Dell update for Intel Optane SSD firmware
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 5 |
| CVE-ID | CVE-2023-24587 CVE-2023-27519 CVE-2023-27879 CVE-2023-27306 CVE-2023-24588 |
| CWE-ID | CWE-691 CWE-20 CWE-284 CWE-665 CWE-200 |
| Exploitation vector | Local |
| Public exploit | N/A |
| Vulnerable software Subscribe |
XPS 8950 Hardware solutions / Firmware Vostro 7500 Hardware solutions / Firmware Vostro 5502 Hardware solutions / Firmware Vostro 5402 Hardware solutions / Firmware Vostro 5301 Hardware solutions / Firmware Vostro 15 5510 Hardware solutions / Firmware Vostro 14 5410 Hardware solutions / Firmware Vostro 13 5310 Hardware solutions / Firmware Precision 7920 XL Tower Hardware solutions / Firmware Precision 7920 Tower Hardware solutions / Firmware Precision 7820 XL Tower Hardware solutions / Firmware Precision 7820 Tower Hardware solutions / Firmware Precision 5820 XL Tower Hardware solutions / Firmware Precision 5820 Tower Hardware solutions / Firmware OptiPlex 7490 All-in-One Hardware solutions / Firmware Optiplex 7090 Ultra Hardware solutions / Firmware OptiPlex 7090 Tower Hardware solutions / Firmware OptiPlex 7090 Small Form Factor Hardware solutions / Firmware OptiPlex 7090 Micro Hardware solutions / Firmware OptiPlex 5090 Tower Hardware solutions / Firmware OptiPlex 5090 Small Form Factor Hardware solutions / Firmware OptiPlex 5090 Micro Hardware solutions / Firmware Latitude 5521 Hardware solutions / Firmware Latitude 5520 Hardware solutions / Firmware Latitude 5420 Hardware solutions / Firmware Latitude 5320 Hardware solutions / Firmware Latitude 3520 Hardware solutions / Firmware Latitude 3510 Hardware solutions / Firmware Latitude 3420 Hardware solutions / Firmware Latitude 3410 Hardware solutions / Firmware Latitude 3320 Hardware solutions / Firmware Inspiron 7706 2-in-1 Hardware solutions / Firmware Inspiron 7506 2-in-1 Hardware solutions / Firmware Inspiron 7501 Hardware solutions / Firmware Inspiron 7500 Hardware solutions / Firmware Inspiron 7400 Hardware solutions / Firmware Inspiron 7306 2-in-1 Hardware solutions / Firmware Inspiron 7300 Hardware solutions / Firmware Inspiron 5502/5509 Hardware solutions / Firmware Inspiron 5406 2-in-1 Hardware solutions / Firmware Inspiron 5402/5409 Hardware solutions / Firmware Inspiron 5301 Hardware solutions / Firmware Inspiron 3501 Hardware solutions / Firmware Inspiron 15 5510/5518 Hardware solutions / Firmware Inspiron 15 3511 Hardware solutions / Firmware Inspiron 14 5410/5418 Hardware solutions / Firmware Inspiron 14 5410 2-in-1 Hardware solutions / Firmware Inspiron 13 5310 Hardware solutions / Firmware Alienware Aurora R8 Hardware solutions / Firmware Alienware Aurora R7 Hardware solutions / Firmware Alienware Aurora R13 Hardware solutions / Firmware Alienware Area-51 Threadripper Edition R7 Hardware solutions / Firmware Alienware Area-51 Threadripper Edition R3 and R6 Hardware solutions / Firmware Alienware Area-51 R4 and R5 Hardware solutions / Firmware |
| Vendor | Dell |
Security Bulletin
This security bulletin contains information about 5 vulnerabilities.
1) Insufficient Control Flow Management
EUVDB-ID: #VU83401
Risk: Low
CVSSv3.1: 3.6 [CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-24587
CWE-ID:
CWE-691 - Insufficient Control Flow Management
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient control flow management. A local user can perform a denial of service (DoS) attack.
Install update from vendor's website.
