PT-2024-2093 · Dell · Dell Poweredge Server Bios+1
Codebreaker1337
+1
·
Published
2024-03-13
·
Updated
2024-03-13
·
CVE-2024-0161
CVSS v3.1
8.4
High
| Vector | AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Dell PowerEdge Server BIOS (affected versions not specified)
Dell Precision Rack BIOS (affected versions not specified)
Description
The issue is related to a flaw in the verification of the SMM communication buffer, which could allow an attacker to write arbitrary data to the System Management RAM (SMRAM). This could be exploited by a local, low-privileged attacker.
Recommendations
For Dell PowerEdge Server BIOS, update to a version that fixes the improper SMM communication buffer verification issue.
For Dell Precision Rack BIOS, update to a version that fixes the improper SMM communication buffer verification issue.
As a temporary workaround, consider restricting access to the SMM communication buffer to minimize the risk of exploitation.
Fix
RCE
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Dell Poweredge Server Bios
Dell Precision Rack Bios