Dell Client Platform update for Intel Ethernet Adapter Complete Driver Pack

1) Untrusted search path

EUVDB-ID: #VU104010

Risk: Low

CVSSv4.0: 2 [CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-24852

CWE-ID: CWE-426 - Untrusted Search Path

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to usage of an untrusted search path. A local user can execute arbitrary code with escalated privileges.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Vostro 5090: All versions

OptiPlex 7760 All-In-One: All versions

OptiPlex 7460 All In One: All versions

OptiPlex 7450 All-In-One: All versions

OptiPlex 5260 All-In-One: All versions

OptiPlex 5060: All versions

OptiPlex 5050: All versions

Latitude 7414 Rugged: All versions

Latitude 5414 Rugged: All versions

Precision 3620 Tower: All versions

Precision 3420 Tower: All versions

Precision 7720: All versions

Precision 7520: All versions

Precision 3530: All versions

Precision 3520: All versions

Latitude 5591: All versions

Latitude 5590: All versions

Latitude 5580: All versions

Latitude 5491: All versions

Latitude 5490: All versions

Latitude 5488: All versions

Latitude 5480: All versions

Latitude 5290: All versions

Latitude 12 Rugged Extreme 7214: All versions

Precision 7730: All versions

Precision 7530: All versions

OptiPlex 7770 All-In-One: All versions

OptiPlex 7470 All-In-One: All versions

OptiPlex 7070 Ultra: All versions

OptiPlex 5480 All-In-One: All versions

OptiPlex 5270 All-In-One: All versions

OptiPlex 5070: All versions

Dell Precision 3630 Tower: All versions

Dell Precision 3431 Tower: All versions

Dell Precision 3430 Tower: All versions

Precision 3240 Compact: All versions

OptiPlex XE3: All versions

OptiPlex 7071: All versions

OptiPlex 7070: All versions

OptiPlex 7060: All versions

Embedded Box PC 5000: All versions

Embedded Box PC 3000: All versions

Precision 7740: All versions

Precision 7540: All versions

Precision 3541: All versions

Precision 3540: All versions

Latitude 7490: All versions

Latitude 7480: All versions

Latitude 7390: All versions

Latitude 7380: All versions

Latitude 7290: All versions

Latitude 7280: All versions

Latitude 5501: All versions

Latitude 5500: All versions

Latitude 5401: All versions

Latitude 5400: All versions

Vostro 5880: All versions

Precision 7750: All versions

Precision 7550: All versions

Precision 3640: All versions

Precision 3551: All versions

Precision 3440: All versions

OptiPlex 7780 All-in-One: All versions

OptiPlex 7480 All-in-One: All versions

OptiPlex 7080: All versions

OptiPlex 5080: All versions

Latitude 5511: All versions

Latitude 5411: All versions

Inspiron 3881: All versions

Intel PCIe Ethernet Controller Driver: before 14.0.5.0

CPE2.3

• cpe:2.3:h:dell:vostro_5090:*:*:*:*:*:*:*:*
• cpe:2.3:h:dell:optiplex_7760_all-in-one:*:*:*:*:*:*:*:*
• cpe:2.3:h:dell:optiplex_7460_all_in_one:*:*:*:*:*:*:*:*
• cpe:2.3:h:dell:optiplex_7450_all-in-one:*:*:*:*:*:*:*:*
• cpe:2.3:h:dell:optiplex_5260_all-in-one:*:*:*:*:*:*:*:*
• cpe:2.3:h:dell:optiplex_5060:*:*:*:*:*:*:*:*
• cpe:2.3:h:dell:optiplex_5050:*:*:*:*:*:*:*:*
