CVE-2024-28970 - Vulnerability Details

Description

Dell Client BIOS contains an Out-of-bounds Write vulnerability. A local authenticated malicious user with admin privileges could potentially exploit this vulnerability, leading to platform denial of service.

Published: 2024-06-12

Score: 4.7 Medium

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

No analysis available yet.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Dell

CPG BIOS

unaffected

Version	Status	Constraints
`N/A`	affected	< 1.32.0
`N/A`	affected	< 1.6.0
`N/A`	affected	< 1.4.0
`N/A`	affected	< 1.11.0
`N/A`	affected	< 1.30.0
`N/A`	affected	< 2.14.0

Configuration 1 [-]

AND

cpe:2.3:o:dell:vostro_5502_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:vostro_5502:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:dell:vostro_5402_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:vostro_5402:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:dell:precision_3660_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:precision_3660:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:dell:inspiron_5509_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:inspiron_5509:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:dell:inspiron_5502_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:inspiron_5502:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND

cpe:2.3:o:dell:inspiron_5409_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:inspiron_5409:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND

cpe:2.3:o:dell:inspiron_5402_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:inspiron_5402:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND

cpe:2.3:o:dell:inspiron_27_7720_all-in-one_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:inspiron_27_7720_all-in-one:-:*:*:*:*:*:*:*

Configuration 9 [-]

AND

cpe:2.3:o:dell:inspiron_24_5420_all-in-one_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:inspiron_24_5420_all-in-one:-:*:*:*:*:*:*:*

Configuration 10 [-]

AND

cpe:2.3:o:dell:inspiron_16_plus_7640_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:inspiron_16_plus_7640:-:*:*:*:*:*:*:*

Configuration 11 [-]

AND

cpe:2.3:o:dell:inspiron_16_7640_2-in-1_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:inspiron_16_7640_2-in-1:-:*:*:*:*:*:*:*

Configuration 12 [-]

AND

cpe:2.3:o:dell:inspiron_14_plus_7440_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:inspiron_14_plus_7440:-:*:*:*:*:*:*:*

Configuration 13 [-]

AND

cpe:2.3:o:dell:g7_7700_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:g7_7700:-:*:*:*:*:*:*:*

Configuration 14 [-]

AND

cpe:2.3:o:dell:g7_7500_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:g7_7500:-:*:*:*:*:*:*:*

No data.

No data available yet.

Remediation

No remediation available yet.

Tracking

Sign in to view the affected projects.

Advisories

Source	ID	Title
EUVD	EUVD-2024-26032	Dell Client BIOS contains an Out-of-bounds Write vulnerability. A local authenticated malicious user with admin privileges could potentially exploit this vulnerability, leading to platform denial of service.

No CVSS v4.0

Attack Vector Local

Attack Complexity High

Privileges Required High

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00046.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://www.dell.com/support/kbdoc/en-us/000225476/dsa-2024-168

