Dell Client Platform update for NVIDIA GPU display driver
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 6 |
| CVE-ID | CVE-2024-0126 CVE-2024-0117 CVE-2024-0118 CVE-2024-0119 CVE-2024-0120 CVE-2024-0121 |
| CWE-ID | CWE-20 CWE-125 |
| Exploitation vector | Local |
| Public exploit | N/A |
| Vulnerable software |
Precision 7960 Rack Other software / Other software solutions Precision 3640 Hardware solutions / Firmware OptiPlex 5090 Hardware solutions / Firmware OptiPlex 5080 Hardware solutions / Firmware Precision 7920 Rack Hardware solutions / Firmware Precision 3630 Tower Hardware solutions / Firmware OptiPlex 7070 Hardware solutions / Other hardware appliances OptiPlex 7060 Hardware solutions / Other hardware appliances |
| Vendor | Dell |
Security Bulletin
This security bulletin contains information about 6 vulnerabilities.
1) Input validation error
EUVDB-ID: #VU99272
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-0126
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to insufficient validation of user-supplied input. A local user can execute arbitrary code with elevated privileges.
Install update from vendor's website.
Vulnerable software versionsPrecision 7960 Rack: before 32.0.15.5639
Precision 3640: before 32.0.15.5639
OptiPlex 7070: before 32.0.15.6094
OptiPlex 7060: before 32.0.15.6094
OptiPlex 5090: before 32.0.15.6094
OptiPlex 5080: before 32.0.15.6094
Precision 7920 Rack: before 32.0.15.5639
Precision 3630 Tower: before 32.0.15.5639
CPE2.3- cpe:2.3:a:dell:precision_7960_rack:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:precision_3640:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:optiplex_7070:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:optiplex_7060:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:optiplex_5090:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:optiplex_5080:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:precision_7920_rack:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:precision_3630_tower:*:*:*:*:*:*:*:*
https://www.dell.com/support/kbdoc/nl-nl/000228639/dsa-2024-401
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Out-of-bounds read
EUVDB-ID: #VU99273
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-0117
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary condition. A local user can trigger an out-of-bounds read error and execute arbitrary code with elevated privileges.
Install update from vendor's website.
Vulnerable software versionsPrecision 7960 Rack: before 32.0.15.5639
Precision 3640: before 32.0.15.5639
OptiPlex 7070: before 32.0.15.6094
OptiPlex 7060: before 32.0.15.6094
OptiPlex 5090: before 32.0.15.6094
OptiPlex 5080: before 32.0.15.6094
Precision 7920 Rack: before 32.0.15.5639
Precision 3630 Tower: before 32.0.15.5639
CPE2.3- cpe:2.3:a:dell:precision_7960_rack:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:precision_3640:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:optiplex_7070:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:optiplex_7060:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:optiplex_5090:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:optiplex_5080:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:precision_7920_rack:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:precision_3630_tower:*:*:*:*:*:*:*:*
https://www.dell.com/support/kbdoc/nl-nl/000228639/dsa-2024-401
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Out-of-bounds read
EUVDB-ID: #VU99274
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-0118
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
Description
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary condition. A local user can trigger an out-of-bounds read error and execute arbitrary code with elevated privileges.
Install update from vendor's website.
Vulnerable software versionsPrecision 7960 Rack: before 32.0.15.5639
Precision 3640: before 32.0.15.5639
OptiPlex 7070: before 32.0.15.6094
OptiPlex 7060: before 32.0.15.6094
OptiPlex 5090: before 32.0.15.6094
OptiPlex 5080: before 32.0.15.6094
Precision 7920 Rack: before 32.0.15.5639
Precision 3630 Tower: before 32.0.15.5639
CPE2.3- cpe:2.3:a:dell:precision_7960_rack:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:precision_3640:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:optiplex_7070:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:optiplex_7060:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:optiplex_5090:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:optiplex_5080:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:precision_7920_rack:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:precision_3630_tower:*:*:*:*:*:*:*:*
https://www.dell.com/support/kbdoc/nl-nl/000228639/dsa-2024-401
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Out-of-bounds read
EUVDB-ID: #VU99275
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-0119
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
Description
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary condition. A local user can trigger an out-of-bounds read error and execute arbitrary code with elevated privileges.
Install update from vendor's website.
Vulnerable software versionsPrecision 7960 Rack: before 32.0.15.5639
Precision 3640: before 32.0.15.5639
OptiPlex 7070: before 32.0.15.6094
OptiPlex 7060: before 32.0.15.6094
OptiPlex 5090: before 32.0.15.6094
OptiPlex 5080: before 32.0.15.6094
Precision 7920 Rack: before 32.0.15.5639
Precision 3630 Tower: before 32.0.15.5639
CPE2.3- cpe:2.3:a:dell:precision_7960_rack:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:precision_3640:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:optiplex_7070:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:optiplex_7060:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:optiplex_5090:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:optiplex_5080:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:precision_7920_rack:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:precision_3630_tower:*:*:*:*:*:*:*:*
https://www.dell.com/support/kbdoc/nl-nl/000228639/dsa-2024-401
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Out-of-bounds read
EUVDB-ID: #VU99276
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-0120
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
Description
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary condition. A local user can trigger an out-of-bounds read error and execute arbitrary code with elevated privileges.
Install update from vendor's website.
Vulnerable software versionsPrecision 7960 Rack: before 32.0.15.5639
Precision 3640: before 32.0.15.5639
OptiPlex 7070: before 32.0.15.6094
OptiPlex 7060: before 32.0.15.6094
OptiPlex 5090: before 32.0.15.6094
OptiPlex 5080: before 32.0.15.6094
Precision 7920 Rack: before 32.0.15.5639
Precision 3630 Tower: before 32.0.15.5639
CPE2.3- cpe:2.3:a:dell:precision_7960_rack:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:precision_3640:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:optiplex_7070:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:optiplex_7060:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:optiplex_5090:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:optiplex_5080:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:precision_7920_rack:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:precision_3630_tower:*:*:*:*:*:*:*:*
https://www.dell.com/support/kbdoc/nl-nl/000228639/dsa-2024-401
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Out-of-bounds read
EUVDB-ID: #VU99277
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-0121
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
Description
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary condition. A local user can trigger an out-of-bounds read error and execute arbitrary code with elevated privileges.
Install update from vendor's website.
Vulnerable software versionsPrecision 7960 Rack: before 32.0.15.5639
Precision 3640: before 32.0.15.5639
OptiPlex 7070: before 32.0.15.6094
OptiPlex 7060: before 32.0.15.6094
OptiPlex 5090: before 32.0.15.6094
OptiPlex 5080: before 32.0.15.6094
Precision 7920 Rack: before 32.0.15.5639
Precision 3630 Tower: before 32.0.15.5639
CPE2.3- cpe:2.3:a:dell:precision_7960_rack:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:precision_3640:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:optiplex_7070:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:optiplex_7060:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:optiplex_5090:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:optiplex_5080:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:precision_7920_rack:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:precision_3630_tower:*:*:*:*:*:*:*:*
https://www.dell.com/support/kbdoc/nl-nl/000228639/dsa-2024-401
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