• cpe:2.3:h:dell:latitude_7414_rugged:*:*:*:*:*:*:*:*
• cpe:2.3:h:dell:latitude_5414_rugged:*:*:*:*:*:*:*:*
• cpe:2.3:h:dell:precision_3620_tower:*:*:*:*:*:*:*:*
• cpe:2.3:h:dell:precision_3420_tower:*:*:*:*:*:*:*:*
• cpe:2.3:h:dell:precision_7720:*:*:*:*:*:*:*:*
• cpe:2.3:h:dell:precision_7520:*:*:*:*:*:*:*:*
• cpe:2.3:h:dell:precision_3530:*:*:*:*:*:*:*:*
• cpe:2.3:h:dell:precision_3520:*:*:*:*:*:*:*:*
• cpe:2.3:h:dell:latitude_5591:*:*:*:*:*:*:*:*
• cpe:2.3:h:dell:latitude_5590:*:*:*:*:*:*:*:*
• cpe:2.3:h:dell:latitude_5580:*:*:*:*:*:*:*:*
• cpe:2.3:h:dell:latitude_5491:*:*:*:*:*:*:*:*
• cpe:2.3:h:dell:latitude_5490:*:*:*:*:*:*:*:*
• cpe:2.3:h:dell:latitude_5488:*:*:*:*:*:*:*:*
• cpe:2.3:h:dell:latitude_5480:*:*:*:*:*:*:*:*
• cpe:2.3:h:dell:latitude_5290:*:*:*:*:*:*:*:*
• cpe:2.3:h:dell:latitude_12_rugged_extreme_7214:*:*:*:*:*:*:*:*
• cpe:2.3:h:dell:precision_7730:*:*:*:*:*:*:*:*
• cpe:2.3:h:dell:precision_7530:*:*:*:*:*:*:*:*
• cpe:2.3:h:dell:optiplex_7770_all-in-one:*:*:*:*:*:*:*:*
• cpe:2.3:h:dell:optiplex_7470_all-in-one:*:*:*:*:*:*:*:*
• cpe:2.3:h:dell:optiplex_7070_ultra:*:*:*:*:*:*:*:*
• cpe:2.3:h:dell:optiplex_5480_all-in-one:*:*:*:*:*:*:*:*
• cpe:2.3:h:dell:optiplex_5270_all-in-one:*:*:*:*:*:*:*:*
• cpe:2.3:h:dell:optiplex_5070:*:*:*:*:*:*:*:*
• cpe:2.3:h:dell:dell_precision_3630_tower:*:*:*:*:*:*:*:*
• cpe:2.3:h:dell:dell_precision_3431_tower:*:*:*:*:*:*:*:*
• cpe:2.3:h:dell:dell_precision_3430_tower:*:*:*:*:*:*:*:*
• cpe:2.3:h:dell:precision_3240_compact:*:*:*:*:*:*:*:*
• cpe:2.3:h:dell:optiplex_xe3:*:*:*:*:*:*:*:*
• cpe:2.3:h:dell:optiplex_7071:*:*:*:*:*:*:*:*
• cpe:2.3:h:dell:optiplex_7070:*:*:*:*:*:*:*:*
• cpe:2.3:h:dell:optiplex_7060:*:*:*:*:*:*:*:*
• cpe:2.3:h:dell:embedded_box_pc_5000:*:*:*:*:*:*:*:*
• cpe:2.3:h:dell:embedded_box_pc_3000:*:*:*:*:*:*:*:*
• cpe:2.3:h:dell:precision_7740:*:*:*:*:*:*:*:*
• cpe:2.3:h:dell:precision_7540:*:*:*:*:*:*:*:*
• cpe:2.3:h:dell:precision_3541:*:*:*:*:*:*:*:*
• cpe:2.3:h:dell:precision_3540:*:*:*:*:*:*:*:*
• cpe:2.3:h:dell:latitude_7490:*:*:*:*:*:*:*:*
• cpe:2.3:h:dell:latitude_7480:*:*:*:*:*:*:*:*
• cpe:2.3:h:dell:latitude_7390:*:*:*:*:*:*:*:*
• cpe:2.3:h:dell:latitude_7380:*:*:*:*:*:*:*:*
• cpe:2.3:h:dell:latitude_7290:*:*:*:*:*:*:*:*
• cpe:2.3:h:dell:latitude_7280:*:*:*:*:*:*:*:*
• cpe:2.3:h:dell:latitude_5501:*:*:*:*:*:*:*:*
• cpe:2.3:h:dell:latitude_5500:*:*:*:*:*:*:*:*
• cpe:2.3:h:dell:latitude_5401:*:*:*:*:*:*:*:*
• cpe:2.3:h:dell:latitude_5400:*:*:*:*:*:*:*:*
• cpe:2.3:h:dell:vostro_5880:*:*:*:*:*:*:*:*
• cpe:2.3:h:dell:precision_7750:*:*:*:*:*:*:*:*
• cpe:2.3:h:dell:precision_7550:*:*:*:*:*:*:*:*
• cpe:2.3:h:dell:precision_3640:*:*:*:*:*:*:*:*
• cpe:2.3:h:dell:precision_3551:*:*:*:*:*:*:*:*
• cpe:2.3:h:dell:precision_3440:*:*:*:*:*:*:*:*
• cpe:2.3:h:dell:optiplex_7780_all-in-one:*:*:*:*:*:*:*:*
• cpe:2.3:h:dell:optiplex_7480_all-in-one:*:*:*:*:*:*:*:*
• cpe:2.3:h:dell:optiplex_7080:*:*:*:*:*:*:*:*
• cpe:2.3:h:dell:optiplex_5080:*:*:*:*:*:*:*:*
• cpe:2.3:h:dell:latitude_5511:*:*:*:*:*:*:*:*
• cpe:2.3:h:dell:latitude_5411:*:*:*:*:*:*:*:*
• cpe:2.3:h:dell:inspiron_3881:*:*:*:*:*:*:*:*
• cpe:2.3:h:dell:intel_pcie_ethernet_controller_driver:*:*:*:*:*:*:*:*

