CVE-2024-38304 — LOW (3.8) — White Hats Nepal

Q: How severe is CVE-2024-38304?

CVE-2024-38304 has been rated LOW with a CVSS base score of 3.8/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2024-38304?

Check the references section above for vendor advisories and patch information. Affected products include: Dell Emc Xc Core Xcxr2 Firmware, Dell Emc Xc Core Xcxr2, Dell Emc Xc Core Xc940 System Firmware, Dell Emc Xc Core Xc940 System, Dell Emc Xc Core Xc740Xd2 Firmware.

Vulnerability Description

Dell PowerEdge Platform, 14G Intel BIOS version(s) prior to 2.22.x, contains an Access of Memory Location After End of Buffer vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Information disclosure.

CVSS Score

3.8

LOW

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality

LOW

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Dell	Emc Xc Core Xcxr2 Firmware	< 2.22.1
Dell	Emc Xc Core Xcxr2	-
Dell	Emc Xc Core Xc940 System Firmware	< 2.22.2
Dell	Emc Xc Core Xc940 System	-
Dell	Emc Xc Core Xc740Xd2 Firmware	< 2.22.1
Dell	Emc Xc Core Xc740Xd2	-
Dell	Emc Xc Core Xc740Xd System Firmware	< 2.22.2
Dell	Emc Xc Core Xc740Xd System	-
Dell	Emc Xc Core Xc640 System Firmware	< 2.22.2
Dell	Emc Xc Core Xc640 System	-
Dell	Emc Xc Core 6420 System Firmware	< 2.22.2
Dell	Emc Xc Core 6420 System	-
Dell	Emc Storage Nx3340 Firmware	< 2.22.2
Dell	Emc Storage Nx3340	-
Dell	Emc Storage Nx3240 Firmware	< 2.22.2
Dell	Emc Storage Nx3240	-
Dell	Poweredge Xe7440 Firmware	< 2.22.2
Dell	Poweredge Xe7440	-
Dell	Poweredge Xe7420 Firmware	< 2.22.2
Dell	Poweredge Xe7420	-

Related Weaknesses (CWE)

CWE-788

References

https://www.dell.com/support/kbdoc/en-us/000228137/dsa-2024-310-security-update-Vendor Advisory

FAQ

What is CVE-2024-38304?

CVE-2024-38304 is a vulnerability with a CVSS score of 3.8 (LOW). Dell PowerEdge Platform, 14G Intel BIOS version(s) prior to 2.22.x, contains an Access of Memory Location After End of Buffer vulnerability. A low privileged attacker with local access could potential...

How severe is CVE-2024-38304?

CVE-2024-38304 has been rated LOW with a CVSS base score of 3.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2024-38304?

Check the references section above for vendor advisories and patch information. Affected products include: Dell Emc Xc Core Xcxr2 Firmware, Dell Emc Xc Core Xcxr2, Dell Emc Xc Core Xc940 System Firmware, Dell Emc Xc Core Xc940 System, Dell Emc Xc Core Xc740Xd2 Firmware.