CVE-2024-38304

LOW
Published Aug 29, 2024 Modified Dec 20, 2024 CWE-788

Description

Dell PowerEdge Platform, 14G Intel BIOS version(s) prior to 2.22.x, contains an Access of Memory Location After End of Buffer vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Information disclosure.

CVSS v3.1 Score

3.8
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N

Weakness Type (CWE)

CWE-788 CWE-788

Affected Products

Vendor Product
dell emc_xc_core_xcxr2_firmware
dell emc_xc_core_xcxr2
dell emc_xc_core_xc940_system_firmware
dell emc_xc_core_xc940_system
dell emc_xc_core_xc740xd2_firmware
dell emc_xc_core_xc740xd2
dell emc_xc_core_xc740xd_system_firmware
dell emc_xc_core_xc740xd_system
dell emc_xc_core_xc640_system_firmware
dell emc_xc_core_xc640_system
dell emc_xc_core_6420_system_firmware
dell emc_xc_core_6420_system
dell emc_storage_nx3340_firmware
dell emc_storage_nx3340
dell emc_storage_nx3240_firmware
dell emc_storage_nx3240
dell poweredge_xe7440_firmware
dell poweredge_xe7440
dell poweredge_xe7420_firmware
dell poweredge_xe7420
dell poweredge_xe2420_firmware
dell poweredge_xe2420
dell dss_8440_firmware
dell dss_8440
dell poweredge_c4140_firmware
dell poweredge_c4140
dell poweredge_mx840c_firmware
dell poweredge_mx840c
dell poweredge_mx740c_firmware
dell poweredge_mx740c
dell poweredge_m640_\(for_pe_vrtx\)_firmware
dell poweredge_m640_\(for_pe_vrtx\)
dell poweredge_m640_firmware
dell poweredge_m640
dell poweredge_fc640_firmware
dell poweredge_fc640
dell poweredge_c6420_firmware
dell poweredge_c6420
dell poweredge_t640_firmware
dell poweredge_t640
dell poweredge_r940xa_firmware
dell poweredge_r940xa
dell poweredge_r840_firmware
dell poweredge_r840
dell poweredge_r740xd2_firmware
dell poweredge_r740xd2
dell poweredge_xr2_firmware
dell poweredge_xr2
dell poweredge_t440_firmware
dell poweredge_t440
dell poweredge_r440_firmware
dell poweredge_r440
dell poweredge_r540_firmware
dell poweredge_r540
dell poweredge_r940_firmware
dell poweredge_r940
dell poweredge_r640_firmware
dell poweredge_r640
dell poweredge_r740xd_firmware
dell poweredge_r740xd
dell poweredge_r740_firmware
dell poweredge_r740

References

Frequently Asked Questions

What is CVE-2024-38304? +
Dell PowerEdge Platform, 14G Intel BIOS version(s) prior to 2.22.x, contains an Access of Memory Location After End of Buffer vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Information disclosure. It has a CVSS v3.1 base score of 3.8 (LOW).
How severe is CVE-2024-38304? +
CVE-2024-38304 has a CVSS v3.1 score of 3.8 out of 10, rated LOW. This is a low-severity vulnerability with limited impact.
What products are affected by CVE-2024-38304? +
CVE-2024-38304 affects products from dell, specifically: dss_8440, dss_8440_firmware, emc_storage_nx3240, emc_storage_nx3240_firmware, emc_storage_nx3340, emc_storage_nx3340_firmware, emc_xc_core_6420_system, emc_xc_core_6420_system_firmware, emc_xc_core_xc640_system, emc_xc_core_xc640_system_firmware, emc_xc_core_xc740xd2, emc_xc_core_xc740xd2_firmware, emc_xc_core_xc740xd_system, emc_xc_core_xc740xd_system_firmware, emc_xc_core_xc940_system, emc_xc_core_xc940_system_firmware, emc_xc_core_xcxr2, emc_xc_core_xcxr2_firmware, poweredge_c4140, poweredge_c4140_firmware, poweredge_c6420, poweredge_c6420_firmware, poweredge_fc640, poweredge_fc640_firmware, poweredge_m640, poweredge_m640_\(for_pe_vrtx\), poweredge_m640_\(for_pe_vrtx\)_firmware, poweredge_m640_firmware, poweredge_mx740c, poweredge_mx740c_firmware, poweredge_mx840c, poweredge_mx840c_firmware, poweredge_r440, poweredge_r440_firmware, poweredge_r540, poweredge_r540_firmware, poweredge_r640, poweredge_r640_firmware, poweredge_r740, poweredge_r740_firmware, poweredge_r740xd, poweredge_r740xd2, poweredge_r740xd2_firmware, poweredge_r740xd_firmware, poweredge_r840, poweredge_r840_firmware, poweredge_r940, poweredge_r940_firmware, poweredge_r940xa, poweredge_r940xa_firmware, poweredge_t440, poweredge_t440_firmware, poweredge_t640, poweredge_t640_firmware, poweredge_xe2420, poweredge_xe2420_firmware, poweredge_xe7420, poweredge_xe7420_firmware, poweredge_xe7440, poweredge_xe7440_firmware, poweredge_xr2, poweredge_xr2_firmware. Check the affected products table above for specific version ranges.
How do I check if I'm vulnerable to CVE-2024-38304? +
You can use Secably's free Website Scanner to check your website for known vulnerabilities. For infrastructure scanning, use the Port Scanner to identify exposed services that may be affected. Check the vendor advisories linked above for specific patch and version information.

Related Vulnerabilities

Don't wait for an exploit

Scan your website for vulnerabilities like CVE-2024-38304 — free, no signup required.

Start Free Scan