Vulnerabilities > CVE-2021-21555 - Out-of-bounds Write vulnerability in Dell products

CVSS 7.2 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

COMPLETE

Integrity impact

COMPLETE

Availability impact

COMPLETE

local

low complexity

dell

CWE-787

NVD

Published: 2021-06-14

Updated: 2021-06-23

Summary

Dell PowerEdge R640, R740, R740XD, R840, R940, R940xa, MX740c, MX840c, and T640 Server BIOS contain a heap-based buffer overflow vulnerability in systems with NVDIMM-N installed. A local malicious user with high privileges may potentially exploit this vulnerability, leading to a denial of Service, arbitrary code execution, or information disclosure in UEFI or BIOS Preboot Environment.

Vulnerable Configurations

Part	Description	Count
OS	Dell Dell Poweredge R640 Firmware - Dell Poweredge R640 Firmware 2.9.4 Dell Poweredge R740 Firmware - Dell Poweredge R740 Firmware 2.9.4 Dell Poweredge R740Xd Firmware - Dell Poweredge R740Xd Firmware 2.9.4 Dell Poweredge R940 Firmware - Dell Poweredge R940 Firmware 2.9.4 Dell Poweredge R840 Firmware - Dell Poweredge R840 Firmware 2.9.4 Dell Poweredge R940Xa Firmware - Dell Poweredge R940Xa Firmware 2.9.4 Dell Poweredge T640 Firmware - Dell Poweredge Mx740C Firmware - Dell Poweredge Mx740C Firmware 2.9.4 Dell Poweredge Mx840C Firmware - Dell Poweredge Mx840C Firmware 2.9.4	17
Hardware	Dell Dell Poweredge R640 - Dell Poweredge R740 - Dell Poweredge R740Xd - Dell Poweredge R940 - Dell Poweredge R840 - Dell Poweredge R940Xa - Dell Poweredge T640 - Dell Poweredge Mx740C - Dell Poweredge Mx840C -	9

Common Weakness Enumeration (CWE)

CWE-787 - Out-of-bounds Write

References

https://www.dell.com/support/kbdoc/000187958