Vulnerable software versionsXPS 8950: before 7004-7053 A02
Vostro 7500: before 7004-7053 A02
Vostro 5502: before 7004-7053 A02
Vostro 5402: before 7004-7053 A02
Vostro 5301: before 7004-7053 A02
Vostro 15 5510: before 7004-7053 A02
Vostro 14 5410: before 7004-7053 A02
Vostro 13 5310: before 7004-7053 A02
Precision 7920 XL Tower: before D08N A00
Precision 7920 Tower: before D08N A00
Precision 7820 XL Tower: before D08N A00
Precision 7820 Tower: before D08N A00
Precision 5820 XL Tower: before D08N A00
Precision 5820 Tower: before D08N A00
OptiPlex 7490 All-in-One: before 7004-7053 A02
Optiplex 7090 Ultra: before 7004-7053 A02
OptiPlex 7090 Tower: before 7004-7053 A02
OptiPlex 7090 Small Form Factor: before 7004-7053 A02
OptiPlex 7090 Micro: before 7004-7053 A02
OptiPlex 5090 Tower: before 7004-7053 A02
OptiPlex 5090 Small Form Factor: before 7004-7053 A02
OptiPlex 5090 Micro: before 7004-7053 A02
Latitude 5521: before 7004-7053 A02
Latitude 5520: before 7004-7053 A02
Latitude 5420: before 7004-7053 A02
Latitude 5320: before 7004-7053 A02
Latitude 3520: before 7004-7053 A02
Latitude 3510: before 7004-7053 A02
Latitude 3420: before 7004-7053 A02
Latitude 3410: before 7004-7053 A02
Latitude 3320: before 7004-7053 A02
Inspiron 7706 2-in-1: before 7004-7053 A02
Inspiron 7506 2-in-1: before 7004-7053 A02
Inspiron 7501: before 7004-7053 A02
Inspiron 7500: before 7004-7053 A02
Inspiron 7400: before 7004-7053 A02
Inspiron 7306 2-in-1: before 7004-7053 A02
Inspiron 7300: before 7004-7053 A02
Inspiron 5502/5509: before 7004-7053 A02
Inspiron 5406 2-in-1: before 7004-7053 A02
Inspiron 5402/5409: before 7004-7053 A02
Inspiron 5301: before 7004-7053 A02
Inspiron 3501: before 7004-7053 A02
Inspiron 15 5510/5518: before 7004-7053 A02
Inspiron 15 3511: before 7004-7053 A02
Inspiron 14 5410/5418: before 7004-7053 A02
Inspiron 14 5410 2-in-1: before 7004-7053 A02
Inspiron 13 5310: before 7004-7053 A02
Alienware Aurora R8: before D08N A00
Alienware Aurora R7: before D08N A00
Alienware Aurora R13: before 7004-7053 A02
Alienware Area-51 Threadripper Edition R7: before D08N A00
Alienware Area-51 Threadripper Edition R3 and R6: before D08N A00
Alienware Area-51 R4 and R5: before D08N A00
External linkshttp://www.dell.com/support/kbdoc/nl-nl/000217698/dsa-2023-335
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Input validation error
EUVDB-ID: #VU83402
Risk: Low
CVSSv3.1: 5.8 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-27519
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to insufficient validation of user-supplied input. A local user can execute arbitrary code with elevated privileges.
Install update from vendor's website.
