Vulnerability Description
Dell Client BIOS contains an Out-of-bounds Write vulnerability. A local authenticated malicious user with admin privileges could potentially exploit this vulnerability, leading to platform denial of service.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Dell | Vostro 5502 Firmware | < 1.30.0 |
| Dell | Vostro 5502 | - |
| Dell | Vostro 5402 Firmware | < 1.30.0 |
| Dell | Vostro 5402 | - |
| Dell | Precision 3660 Firmware | < 2.14.0 |
| Dell | Precision 3660 | - |
| Dell | Inspiron 5509 Firmware | < 1.30.0 |
| Dell | Inspiron 5509 | - |
| Dell | Inspiron 5502 Firmware | < 1.30.0 |
| Dell | Inspiron 5502 | - |
| Dell | Inspiron 5409 Firmware | < 1.30.0 |
| Dell | Inspiron 5409 | - |
| Dell | Inspiron 5402 Firmware | < 1.30.0 |
| Dell | Inspiron 5402 | - |
| Dell | Inspiron 27 7720 All-In-One Firmware | < 1.11.0 |
| Dell | Inspiron 27 7720 All-In-One | - |
| Dell | Inspiron 24 5420 All-In-One Firmware | < 1.11.0 |
| Dell | Inspiron 24 5420 All-In-One | - |
| Dell | Inspiron 16 Plus 7640 Firmware | < 1.6.0 |
| Dell | Inspiron 16 Plus 7640 | - |
Related Weaknesses (CWE)
References
- https://www.dell.com/support/kbdoc/en-us/000225476/dsa-2024-168Vendor Advisory
- https://www.dell.com/support/kbdoc/en-us/000225476/dsa-2024-168Vendor Advisory
FAQ
What is CVE-2024-28970?
CVE-2024-28970 is a vulnerability with a CVSS score of 4.7 (MEDIUM). Dell Client BIOS contains an Out-of-bounds Write vulnerability. A local authenticated malicious user with admin privileges could potentially exploit this vulnerability, leading to platform denial of s...
How severe is CVE-2024-28970?
CVE-2024-28970 has been rated MEDIUM with a CVSS base score of 4.7/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2024-28970?
Check the references section above for vendor advisories and patch information. Affected products include: Dell Vostro 5502 Firmware, Dell Vostro 5502, Dell Vostro 5402 Firmware, Dell Vostro 5402, Dell Precision 3660 Firmware.