DSA-2024-020: Security Update for Dell Client Platform for an Improper Input Validation Vulnerability (2024)

Impact

High

Details

Proprietary Code CVEs	Description	CVSS Base Score	CVSS Vector String
CVE-2024-22429	Dell BIOS contains an Improper Input Validation vulnerability. A local authenticated malicious user with admin privileges could potentially exploit this vulnerability, leading to arbitrary code execution.	7.5	CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

Proprietary Code CVEs	Description	CVSS Base Score	CVSS Vector String
CVE-2024-22429	Dell BIOS contains an Improper Input Validation vulnerability. A local authenticated malicious user with admin privileges could potentially exploit this vulnerability, leading to arbitrary code execution.	7.5	CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

Dell Technologies recommends all customers consider both the CVSS base score and any relevant temporal and environmental scores that may impact the potential severity associated with a particular security vulnerability.

Affected Products and Remediation

Product	Software/Firmware	Affected Version	Remediated Version	Release Date (MM/DD/YYYY)
Dell Precision 5820 Tower	BIOS	Versions prior to 2.36.0	Versions 2.36.0 or later	05/10/2024
Edge Gateway 3000 series	BIOS	Versions prior to 1.18.0	Versions 1.18.0 or later	05/13/2024
Latitude 12 Rugged Extreme 7214	BIOS	Versions prior to 1.46.0	Versions 1.46.0 or later	05/08/2024
Latitude 13 3380	BIOS	Versions prior to 1.27.0	Versions 1.27.0 or later	05/06/2024
Latitude 3180	BIOS	Versions prior to 1.29.0	Versions 1.29.0 or later	05/07/2024
Latitude 3189	BIOS	Versions prior to 1.29.0	Versions 1.29.0 or later	05/07/2024
Latitude 3300	BIOS	Versions prior to 1.28.0	Versions 1.28.0 or later	05/06/2024
Latitude 3390 2-in-1	BIOS	Versions prior to 1.31.0	Versions 1.31.0 or later	05/06/2024
Latitude 5414 Rugged	BIOS	Versions prior to 1.46.0	Versions 1.46.0 or later	05/08/2024
Latitude 5420 Rugged	BIOS	Versions prior to 1.32.0	Versions 1.32.0 or later	05/08/2024
Latitude 5424 Rugged	BIOS	Versions prior to 1.32.0	Versions 1.32.0 or later	05/08/2024
Latitude 7212 Rugged Extreme Tablet	BIOS	Versions prior to 1.50.0	Versions 1.50.0 or later	05/08/2024
Latitude 7414 Rugged	BIOS	Versions prior to 1.46.0	Versions 1.46.0 or later	05/08/2024
Latitude 7424 Rugged Extreme	BIOS	Versions prior to 1.32.0	Versions 1.32.0 or later	05/08/2024
Precision 3420 Tower	BIOS	Versions prior to 2.30.0	Versions 2.30.0 or later	05/13/2024
Precision 3620 Tower	BIOS	Versions prior to 2.30.0	Versions 2.30.0 or later	05/13/2024
Wyse 5070	BIOS	Versions prior to 1.31.0	Versions 1.31.0 or later	05/10/2024

Product	Software/Firmware	Affected Version	Remediated Version	Release Date (MM/DD/YYYY)
Dell Precision 5820 Tower	BIOS	Versions prior to 2.36.0	Versions 2.36.0 or later	05/10/2024
Edge Gateway 3000 series	BIOS	Versions prior to 1.18.0	Versions 1.18.0 or later	05/13/2024
Latitude 12 Rugged Extreme 7214	BIOS	Versions prior to 1.46.0	Versions 1.46.0 or later	05/08/2024
Latitude 13 3380	BIOS	Versions prior to 1.27.0	Versions 1.27.0 or later	05/06/2024
Latitude 3180	BIOS	Versions prior to 1.29.0	Versions 1.29.0 or later	05/07/2024
Latitude 3189	BIOS	Versions prior to 1.29.0	Versions 1.29.0 or later	05/07/2024
Latitude 3300	BIOS	Versions prior to 1.28.0	Versions 1.28.0 or later	05/06/2024
Latitude 3390 2-in-1	BIOS	Versions prior to 1.31.0	Versions 1.31.0 or later	05/06/2024
Latitude 5414 Rugged	BIOS	Versions prior to 1.46.0	Versions 1.46.0 or later	05/08/2024
Latitude 5420 Rugged	BIOS	Versions prior to 1.32.0	Versions 1.32.0 or later	05/08/2024
Latitude 5424 Rugged	BIOS	Versions prior to 1.32.0	Versions 1.32.0 or later	05/08/2024
Latitude 7212 Rugged Extreme Tablet	BIOS	Versions prior to 1.50.0	Versions 1.50.0 or later	05/08/2024
Latitude 7414 Rugged	BIOS	Versions prior to 1.46.0	Versions 1.46.0 or later	05/08/2024
Latitude 7424 Rugged Extreme	BIOS	Versions prior to 1.32.0	Versions 1.32.0 or later	05/08/2024
Precision 3420 Tower	BIOS	Versions prior to 2.30.0	Versions 2.30.0 or later	05/13/2024
Precision 3620 Tower	BIOS	Versions prior to 2.30.0	Versions 2.30.0 or later	05/13/2024
Wyse 5070	BIOS	Versions prior to 1.31.0	Versions 1.31.0 or later	05/10/2024

The Affected Products and Remediation table above may not be a comprehensive list of all affected supported versions and may be updated as more information becomes available.

Workarounds and Mitigations

None

Acknowledgements

CVE-2024-22429: Dell would like to thank schur of BUPT, Dubhe Lab for reporting this issue.

Revision History

Revision	Date	Description
1.0	2024-05-14	Initial Release
2.0	2024-05-17	Added Revision history section

Related Information

Dell Security Advisories and Notices
Dell Vulnerability Response Policy
CVSS Scoring Guide

Dell Edge Gateway 3000 Series, Latitude 3180, Latitude 3189, Latitude 7212 Rugged Extreme Tablet, Latitude 7214 Rugged Extreme, Latitude 3300, Latitude 13 3380, Latitude 3390 2-in-1, Latitude 5414 Rugged, Latitude 5420 Rugged, Latitude 5424 Rugged , Latitude 7414 Rugged, Latitude 7424 Rugged Extreme, Precision 5820 Tower, Dell Precision Tower 3420, Dell Precision Tower 3620, Wyse 5070 Thin Client ...