Vulnerabilities > CVE-2021-21554 - Out-of-bounds Write vulnerability in Dell products

CVSS 6.7 - MEDIUM

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

HIGH

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

local

low complexity

dell

CWE-787

NVD

Published: 2021-06-14

Updated: 2022-10-25

Summary

Dell PowerEdge R640, R740, R740XD, R840, R940, R940xa, MX740c, MX840c, and, Dell Precision 7920 Rack Workstation BIOS contain a stack-based buffer overflow vulnerability in systems with Intel Optane DC Persistent Memory installed. A local malicious user with high privileges may potentially exploit this vulnerability, leading to a denial of Service, arbitrary code execution, or information disclosure in UEFI or BIOS Preboot Environment.

Vulnerable Configurations

Part	Description	Count
OS	Dell Dell Poweredge R640 Firmware - Dell Poweredge R740 Firmware - Dell Poweredge R740Xd Firmware - Dell Poweredge R940 Firmware - Dell Poweredge R840 Firmware - Dell Poweredge R940Xa Firmware - Dell Poweredge Mx740C Firmware - Dell Poweredge Mx840C Firmware - Dell Precision 7920 Firmware -	9
Hardware	Dell Dell Poweredge R640 - Dell Poweredge R740 - Dell Poweredge R740Xd - Dell Poweredge R940 - Dell Poweredge R840 - Dell Poweredge R940Xa - Dell Poweredge Mx740C - Dell Poweredge Mx840C - Dell Precision 7920 -	9

Common Weakness Enumeration (CWE)

CWE-787 - Out-of-bounds Write

References

https://www.dell.com/support/kbdoc/000187958