Vulnerable software versionsXPS 8950: before 7004-7053 A02
Vostro 7500: before 7004-7053 A02
Vostro 5502: before 7004-7053 A02
Vostro 5402: before 7004-7053 A02
Vostro 5301: before 7004-7053 A02
Vostro 15 5510: before 7004-7053 A02
Vostro 14 5410: before 7004-7053 A02
Vostro 13 5310: before 7004-7053 A02
Precision 7920 XL Tower: before D08N A00
Precision 7920 Tower: before D08N A00
Precision 7820 XL Tower: before D08N A00
Precision 7820 Tower: before D08N A00
Precision 5820 XL Tower: before D08N A00
Precision 5820 Tower: before D08N A00
OptiPlex 7490 All-in-One: before 7004-7053 A02
Optiplex 7090 Ultra: before 7004-7053 A02
OptiPlex 7090 Tower: before 7004-7053 A02
OptiPlex 7090 Small Form Factor: before 7004-7053 A02
OptiPlex 7090 Micro: before 7004-7053 A02
OptiPlex 5090 Tower: before 7004-7053 A02
OptiPlex 5090 Small Form Factor: before 7004-7053 A02
OptiPlex 5090 Micro: before 7004-7053 A02
Latitude 5521: before 7004-7053 A02
Latitude 5520: before 7004-7053 A02
Latitude 5420: before 7004-7053 A02
Latitude 5320: before 7004-7053 A02
Latitude 3520: before 7004-7053 A02
Latitude 3510: before 7004-7053 A02
Latitude 3420: before 7004-7053 A02
Latitude 3410: before 7004-7053 A02
Latitude 3320: before 7004-7053 A02
Inspiron 7706 2-in-1: before 7004-7053 A02
Inspiron 7506 2-in-1: before 7004-7053 A02
Inspiron 7501: before 7004-7053 A02
Inspiron 7500: before 7004-7053 A02
Inspiron 7400: before 7004-7053 A02
Inspiron 7306 2-in-1: before 7004-7053 A02
Inspiron 7300: before 7004-7053 A02
Inspiron 5502/5509: before 7004-7053 A02
Inspiron 5406 2-in-1: before 7004-7053 A02
Inspiron 5402/5409: before 7004-7053 A02
Inspiron 5301: before 7004-7053 A02
Inspiron 3501: before 7004-7053 A02
Inspiron 15 5510/5518: before 7004-7053 A02
Inspiron 15 3511: before 7004-7053 A02
Inspiron 14 5410/5418: before 7004-7053 A02
Inspiron 14 5410 2-in-1: before 7004-7053 A02
Inspiron 13 5310: before 7004-7053 A02
Alienware Aurora R8: before D08N A00
Alienware Aurora R7: before D08N A00
Alienware Aurora R13: before 7004-7053 A02
Alienware Area-51 Threadripper Edition R7: before D08N A00
Alienware Area-51 Threadripper Edition R3 and R6: before D08N A00
Alienware Area-51 R4 and R5: before D08N A00
External linkshttp://www.dell.com/support/kbdoc/nl-nl/000217698/dsa-2023-335
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Improper access control
EUVDB-ID: #VU83403
Risk: Low
CVSSv3.1: 2.1 [CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-27879
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
DescriptionThe vulnerability allows an attacker to gain access to sensitive information.
The vulnerability exists due to improper access restrictions. An attacker with physical access to the system can obtain potentially sensitive information.
Install update from vendor's website.
Vulnerable software versionsXPS 8950: before 7004-7053 A02
Vostro 7500: before 7004-7053 A02
Vostro 5502: before 7004-7053 A02
Vostro 5402: before 7004-7053 A02
Vostro 5301: before 7004-7053 A02
Vostro 15 5510: before 7004-7053 A02
Vostro 14 5410: before 7004-7053 A02
Vostro 13 5310: before 7004-7053 A02
Precision 7920 XL Tower: before D08N A00
Precision 7920 Tower: before D08N A00
Precision 7820 XL Tower: before D08N A00
Precision 7820 Tower: before D08N A00
Precision 5820 XL Tower: before D08N A00
Precision 5820 Tower: before D08N A00
OptiPlex 7490 All-in-One: before 7004-7053 A02
Optiplex 7090 Ultra: before 7004-7053 A02
OptiPlex 7090 Tower: before 7004-7053 A02
OptiPlex 7090 Small Form Factor: before 7004-7053 A02
OptiPlex 7090 Micro: before 7004-7053 A02
OptiPlex 5090 Tower: before 7004-7053 A02
OptiPlex 5090 Small Form Factor: before 7004-7053 A02
OptiPlex 5090 Micro: before 7004-7053 A02
Latitude 5521: before 7004-7053 A02
Latitude 5520: before 7004-7053 A02
Latitude 5420: before 7004-7053 A02
Latitude 5320: before 7004-7053 A02
Latitude 3520: before 7004-7053 A02
Latitude 3510: before 7004-7053 A02
Latitude 3420: before 7004-7053 A02
Latitude 3410: before 7004-7053 A02
Latitude 3320: before 7004-7053 A02
Inspiron 7706 2-in-1: before 7004-7053 A02
Inspiron 7506 2-in-1: before 7004-7053 A02
