SB2025052050 - Multiple vulnerabilities in Dell PowerEdge Server

Description

This security bulletin contains information about 3 secuirty vulnerabilities.

1) Resource management error (CVE-ID: CVE-2025-20103)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient resource pool in the core management mechanism for some Intel Processors. A local user can perform a denial of service (DoS) attack.

2) Uncaught Exception (CVE-ID: CVE-2025-20054)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an uncaught exception in the core management mechanism for some Intel Processors. A local user can perform a denial of service (DoS) attack.

3) Information disclosure (CVE-ID: CVE-2024-45332)

The vulnerability allows a local user to gain access to potentially sensitive information.

The vulnerability exists due to shared microarchitectural predictor state that influences transient execution. A local user can gain access to sensitive information.

Remediation

Install update from vendor's website.

References

• https://www.dell.com/support/kbdoc/nl-nl/000320934/dsa-2025-156-security-update-for-dell-poweredge-server-for-intel-2025-security-advisories-2025-2-ipu