Dell PowerEdge server update for Tianocore EDK2
Security Bulletin
This security bulletin contains one low risk vulnerability.
1) Out-of-bounds write
EUVDB-ID: #VU75395
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-38578
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
Description The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error in MdeModulePkg/Core/PiSmmCore/PiSmmCore.c. A local user trigger an out-of-bounds write and execute arbitrary code with elevated privileges.
Install update from vendor's website.
Vulnerable software versionsPowerEdge XE7440: before 2.18.0
PowerEdge XE7420: before 2.18.0
PowerEdge XE2420: before 2.18.0
Dell XC630 Hyper-converged Appliance: before 2.17.0
Dell XC430 Hyper-converged Appliance: before 2.17.0
Dell XC6320 Hyper-converged Appliance: before 2.17.0
Dell Storage NX3330: before 2.17.0
Dell Storage NX3230: before 2.17.0
Dell Storage NX430: before 2.17.0
PowerEdge R330: before 2.17.0
PowerEdge T330: before 2.17.0
PowerEdge R230: before 2.17.0
PowerEdge T130: before 2.17.0
PowerEdge C6320: before 2.17.0
PowerEdge R830: before 1.17.0
PowerEdge T630: before 2.17.0
PowerEdge R930: before 2.12.0
PowerEdge C4130: before 2.17.0
PowerEdge R630: before 2.17.0
PowerEdge R730xd: before 2.17.0
PowerEdge R730: before 2.17.0
PowerEdge R7425: before 1.20.0
PowerEdge R7415: before 1.20.0
PowerEdge R6415: before 1.20.0
Dell EMC NX440: before 2.13.1
PowerEdge R340: before 2.13.1
PowerEdge R240: before 2.13.1
PowerEdge T340: before 2.13.1
PowerEdge T140: before 2.13.1
PowerEdge XR4520c: before 1.10.4
PowerEdge XR4510c : before 1.10.4
PowerEdge XE8545: before 2.11.2
PowerEdge C6525: before 2.11.3
PowerEdge R7525: before 2.11.3
PowerEdge R6525: before 2.11.3
PowerEdge R7515: before 2.11.4
PowerEdge R6515: before 2.11.4
PowerEdge T150: before 1.6.3
PowerEdge R250: before 1.6.3
PowerEdge T350: before 1.6.3
PowerEdge R350: before 1.6.3
PowerEdge XR12: before 1.10.2
PowerEdge XR11: before 1.10.2
PowerEdge R750XS: before 1.10.2
PowerEdge R650XS: before 1.10.2
PowerEdge R450: before 1.10.2
PowerEdge T550: before 1.10.2
PowerEdge R550: before 1.10.2
PowerEdge MX750c: before 1.10.2
PowerEdge C6520: before 1.10.2
PowerEdge R650: before 1.10.2
PowerEdge R750XA: before 1.10.2
PowerEdge R750: before 1.10.2
PowerEdge C6620: before 1.2.1
PowerEdge MX760c: before 1.2.1
PowerEdge R7625: before 1.3.11
PowerEdge R7615: before 1.3.11
PowerEdge R6625: before 1.3.11
PowerEdge R6615: before 1.3.11
PowerEdge R760: before 1.2.1
PowerEdge R660: before 1.2.1
Dell EMC XC Core XCXR2 : before 2.18.1
Dell EMC XC Core XC940 System : before 2.18.1
Dell EMC XC Core XC740xd System : before 2.18.1
Dell EMC XC Core XC640 System : before 2.18.1
Dell EMC XC Core 6420 System : before 2.18.1
Dell EMC Storage NX3340 : before 2.18.1
Dell EMC Storage NX3240 : before 2.18.1
DSS 8440: before 2.18.1
PowerEdge C4140: before 2.18.1
PowerEdge MX840C: before 2.18.1
PowerEdge MX740C: before 2.18.1
PowerEdge M640 (for PE VRTX): before 2.18.1
PowerEdge M640: before 2.18.1
PowerEdge FC640: before 2.18.1
PowerEdge C6420: before 2.18.1
PowerEdge T640: before 2.18.1
PowerEdge R940XA: before 2.18.1
PowerEdge R840: before 2.18.1
PowerEdge R740XD2: before 2.18.1
PowerEdge XR2: before 2.18.1
PowerEdge T440: before 2.18.1
PowerEdge R440: before 2.18.1
PowerEdge R540: before 2.18.1
PowerEdge R940: before 2.18.1
PowerEdge R640: before 2.18.1
PowerEdge R740XD: before 2.18.1
PowerEdge R740: before 2.18.1
External linksQ & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