Inspiron 7501: before 7004-7053 A02
Inspiron 7500: before 7004-7053 A02
Inspiron 7400: before 7004-7053 A02
Inspiron 7306 2-in-1: before 7004-7053 A02
Inspiron 7300: before 7004-7053 A02
Inspiron 5502/5509: before 7004-7053 A02
Inspiron 5406 2-in-1: before 7004-7053 A02
Inspiron 5402/5409: before 7004-7053 A02
Inspiron 5301: before 7004-7053 A02
Inspiron 3501: before 7004-7053 A02
Inspiron 15 5510/5518: before 7004-7053 A02
Inspiron 15 3511: before 7004-7053 A02
Inspiron 14 5410/5418: before 7004-7053 A02
Inspiron 14 5410 2-in-1: before 7004-7053 A02
Inspiron 13 5310: before 7004-7053 A02
Alienware Aurora R8: before D08N A00
Alienware Aurora R7: before D08N A00
Alienware Aurora R13: before 7004-7053 A02
Alienware Area-51 Threadripper Edition R7: before D08N A00
Alienware Area-51 Threadripper Edition R3 and R6: before D08N A00
Alienware Area-51 R4 and R5: before D08N A00
External linkshttp://www.dell.com/support/kbdoc/nl-nl/000217698/dsa-2023-335
Q & A
Can this vulnerability be exploited remotely?
No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Improper Initialization
EUVDB-ID: #VU83404
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-27306
CWE-ID:
CWE-665 - Improper Initialization
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper initialization. A local user can run a specially crafted application to perform a denial of service (DoS) attack.
Install update from vendor's website.
Vulnerable software versionsXPS 8950: before 7004-7053 A02
Vostro 7500: before 7004-7053 A02
Vostro 5502: before 7004-7053 A02
Vostro 5402: before 7004-7053 A02
Vostro 5301: before 7004-7053 A02
Vostro 15 5510: before 7004-7053 A02
Vostro 14 5410: before 7004-7053 A02
Vostro 13 5310: before 7004-7053 A02
Precision 7920 XL Tower: before D08N A00
Precision 7920 Tower: before D08N A00
Precision 7820 XL Tower: before D08N A00
Precision 7820 Tower: before D08N A00
Precision 5820 XL Tower: before D08N A00
Precision 5820 Tower: before D08N A00
OptiPlex 7490 All-in-One: before 7004-7053 A02
Optiplex 7090 Ultra: before 7004-7053 A02
OptiPlex 7090 Tower: before 7004-7053 A02
OptiPlex 7090 Small Form Factor: before 7004-7053 A02
OptiPlex 7090 Micro: before 7004-7053 A02
OptiPlex 5090 Tower: before 7004-7053 A02
OptiPlex 5090 Small Form Factor: before 7004-7053 A02
OptiPlex 5090 Micro: before 7004-7053 A02
Latitude 5521: before 7004-7053 A02
Latitude 5520: before 7004-7053 A02
Latitude 5420: before 7004-7053 A02
Latitude 5320: before 7004-7053 A02
Latitude 3520: before 7004-7053 A02
Latitude 3510: before 7004-7053 A02
Latitude 3420: before 7004-7053 A02
Latitude 3410: before 7004-7053 A02
Latitude 3320: before 7004-7053 A02
Inspiron 7706 2-in-1: before 7004-7053 A02
Inspiron 7506 2-in-1: before 7004-7053 A02
Inspiron 7501: before 7004-7053 A02
Inspiron 7500: before 7004-7053 A02
Inspiron 7400: before 7004-7053 A02
Inspiron 7306 2-in-1: before 7004-7053 A02
Inspiron 7300: before 7004-7053 A02
Inspiron 5502/5509: before 7004-7053 A02
Inspiron 5406 2-in-1: before 7004-7053 A02
Inspiron 5402/5409: before 7004-7053 A02
Inspiron 5301: before 7004-7053 A02
Inspiron 3501: before 7004-7053 A02
Inspiron 15 5510/5518: before 7004-7053 A02
Inspiron 15 3511: before 7004-7053 A02
Inspiron 14 5410/5418: before 7004-7053 A02
Inspiron 14 5410 2-in-1: before 7004-7053 A02
Inspiron 13 5310: before 7004-7053 A02
Alienware Aurora R8: before D08N A00
Alienware Aurora R7: before D08N A00
Alienware Aurora R13: before 7004-7053 A02
Alienware Area-51 Threadripper Edition R7: before D08N A00
Alienware Area-51 Threadripper Edition R3 and R6: before D08N A00
Alienware Area-51 R4 and R5: before D08N A00
External linkshttp://www.dell.com/support/kbdoc/nl-nl/000217698/dsa-2023-335
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Information disclosure
EUVDB-ID: #VU83405
Risk: Low
CVSSv3.1: 2.1 [CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-24588
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows an attacker to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output. An attacker with physical access to the system gain unauthorized access to sensitive information.
