CVE-2021-21555: Buffer Overflow
First published: Mon Jun 14 2021(Updated: )
Dell PowerEdge R640, R740, R740XD, R840, R940, R940xa, MX740c, MX840c, and T640 Server BIOS contain a heap-based buffer overflow vulnerability in systems with NVDIMM-N installed. A local malicious user with high privileges may potentially exploit this vulnerability, leading to a denial of Service, arbitrary code execution, or information disclosure in UEFI or BIOS Preboot Environment.
Credit: security_alert@emc.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Dell Poweredge R640 Firmware | <2.11.2 | |
| Dell PowerEdge R640 | ||
| Dell Poweredge R740 Firmware | <2.11.2 | |
| Dell Poweredge R740 | ||
| Dell Poweredge R740xd Firmware | <2.11.2 | |
| Dell Poweredge R740xd | ||
| Dell Poweredge R940 Firmware | <2.11.2 | |
| Dell Poweredge R940 | ||
| Dell Poweredge R840 Firmware | <2.11.2 | |
| Dell Poweredge R840 | ||
| Dell Poweredge R940xa Firmware | <2.11.2 | |
| Dell Poweredge R940xa | ||
| Dell Poweredge T640 Firmware | <2.11.2 | |
| Dell Poweredge T640 | ||
| Dell Poweredge Mx740c Firmware | <2.11.2 | |
| Dell Poweredge Mx740c | ||
| Dell Poweredge Mx840c Firmware | <2.11.2 | |
| Dell Poweredge Mx840c |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2021-21555?
CVE-2021-21555 is a heap-based buffer overflow vulnerability in Dell PowerEdge R640, R740, R740XD, R840, R940, R940xa, MX740c, MX840c, and T640 Server BIOS.
Who is affected by CVE-2021-21555?
Individuals and organizations using Dell PowerEdge R640, R740, R740XD, R840, R940, R940xa, MX740c, MX840c, or T640 servers with NVDIMM-N installed are affected by CVE-2021-21555.
What is the severity of CVE-2021-21555?
CVE-2021-21555 has a severity rating of 6.7 (high).
How can a local malicious user exploit CVE-2021-21555?
A local malicious user with high privileges can potentially exploit CVE-2021-21555, leading to a denial of service.
Where can I find more information about CVE-2021-21555?
You can find more information about CVE-2021-21555 on the Dell support website: [link](https://www.dell.com/support/kbdoc/000187958).
- collector/nvd-index
- agent/references
- agent/weakness
- agent/severity
- agent/author
- agent/type
- agent/description
- agent/event
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/dell
- canonical/dell poweredge r640 firmware
- canonical/dell poweredge r640
- canonical/dell poweredge r740 firmware
- canonical/dell poweredge r740
- canonical/dell poweredge r740xd firmware
- canonical/dell poweredge r740xd
- canonical/dell poweredge r940 firmware
- canonical/dell poweredge r940
- canonical/dell poweredge r840 firmware
- canonical/dell poweredge r840
- canonical/dell poweredge r940xa firmware
- canonical/dell poweredge r940xa
- canonical/dell poweredge t640 firmware
- canonical/dell poweredge t640
- canonical/dell poweredge mx740c firmware
- canonical/dell poweredge mx740c
- canonical/dell poweredge mx840c firmware
- canonical/dell poweredge mx840c