History

Wed, 18 Sep 2024 13:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Dell Dell g7 7500 Dell g7 7500 Firmware Dell g7 7700 Dell g7 7700 Firmware Dell inspiron 14 Plus 7440 Dell inspiron 14 Plus 7440 Firmware Dell inspiron 16 7640 2-in-1 Dell inspiron 16 7640 2-in-1 Firmware Dell inspiron 16 Plus 7640 Dell inspiron 16 Plus 7640 Firmware Dell inspiron 24 5420 All-in-one Dell inspiron 24 5420 All-in-one Firmware Dell inspiron 27 7720 All-in-one Dell inspiron 27 7720 All-in-one Firmware Dell inspiron 5402 Dell inspiron 5402 Firmware Dell inspiron 5409 Dell inspiron 5409 Firmware Dell inspiron 5502 Dell inspiron 5502 Firmware Dell inspiron 5509 Dell inspiron 5509 Firmware Dell precision 3660 Dell precision 3660 Firmware Dell vostro 5402 Dell vostro 5402 Firmware Dell vostro 5502 Dell vostro 5502 Firmware
CPEs		cpe:2.3:h:dell:g7_7500:-:::::::* cpe:2.3:h:dell:g7_7700:-:::::::* cpe:2.3:h:dell:inspiron_14_plus_7440:-:::::::* cpe:2.3:h:dell:inspiron_16_7640_2-in-1:-:::::::* cpe:2.3:h:dell:inspiron_16_plus_7640:-:::::::* cpe:2.3:h:dell:inspiron_24_5420_all-in-one:-:::::::* cpe:2.3:h:dell:inspiron_27_7720_all-in-one:-:::::::* cpe:2.3:h:dell:inspiron_5402:-:::::::* cpe:2.3:h:dell:inspiron_5409:-:::::::* cpe:2.3:h:dell:inspiron_5502:-:::::::* cpe:2.3:h:dell:inspiron_5509:-:::::::* cpe:2.3:h:dell:precision_3660:-:::::::* cpe:2.3:h:dell:vostro_5402:-:::::::* cpe:2.3:h:dell:vostro_5502:-:::::::* cpe:2.3:o:dell:g7_7500_firmware:::::::: cpe:2.3:o:dell:g7_7700_firmware:::::::: cpe:2.3:o:dell:inspiron_14_plus_7440_firmware:::::::: cpe:2.3:o:dell:inspiron_16_7640_2-in-1_firmware:::::::: cpe:2.3:o:dell:inspiron_16_plus_7640_firmware:::::::: cpe:2.3:o:dell:inspiron_24_5420_all-in-one_firmware:::::::: cpe:2.3:o:dell:inspiron_27_7720_all-in-one_firmware:::::::: cpe:2.3:o:dell:inspiron_5402_firmware:::::::: cpe:2.3:o:dell:inspiron_5409_firmware:::::::: cpe:2.3:o:dell:inspiron_5502_firmware:::::::: cpe:2.3:o:dell:inspiron_5509_firmware:::::::: cpe:2.3:o:dell:precision_3660_firmware:::::::: cpe:2.3:o:dell:vostro_5402_firmware:::::::: cpe:2.3:o:dell:vostro_5502_firmware::::::::
Vendors & Products		Dell Dell g7 7500 Dell g7 7500 Firmware Dell g7 7700 Dell g7 7700 Firmware Dell inspiron 14 Plus 7440 Dell inspiron 14 Plus 7440 Firmware Dell inspiron 16 7640 2-in-1 Dell inspiron 16 7640 2-in-1 Firmware Dell inspiron 16 Plus 7640 Dell inspiron 16 Plus 7640 Firmware Dell inspiron 24 5420 All-in-one Dell inspiron 24 5420 All-in-one Firmware Dell inspiron 27 7720 All-in-one Dell inspiron 27 7720 All-in-one Firmware Dell inspiron 5402 Dell inspiron 5402 Firmware Dell inspiron 5409 Dell inspiron 5409 Firmware Dell inspiron 5502 Dell inspiron 5502 Firmware Dell inspiron 5509 Dell inspiron 5509 Firmware Dell precision 3660 Dell precision 3660 Firmware Dell vostro 5402 Dell vostro 5402 Firmware Dell vostro 5502 Dell vostro 5502 Firmware

Subscriptions

Dell G7 7500 G7 7500 Firmware G7 7700 G7 7700 Firmware Inspiron 14 Plus 7440 Inspiron 14 Plus 7440 Firmware Inspiron 16 7640 2-in-1 Inspiron 16 7640 2-in-1 Firmware Inspiron 16 Plus 7640 Inspiron 16 Plus 7640 Firmware Inspiron 24 5420 All-in-one Inspiron 24 5420 All-in-one Firmware Inspiron 27 7720 All-in-one Inspiron 27 7720 All-in-one Firmware Inspiron 5402 Inspiron 5402 Firmware Inspiron 5409 Inspiron 5409 Firmware Inspiron 5502 Inspiron 5502 Firmware Inspiron 5509 Inspiron 5509 Firmware Precision 3660 Precision 3660 Firmware Vostro 5402 Vostro 5402 Firmware Vostro 5502 Vostro 5502 Firmware

MITRE

Status: PUBLISHED

Assigner: dell

Published: 2024-06-12T06:51:49.004Z

Updated: 2024-08-02T01:03:51.496Z

Reserved: 2024-03-13T15:42:12.961Z

Link: CVE-2024-28970

Vulnrichment

Updated: 2024-08-02T01:03:51.496Z

NVD

Status : Modified

Published: 2024-06-12T07:15:51.347

Modified: 2024-11-21T09:07:17.760

Link: CVE-2024-28970

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

CWE-787

Tracking

Attack Vector Local

Attack Complexity High

Privileges Required High

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact High

User Interaction None

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object