A local malicious user with high privileges may potentially exploit CVE-2021-21554.
Where can I find more information about CVE-2021-21554?
You can find more information about CVE-2021-21554 on the Dell support website.
- collector/nvd-index
- agent/severity
- agent/author
- agent/references
- agent/weakness
- agent/type
- agent/event
- agent/description
- agent/remedy
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/dell
- canonical/dell poweredge r640 firmware
- canonical/dell poweredge r640
- canonical/dell poweredge r740 firmware
- canonical/dell poweredge r740
- canonical/dell poweredge r740xd firmware
- canonical/dell poweredge r740xd
- canonical/dell poweredge r940 firmware
- canonical/dell poweredge r940
- canonical/dell poweredge r840 firmware
- canonical/dell poweredge r840
- canonical/dell poweredge r940xa firmware
- canonical/dell poweredge r940xa
- canonical/dell poweredge mx740c firmware
- canonical/dell poweredge mx740c
- canonical/dell poweredge mx840c firmware
- canonical/dell poweredge mx840c
- canonical/dell precision 7920 firmware
- canonical/dell precision 7920