CVE-2024-25942: Input Validation
First published: Tue Mar 19 2024(Updated: )
Dell PowerEdge Server BIOS contains an Improper SMM communication buffer verification vulnerability. A physical high privileged attacker could potentially exploit this vulnerability leading to arbitrary writes to SMRAM.
Credit: security_alert@emc.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| All of | ||
| Dell PowerEdge R730 Firmware | <2.19.0 | |
| Dell PowerEdge R730 Firmware | ||
| All of | ||
| Dell PowerEdge R730xd Firmware | <2.19.0 | |
| Dell PowerEdge R730xd Firmware | ||
| All of | ||
| Dell PowerEdge R630 Firmware | <2.19.0 | |
| Dell PowerEdge R630 | ||
| All of | ||
| Dell PowerEdge C4130 | <2.19.0 | |
| Dell PowerEdge C4130 | ||
| All of | ||
| Dell PowerEdge r930 firmware | <2.14.0 | |
| Dell PowerEdge R930 | ||
| All of | ||
| Dell PowerEdge m630 (PE VRTX) Firmware | <2.19.0 | |
| Dell PowerEdge M630p | ||
| All of | ||
| Dell PowerEdge m630 (PE VRTX) Firmware | <2.19.0 | |
| Dell PowerEdge m630 | ||
| All of | ||
| Dell PowerEdge FC630 | <2.19.0 | |
| Dell PowerEdge FC630 | ||
| All of | ||
| Dell PowerEdge FC430 | <2.19.0 | |
| Dell PowerEdge FC430 | ||
| All of | ||
| Dell PowerEdge m830 (pe vrtx) firmware | <2.19.0 | |
| Dell M830 | ||
| All of | ||
| Dell PowerEdge m830 (pe vrtx) firmware | <2.19.0 | |
| Dell PowerEdge m830 (PE VRTX) | ||
| All of | ||
| Dell PowerEdge FC830 | <2.19.0 | |
| Dell PowerEdge FC830 | ||
| All of | ||
| Dell PowerEdge t630 firmware | <2.19.0 | |
| Dell PowerEdge T630 | ||
| All of | ||
| Dell PowerEdge r530 firmware | <2.19.0 | |
| Dell PowerEdge R530 | ||
| All of | ||
| Dell PowerEdge R430 Firmware | <2.19.0 | |
| Dell PowerEdge R430 Firmware | ||
| All of | ||
| Dell PowerEdge T430 Firmware | <2.19.0 | |
| Dell PowerEdge T430 Firmware | ||
| All of | ||
| Dell PowerEdge R830 | <1.19.0 | |
| Dell PowerEdge R830 | ||
| All of | ||
| Dell PowerEdge C6320 Firmware | <2.19.0 | |
| Dell PowerEdge C6320 | ||
| All of | ||
| Dell Storage Nx3230 Firmware | <2.19.0 | |
| Dell NX3230 Firmware | ||
| All of | ||
| Dell NX3330 | <2.19.0 | |
| Dell NX3330 Firmware | ||
| All of | ||
| Dell XC6320 | <2.19.0 | |
| Dell XC6320 Firmware | ||
| All of | ||
| Dell XC430 Firmware | <2.19.0 | |
| Dell XC430 Firmware | ||
| All of | ||
| Dell XC630 Firmware | <2.19.0 | |
| Dell XC630 Firmware | ||
| All of | ||
| Dell XC730 Firmware | <2.19.0 | |
| Dell XC730 Firmware | ||
| All of | ||
| Dell XC730xd Firmware | <2.19.0 | |
| Dell XC730xd Firmware |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2024-25942?
CVE-2024-25942 is considered a high severity vulnerability that allows a physical high privileged attacker to potentially exploit arbitrary writes to SMRAM.
How can I mitigate CVE-2024-25942?
To mitigate CVE-2024-25942, update the affected Dell PowerEdge server BIOS to the latest version that addresses this vulnerability.
Which Dell PowerEdge server models are affected by CVE-2024-25942?
CVE-2024-25942 affects various models including Dell PowerEdge R730, R630, R930, and several others listed in the advisory.
What type of attack is possible with CVE-2024-25942?
CVE-2024-25942 allows for arbitrary writes to SMRAM, which could lead to potential unauthorized access or control over the system.
Is physical access required to exploit CVE-2024-25942?
Yes, exploiting CVE-2024-25942 requires physical access to the vulnerable Dell PowerEdge server.
- agent/references
- agent/type
- agent/description
- agent/first-publish-date
- agent/author
- agent/event
- collector/epss-latest
- source/FIRST
- agent/epss
- collector/mitre-cve
- source/MITRE
- agent/source
- agent/weakness
- agent/last-modified-date
- agent/severity
- agent/softwarecombine
- agent/tags
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/dell
- canonical/dell poweredge r730 firmware
- canonical/dell poweredge r730xd firmware
- canonical/dell poweredge r630 firmware
- canonical/dell poweredge r630
- canonical/dell poweredge c4130
- canonical/dell poweredge r930 firmware
- canonical/dell poweredge r930
- canonical/dell poweredge m630 (pe vrtx) firmware
- canonical/dell poweredge m630p
- canonical/dell poweredge m630
- canonical/dell poweredge fc630
- canonical/dell poweredge fc430
- canonical/dell poweredge m830 (pe vrtx) firmware
- canonical/dell m830
- canonical/dell poweredge m830 (pe vrtx)
- canonical/dell poweredge fc830
- canonical/dell poweredge t630 firmware
- canonical/dell poweredge t630
- canonical/dell poweredge r530 firmware
- canonical/dell poweredge r530
- canonical/dell poweredge r430 firmware
- canonical/dell poweredge t430 firmware
- canonical/dell poweredge r830
- canonical/dell poweredge c6320 firmware
- canonical/dell poweredge c6320
- canonical/dell storage nx3230 firmware
- canonical/dell nx3230 firmware
- canonical/dell nx3330
- canonical/dell nx3330 firmware
- canonical/dell xc6320
- canonical/dell xc6320 firmware
- canonical/dell xc430 firmware
- canonical/dell xc630 firmware
- canonical/dell xc730 firmware
- canonical/dell xc730xd firmware