CVE-2021-21554

Dell PowerEdge R640, R740, R740XD, R840, R940, R940xa, MX740c, MX840c, and, Dell Precision 7920 Rack Workstation BIOS contain a stack-based buffer overflow vulnerability in systems with Intel Optane DC Persistent Memory installed. A local malicious user with high privileges may potentially exploit this vulnerability, leading to a denial of Service, arbitrary code execution, or information disclosure in UEFI or BIOS Preboot Environment.
References
Link Resource
https://www.dell.com/support/kbdoc/000187958 Patch Vendor Advisory
https://www.dell.com/support/kbdoc/000187958 Patch Vendor Advisory
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:dell:poweredge_r640_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:poweredge_r640:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:dell:poweredge_r740_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:poweredge_r740:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:dell:poweredge_r740xd_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:poweredge_r740xd:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:dell:poweredge_r940_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:poweredge_r940:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:dell:poweredge_r840_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:poweredge_r840:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:o:dell:poweredge_r940xa_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:poweredge_r940xa:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
cpe:2.3:o:dell:poweredge_mx740c_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:poweredge_mx740c:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND
cpe:2.3:o:dell:poweredge_mx840c_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:poweredge_mx840c:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND
cpe:2.3:o:dell:precision_7920_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:dell:precision_7920:-:*:*:*:*:*:*:*

History

21 Nov 2024, 05:48

Type Values Removed Values Added
CVSS v2 : 7.2
v3 : 6.7
v2 : 7.2
v3 : 6.1
References () https://www.dell.com/support/kbdoc/000187958 - Patch, Vendor Advisory () https://www.dell.com/support/kbdoc/000187958 - Patch, Vendor Advisory

Information

Published : 2021-06-14 19:15

Updated : 2024-11-21 05:48


NVD link : CVE-2021-21554

Mitre link : CVE-2021-21554

CVE.ORG link : CVE-2021-21554


JSON object : View

Products Affected

dell

  • poweredge_mx740c_firmware
  • poweredge_r740xd_firmware
  • poweredge_r940
  • poweredge_r840
  • poweredge_r740
  • poweredge_r940_firmware
  • poweredge_r940xa_firmware
  • precision_7920_firmware
  • poweredge_mx740c
  • poweredge_r840_firmware
  • poweredge_mx840c
  • poweredge_r940xa
  • precision_7920
  • poweredge_r640
  • poweredge_r740xd
  • poweredge_r740_firmware
  • poweredge_mx840c_firmware
  • poweredge_r640_firmware
CWE
CWE-122

Heap-based Buffer Overflow

CWE-787

Out-of-bounds Write