Dell PowerEdge server update for Tianocore EDK2
Security Bulletin
This security bulletin contains one low risk vulnerability.
1) Out-of-bounds write
EUVDB-ID: #VU75395
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2021-38578
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
Description The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error in MdeModulePkg/Core/PiSmmCore/PiSmmCore.c. A local user trigger an out-of-bounds write and execute arbitrary code with elevated privileges.
Install update from vendor's website.
Vulnerable software versionsPowerEdge XE7440: before 2.18.0
PowerEdge XE7420: before 2.18.0
PowerEdge XE2420: before 2.18.0
Dell XC630 Hyper-converged Appliance: before 2.17.0
Dell XC430 Hyper-converged Appliance: before 2.17.0
Dell XC6320 Hyper-converged Appliance: before 2.17.0
Dell Storage NX3330: before 2.17.0
Dell Storage NX3230: before 2.17.0
Dell Storage NX430: before 2.17.0
PowerEdge R330: before 2.17.0
PowerEdge T330: before 2.17.0
PowerEdge R230: before 2.17.0
PowerEdge T130: before 2.17.0
PowerEdge C6320: before 2.17.0
PowerEdge R830: before 1.17.0
PowerEdge T630: before 2.17.0
PowerEdge R930: before 2.12.0
PowerEdge C4130: before 2.17.0
PowerEdge R630: before 2.17.0
PowerEdge R730xd: before 2.17.0
PowerEdge R730: before 2.17.0
PowerEdge R7425: before 1.20.0
PowerEdge R7415: before 1.20.0
PowerEdge R6415: before 1.20.0
Dell EMC NX440: before 2.13.1
PowerEdge R340: before 2.13.1
PowerEdge R240: before 2.13.1
PowerEdge T340: before 2.13.1
PowerEdge T140: before 2.13.1
PowerEdge XR4520c: before 1.10.4
PowerEdge XR4510c : before 1.10.4
PowerEdge XE8545: before 2.11.2
PowerEdge C6525: before 2.11.3
PowerEdge R7525: before 2.11.3
PowerEdge R6525: before 2.11.3
PowerEdge R7515: before 2.11.4
PowerEdge R6515: before 2.11.4
PowerEdge T150: before 1.6.3
PowerEdge R250: before 1.6.3
PowerEdge T350: before 1.6.3
PowerEdge R350: before 1.6.3
PowerEdge XR12: before 1.10.2
PowerEdge XR11: before 1.10.2
PowerEdge R750XS: before 1.10.2
PowerEdge R650XS: before 1.10.2
PowerEdge R450: before 1.10.2
PowerEdge T550: before 1.10.2
PowerEdge R550: before 1.10.2
PowerEdge MX750c: before 1.10.2
PowerEdge C6520: before 1.10.2
PowerEdge R650: before 1.10.2
PowerEdge R750XA: before 1.10.2
PowerEdge R750: before 1.10.2
PowerEdge C6620: before 1.2.1
PowerEdge MX760c: before 1.2.1
PowerEdge R7625: before 1.3.11
PowerEdge R7615: before 1.3.11
PowerEdge R6625: before 1.3.11
PowerEdge R6615: before 1.3.11
PowerEdge R760: before 1.2.1
PowerEdge R660: before 1.2.1
Dell EMC XC Core XCXR2 : before 2.18.1
Dell EMC XC Core XC940 System : before 2.18.1
Dell EMC XC Core XC740xd System : before 2.18.1
Dell EMC XC Core XC640 System : before 2.18.1
Dell EMC XC Core 6420 System : before 2.18.1
Dell EMC Storage NX3340 : before 2.18.1
Dell EMC Storage NX3240 : before 2.18.1
DSS 8440: before 2.18.1
PowerEdge C4140: before 2.18.1
PowerEdge MX840C: before 2.18.1
PowerEdge MX740C: before 2.18.1
PowerEdge M640 (for PE VRTX): before 2.18.1
PowerEdge M640: before 2.18.1
PowerEdge FC640: before 2.18.1
PowerEdge C6420: before 2.18.1
PowerEdge T640: before 2.18.1
PowerEdge R940XA: before 2.18.1
PowerEdge R840: before 2.18.1
PowerEdge R740XD2: before 2.18.1
PowerEdge XR2: before 2.18.1
PowerEdge T440: before 2.18.1
PowerEdge R440: before 2.18.1
PowerEdge R540: before 2.18.1
PowerEdge R940: before 2.18.1
PowerEdge R640: before 2.18.1
PowerEdge R740XD: before 2.18.1
PowerEdge R740: before 2.18.1
CPE2.3 External links
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
