Vulnerabilities > CVE-2024-28970 - Out-of-bounds Write vulnerability in Dell products

CVSS 4.4 - MEDIUM

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

HIGH

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

local

low complexity

dell

CWE-787

NVD

Published: 2024-06-12

Updated: 2024-09-18

Summary

Dell Client BIOS contains an Out-of-bounds Write vulnerability. A local authenticated malicious user with admin privileges could potentially exploit this vulnerability, leading to platform denial of service.

Vulnerable Configurations

Part	Description	Count
OS	Dell Dell Vostro 5502 Firmware - Dell Vostro 5502 Firmware 1.18.0 Dell Vostro 5502 Firmware 1.29.0 Dell Vostro 5402 Firmware - Dell Vostro 5402 Firmware 1.18.0 Dell Vostro 5402 Firmware 1.29.0 Dell Precision 3660 Firmware - Dell Precision 3660 Firmware 1.4.0 Dell Precision 3660 Firmware 2.7.0 Dell Precision 3660 Firmware 2.12.0 Dell Inspiron 5509 Firmware - Dell Inspiron 5509 Firmware 1.18.0 Dell Inspiron 5509 Firmware 1.29.0 Dell Inspiron 5502 Firmware - Dell Inspiron 5502 Firmware 1.18.0 Dell Inspiron 5502 Firmware 1.29.0 Dell Inspiron 5409 Firmware - Dell Inspiron 5409 Firmware 1.18.0 Dell Inspiron 5409 Firmware 1.29.0 Dell Inspiron 5402 Firmware - Dell Inspiron 5402 Firmware 1.18.0 Dell Inspiron 5402 Firmware 1.29.0 Dell Inspiron 27 7720 ALL IN ONE Firmware - Dell Inspiron 27 7720 ALL IN ONE Firmware 1.4.0 Dell Inspiron 27 7720 ALL IN ONE Firmware 1.9.0 Dell Inspiron 24 5420 ALL IN ONE Firmware - Dell Inspiron 24 5420 ALL IN ONE Firmware 1.4.0 Dell Inspiron 24 5420 ALL IN ONE Firmware 1.9.0 Dell Inspiron 16 Plus 7640 Firmware * Dell Inspiron 16 7640 2 IN 1 Firmware * Dell Inspiron 14 Plus 7440 Firmware * Dell G7 7700 Firmware - Dell G7 7700 Firmware 1.11.1 Dell G7 7700 Firmware 1.31.0 Dell G7 7500 Firmware - Dell G7 7500 Firmware 1.11.1 Dell G7 7500 Firmware 1.31.0	37
Hardware	Dell Dell Vostro 5502 - Dell Vostro 5402 - Dell Precision 3660 - Dell Inspiron 5509 - Dell Inspiron 5502 - Dell Inspiron 5409 - Dell Inspiron 5402 - Dell Inspiron 27 7720 ALL IN ONE - Dell Inspiron 24 5420 ALL IN ONE - Dell Inspiron 16 Plus 7640 - Dell Inspiron 16 7640 2 IN 1 - Dell Inspiron 14 Plus 7440 - Dell G7 7700 - Dell G7 7500 -	14

Common Weakness Enumeration (CWE)

CWE-787 - Out-of-bounds Write

References

https://www.dell.com/support/kbdoc/en-us/000225476/dsa-2024-168