CVE-2024-0154

Summary

Dell PowerEdge Server BIOS and Dell Precision Rack BIOS contain an improper parameter initialization vulnerability. A local low privileged attacker could potentially exploit this vulnerability to read the contents of non-SMM stack memory.

Affected Software

VendorProductVersion RangeStatus
DellPowerEdge PlatformN/A < 2.0.0affected
DellPowerEdge PlatformN/A < 1.7.6affected
DellPowerEdge PlatformN/A < 1.7.2affected
DellPowerEdge PlatformN/A < 1.2.3affected
DellPowerEdge PlatformN/A < 1.13.2affected
DellPowerEdge PlatformN/A < 1.14.1affected
DellPowerEdge PlatformN/A < 1.9.1affected
DellPowerEdge PlatformN/A < 2.14.1affected
DellPowerEdge PlatformN/A < 2.21.2affected
DellPowerEdge PlatformN/A < 2.21.1affected
DellPowerEdge PlatformN/A < 2.21.0affected
DellPowerEdge PlatformN/A < 2.16.0affected
DellPowerEdge PlatformN/A < 2.19.0 affected
DellPowerEdge PlatformN/A < 2.14.0 affected
DellPowerEdge PlatformN/A < 1.19.0 affected
DellPowerEdge PlatformN/A < 2.20.0 affected

Weaknesses

  • CWE-788: CWE-788: Access of Memory Location After End of Buffer

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

References