External links

https://www.dell.com/support/kbdoc/nl-nl/000228320/dsa-2024-384

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Out-of-bounds write

EUVDB-ID: #VU104011

Risk: Medium

CVSSv4.0: 4.9 [CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2024-36274

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing untrusted input in the Intel 800 Series Ethernet Driver. A remote attacker on the local network can trigger an out-of-bounds write and perform a denial of service (DoS) attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Vostro 5090: All versions

OptiPlex 7760 All-In-One: All versions

OptiPlex 7460 All In One: All versions

OptiPlex 7450 All-In-One: All versions

OptiPlex 5260 All-In-One: All versions

OptiPlex 5060: All versions

OptiPlex 5050: All versions

Latitude 7414 Rugged: All versions

Latitude 5414 Rugged: All versions

Precision 3620 Tower: All versions

Precision 3420 Tower: All versions

Precision 7720: All versions

Precision 7520: All versions

Precision 3530: All versions

Precision 3520: All versions

Latitude 5591: All versions

Latitude 5590: All versions

Latitude 5580: All versions

Latitude 5491: All versions

Latitude 5490: All versions

Latitude 5488: All versions

Latitude 5480: All versions

Latitude 5290: All versions

Latitude 12 Rugged Extreme 7214: All versions

Precision 7730: All versions

Precision 7530: All versions

OptiPlex 7770 All-In-One: All versions

OptiPlex 7470 All-In-One: All versions

OptiPlex 7070 Ultra: All versions

OptiPlex 5480 All-In-One: All versions

OptiPlex 5270 All-In-One: All versions

OptiPlex 5070: All versions

Dell Precision 3630 Tower: All versions

Dell Precision 3431 Tower: All versions

Dell Precision 3430 Tower: All versions

Precision 3240 Compact: All versions

OptiPlex XE3: All versions

OptiPlex 7071: All versions

OptiPlex 7070: All versions

OptiPlex 7060: All versions

Embedded Box PC 5000: All versions

Embedded Box PC 3000: All versions

Precision 7740: All versions

Precision 7540: All versions

Precision 3541: All versions

Precision 3540: All versions

Latitude 7490: All versions

Latitude 7480: All versions

Latitude 7390: All versions

