SB2025052075 - Multiple vulnerabilities in Dell Client Platform
Published: May 20, 2025
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 6 secuirty vulnerabilities.
1) Buffer overflow (CVE-ID: CVE-2023-48267)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error. A local administrator can trigger memory corruption and gain elevated privileges on the target system.
2) Race condition (CVE-ID: CVE-2023-49603)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a race condition. A local administrator can exploit the race and gain unauthorized access to sensitive information and escalate privileges on the system.
3) Input validation error (CVE-ID: CVE-2023-49615)
The vulnerability allows a remote attacker to escalate privileges on the system.
The vulnerability exists due to insufficient validation of user-supplied input. A local administrator can pass specially crafted input to the application and gain elevated privileges on the system.
4) Buffer overflow (CVE-ID: CVE-2023-49618)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error. A local administrator can trigger memory corruption and gain elevated privileges on the target system.
5) Race condition (CVE-ID: CVE-2024-36262)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a race condition. A local administrator can exploit the race and gain unauthorized access to sensitive information and escalate privileges on the system.
6) Race condition (CVE-ID: CVE-2023-48366)
The vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to a race condition. A local administrator can exploit the race and gain unauthorized access to sensitive information on the system.
Remediation
Install update from vendor's website.