CVE-2024-38304
LOWDescription
Dell PowerEdge Platform, 14G Intel BIOS version(s) prior to 2.22.x, contains an Access of Memory Location After End of Buffer vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Information disclosure.
CVSS v3.1 Score
Weakness Type (CWE)
Affected Products
| Vendor | Product |
|---|---|
| dell | emc_xc_core_xcxr2_firmware |
| dell | emc_xc_core_xcxr2 |
| dell | emc_xc_core_xc940_system_firmware |
| dell | emc_xc_core_xc940_system |
| dell | emc_xc_core_xc740xd2_firmware |
| dell | emc_xc_core_xc740xd2 |
| dell | emc_xc_core_xc740xd_system_firmware |
| dell | emc_xc_core_xc740xd_system |
| dell | emc_xc_core_xc640_system_firmware |
| dell | emc_xc_core_xc640_system |
| dell | emc_xc_core_6420_system_firmware |
| dell | emc_xc_core_6420_system |
| dell | emc_storage_nx3340_firmware |
| dell | emc_storage_nx3340 |
| dell | emc_storage_nx3240_firmware |
| dell | emc_storage_nx3240 |
| dell | poweredge_xe7440_firmware |
| dell | poweredge_xe7440 |
| dell | poweredge_xe7420_firmware |
| dell | poweredge_xe7420 |
| dell | poweredge_xe2420_firmware |
| dell | poweredge_xe2420 |
| dell | dss_8440_firmware |
| dell | dss_8440 |
| dell | poweredge_c4140_firmware |
| dell | poweredge_c4140 |
| dell | poweredge_mx840c_firmware |
| dell | poweredge_mx840c |
| dell | poweredge_mx740c_firmware |
| dell | poweredge_mx740c |
| dell | poweredge_m640_\(for_pe_vrtx\)_firmware |
| dell | poweredge_m640_\(for_pe_vrtx\) |
| dell | poweredge_m640_firmware |
| dell | poweredge_m640 |
| dell | poweredge_fc640_firmware |
| dell | poweredge_fc640 |
| dell | poweredge_c6420_firmware |
| dell | poweredge_c6420 |
| dell | poweredge_t640_firmware |
| dell | poweredge_t640 |
| dell | poweredge_r940xa_firmware |
| dell | poweredge_r940xa |
| dell | poweredge_r840_firmware |
| dell | poweredge_r840 |
| dell | poweredge_r740xd2_firmware |
| dell | poweredge_r740xd2 |
| dell | poweredge_xr2_firmware |
| dell | poweredge_xr2 |
| dell | poweredge_t440_firmware |
| dell | poweredge_t440 |
| dell | poweredge_r440_firmware |
| dell | poweredge_r440 |
| dell | poweredge_r540_firmware |
| dell | poweredge_r540 |
| dell | poweredge_r940_firmware |
| dell | poweredge_r940 |
| dell | poweredge_r640_firmware |
| dell | poweredge_r640 |
| dell | poweredge_r740xd_firmware |
| dell | poweredge_r740xd |
| dell | poweredge_r740_firmware |
| dell | poweredge_r740 |
References
Frequently Asked Questions
What is CVE-2024-38304? +
How severe is CVE-2024-38304? +
What products are affected by CVE-2024-38304? +
How do I check if I'm vulnerable to CVE-2024-38304? +
Related Vulnerabilities
Insufficient checks of the RMP on host buffer access in IOMMU may allow an attacker with privileges and a compromised …
A vulnerability in the SSL VPN feature for Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) …
A vulnerability in the Snort 2 and Snort 3 TCP and UDP detection engine of Cisco Firepower Threat Defense (FTD) …
The issue was addressed with improved memory handling. This issue is fixed in iOS 17.5 and iPadOS 17.5, tvOS 17.5, …
The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.5. Processing a file may …
NVIDIA GPU Display Driver for Linux contains a vulnerability where an attacker may access a memory location after the end …