Install update from vendor's website.
Vulnerable software versionsXPS 8950: before 7004-7053 A02
Vostro 7500: before 7004-7053 A02
Vostro 5502: before 7004-7053 A02
Vostro 5402: before 7004-7053 A02
Vostro 5301: before 7004-7053 A02
Vostro 15 5510: before 7004-7053 A02
Vostro 14 5410: before 7004-7053 A02
Vostro 13 5310: before 7004-7053 A02
Precision 7920 XL Tower: before D08N A00
Precision 7920 Tower: before D08N A00
Precision 7820 XL Tower: before D08N A00
Precision 7820 Tower: before D08N A00
Precision 5820 XL Tower: before D08N A00
Precision 5820 Tower: before D08N A00
OptiPlex 7490 All-in-One: before 7004-7053 A02
Optiplex 7090 Ultra: before 7004-7053 A02
OptiPlex 7090 Tower: before 7004-7053 A02
OptiPlex 7090 Small Form Factor: before 7004-7053 A02
OptiPlex 7090 Micro: before 7004-7053 A02
OptiPlex 5090 Tower: before 7004-7053 A02
OptiPlex 5090 Small Form Factor: before 7004-7053 A02
OptiPlex 5090 Micro: before 7004-7053 A02
Latitude 5521: before 7004-7053 A02
Latitude 5520: before 7004-7053 A02
Latitude 5420: before 7004-7053 A02
Latitude 5320: before 7004-7053 A02
Latitude 3520: before 7004-7053 A02
Latitude 3510: before 7004-7053 A02
Latitude 3420: before 7004-7053 A02
Latitude 3410: before 7004-7053 A02
Latitude 3320: before 7004-7053 A02
Inspiron 7706 2-in-1: before 7004-7053 A02
Inspiron 7506 2-in-1: before 7004-7053 A02
Inspiron 7501: before 7004-7053 A02
Inspiron 7500: before 7004-7053 A02
Inspiron 7400: before 7004-7053 A02
Inspiron 7306 2-in-1: before 7004-7053 A02
Inspiron 7300: before 7004-7053 A02
Inspiron 5502/5509: before 7004-7053 A02
Inspiron 5406 2-in-1: before 7004-7053 A02
Inspiron 5402/5409: before 7004-7053 A02
Inspiron 5301: before 7004-7053 A02
Inspiron 3501: before 7004-7053 A02
Inspiron 15 5510/5518: before 7004-7053 A02
Inspiron 15 3511: before 7004-7053 A02
Inspiron 14 5410/5418: before 7004-7053 A02
Inspiron 14 5410 2-in-1: before 7004-7053 A02
Inspiron 13 5310: before 7004-7053 A02
Alienware Aurora R8: before D08N A00
Alienware Aurora R7: before D08N A00
Alienware Aurora R13: before 7004-7053 A02
Alienware Area-51 Threadripper Edition R7: before D08N A00
Alienware Area-51 Threadripper Edition R3 and R6: before D08N A00
Alienware Area-51 R4 and R5: before D08N A00
External linkshttp://www.dell.com/support/kbdoc/nl-nl/000217698/dsa-2023-335
Q & A
Can this vulnerability be exploited remotely?
No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