Latitude 7380: All versions

Latitude 7290: All versions

Latitude 7280: All versions

Latitude 5501: All versions

Latitude 5500: All versions

Latitude 5401: All versions

Latitude 5400: All versions

Vostro 5880: All versions

Precision 7750: All versions

Precision 7550: All versions

Precision 3640: All versions

Precision 3551: All versions

Precision 3440: All versions

OptiPlex 7780 All-in-One: All versions

OptiPlex 7480 All-in-One: All versions

OptiPlex 7080: All versions

OptiPlex 5080: All versions

Latitude 5511: All versions

Latitude 5411: All versions

Inspiron 3881: All versions

Intel PCIe Ethernet Controller Driver: before 14.0.5.0

CPE2.3

• cpe:2.3:h:dell:vostro_5090:*:*:*:*:*:*:*:*
• cpe:2.3:h:dell:optiplex_7760_all-in-one:*:*:*:*:*:*:*:*
• cpe:2.3:h:dell:optiplex_7460_all_in_one:*:*:*:*:*:*:*:*
• cpe:2.3:h:dell:optiplex_7450_all-in-one:*:*:*:*:*:*:*:*
• cpe:2.3:h:dell:optiplex_5260_all-in-one:*:*:*:*:*:*:*:*
• cpe:2.3:h:dell:optiplex_5060:*:*:*:*:*:*:*:*
• cpe:2.3:h:dell:optiplex_5050:*:*:*:*:*:*:*:*
• cpe:2.3:h:dell:latitude_7414_rugged:*:*:*:*:*:*:*:*
• cpe:2.3:h:dell:latitude_5414_rugged:*:*:*:*:*:*:*:*
• cpe:2.3:h:dell:precision_3620_tower:*:*:*:*:*:*:*:*
• cpe:2.3:h:dell:precision_3420_tower:*:*:*:*:*:*:*:*
• cpe:2.3:h:dell:precision_7720:*:*:*:*:*:*:*:*
• cpe:2.3:h:dell:precision_7520:*:*:*:*:*:*:*:*
• cpe:2.3:h:dell:precision_3530:*:*:*:*:*:*:*:*
• cpe:2.3:h:dell:precision_3520:*:*:*:*:*:*:*:*
• cpe:2.3:h:dell:latitude_5591:*:*:*:*:*:*:*:*
• cpe:2.3:h:dell:latitude_5590:*:*:*:*:*:*:*:*
• cpe:2.3:h:dell:latitude_5580:*:*:*:*:*:*:*:*
• cpe:2.3:h:dell:latitude_5491:*:*:*:*:*:*:*:*
• cpe:2.3:h:dell:latitude_5490:*:*:*:*:*:*:*:*
• cpe:2.3:h:dell:latitude_5488:*:*:*:*:*:*:*:*
• cpe:2.3:h:dell:latitude_5480:*:*:*:*:*:*:*:*
• cpe:2.3:h:dell:latitude_5290:*:*:*:*:*:*:*:*
• cpe:2.3:h:dell:latitude_12_rugged_extreme_7214:*:*:*:*:*:*:*:*
• cpe:2.3:h:dell:precision_7730:*:*:*:*:*:*:*:*
• cpe:2.3:h:dell:precision_7530:*:*:*:*:*:*:*:*
• cpe:2.3:h:dell:optiplex_7770_all-in-one:*:*:*:*:*:*:*:*
• cpe:2.3:h:dell:optiplex_7470_all-in-one:*:*:*:*:*:*:*:*
• cpe:2.3:h:dell:optiplex_7070_ultra:*:*:*:*:*:*:*:*
