CVE-2021-21555

Dell PowerEdge R640, R740, R740XD, R840, R940, R940xa, MX740c, MX840c, and T640 Server BIOS contain a heap-based buffer overflow vulnerability in systems with NVDIMM-N installed. A local malicious user with high privileges may potentially exploit this vulnerability, leading to a denial of Service, arbitrary code execution, or information disclosure in UEFI or BIOS Preboot Environment.

Published: Jun 14, 2021
Updated: Apr 14, 2023
CVE: CVE-2021-21555
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 6.7
AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CVSS v2:

Severity: High
Score: 7.2
AV:L/AC:L/Au:N/C:C/I:C/A:C

CWEs:

CWE-787

Affected Software
References

Software	From	Fixed in
dell / poweredge_r640_firmware	-	2.11.2
dell / poweredge_r740_firmware	-	2.11.2
dell / poweredge_r740xd_firmware	-	2.11.2
dell / poweredge_r940_firmware	-	2.11.2
dell / poweredge_r840_firmware	-	2.11.2
dell / poweredge_r940xa_firmware	-	2.11.2
dell / poweredge_t640_firmware	-	2.11.2
dell / poweredge_mx740c_firmware	-	2.11.2
dell / poweredge_mx840c_firmware	-	2.11.2

https://www.dell.com/support/kbdoc/000187958

Vulnerability Database

290,206

CVE-2021-21555