• cpe:2.3:h:dell:optiplex_5480_all-in-one:*:*:*:*:*:*:*:*
• cpe:2.3:h:dell:optiplex_5270_all-in-one:*:*:*:*:*:*:*:*
• cpe:2.3:h:dell:optiplex_5070:*:*:*:*:*:*:*:*
• cpe:2.3:h:dell:dell_precision_3630_tower:*:*:*:*:*:*:*:*
• cpe:2.3:h:dell:dell_precision_3431_tower:*:*:*:*:*:*:*:*
• cpe:2.3:h:dell:dell_precision_3430_tower:*:*:*:*:*:*:*:*
• cpe:2.3:h:dell:precision_3240_compact:*:*:*:*:*:*:*:*
• cpe:2.3:h:dell:optiplex_xe3:*:*:*:*:*:*:*:*
• cpe:2.3:h:dell:optiplex_7071:*:*:*:*:*:*:*:*
• cpe:2.3:h:dell:optiplex_7070:*:*:*:*:*:*:*:*
• cpe:2.3:h:dell:optiplex_7060:*:*:*:*:*:*:*:*
• cpe:2.3:h:dell:embedded_box_pc_5000:*:*:*:*:*:*:*:*
• cpe:2.3:h:dell:embedded_box_pc_3000:*:*:*:*:*:*:*:*
• cpe:2.3:h:dell:precision_7740:*:*:*:*:*:*:*:*
• cpe:2.3:h:dell:precision_7540:*:*:*:*:*:*:*:*
• cpe:2.3:h:dell:precision_3541:*:*:*:*:*:*:*:*
• cpe:2.3:h:dell:precision_3540:*:*:*:*:*:*:*:*
• cpe:2.3:h:dell:latitude_7490:*:*:*:*:*:*:*:*
• cpe:2.3:h:dell:latitude_7480:*:*:*:*:*:*:*:*
• cpe:2.3:h:dell:latitude_7390:*:*:*:*:*:*:*:*
• cpe:2.3:h:dell:latitude_7380:*:*:*:*:*:*:*:*
• cpe:2.3:h:dell:latitude_7290:*:*:*:*:*:*:*:*
• cpe:2.3:h:dell:latitude_7280:*:*:*:*:*:*:*:*
• cpe:2.3:h:dell:latitude_5501:*:*:*:*:*:*:*:*
• cpe:2.3:h:dell:latitude_5500:*:*:*:*:*:*:*:*
• cpe:2.3:h:dell:latitude_5401:*:*:*:*:*:*:*:*
• cpe:2.3:h:dell:latitude_5400:*:*:*:*:*:*:*:*
• cpe:2.3:h:dell:vostro_5880:*:*:*:*:*:*:*:*
• cpe:2.3:h:dell:precision_7750:*:*:*:*:*:*:*:*
• cpe:2.3:h:dell:precision_7550:*:*:*:*:*:*:*:*
• cpe:2.3:h:dell:precision_3640:*:*:*:*:*:*:*:*
• cpe:2.3:h:dell:precision_3551:*:*:*:*:*:*:*:*
• cpe:2.3:h:dell:precision_3440:*:*:*:*:*:*:*:*
• cpe:2.3:h:dell:optiplex_7780_all-in-one:*:*:*:*:*:*:*:*
• cpe:2.3:h:dell:optiplex_7480_all-in-one:*:*:*:*:*:*:*:*
• cpe:2.3:h:dell:optiplex_7080:*:*:*:*:*:*:*:*
• cpe:2.3:h:dell:optiplex_5080:*:*:*:*:*:*:*:*
• cpe:2.3:h:dell:latitude_5511:*:*:*:*:*:*:*:*
• cpe:2.3:h:dell:latitude_5411:*:*:*:*:*:*:*:*
• cpe:2.3:h:dell:inspiron_3881:*:*:*:*:*:*:*:*
• cpe:2.3:h:dell:intel_pcie_ethernet_controller_driver:*:*:*:*:*:*:*:*

External links

https://www.dell.com/support/kbdoc/nl-nl/000228320/dsa-2024-384

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.