Dell Family Security Update Advisory
Overview
An update has been released to address vulnerabilities in Dell product line. Users of the affected versions are advised to update to the latest version.
Affected Products
CVE-2024-0155, CVE-2024-0156
- Dell Digital Delivery versions: ~ 5.2.0.0 (excluded)
CVE-2024-38305
- Dell SupportAssist for Home PCs Installer exe version: 4.0.3
CVE-2024-39576
- Dell Power Manager (DPM) versions: ~ 3.15.0 (inclusive)
Resolved Vulnerabilities
Use After Free vulnerability (CVE-2024-0155), which could allow an attacker to cause an application crash or arbitrary code execution
Buffer overflow vulnerability that could allow an attacker to cause arbitrary code execution and/or privilege escalation (CVE-2024-0156)
Privilege escalation vulnerability that could potentially allow an attacker to execute arbitrary executable files with elevated privileges on the operating system (CVE-2024-38305)
Privilege assignment vulnerability that could allow an attacker to execute code and cause privilege escalation (CVE-2024-39576)
Vulnerability Patches
The following product-specific Vulnerability Patches are available in the latest update. Please follow the instructions on the Referenced Sites to update to the latest Vulnerability Patches version.
CVE-2024-0155
- Dell Digital Delivery version: 5.2.0.0
CVE-2024-0156
- Dell Digital Delivery versions: 5.2.0.0 or later
CVE-2024-38305
- Dell SupportAssist for Home PCs Installer exe version: 4.3.1
CVE-2024-39576
- Dell Power Manager (DPM) versions: 3.16.0 or later
References
[1] DSA-2024-033: Security Update for a Dell Digital Delivery Vulnerability
[2] DSA-2024-032: Security Update for Dell Digital Delivery for a Buffer Overflow Vulnerability
[3] DSA-2024-312: Security Update for Dell SupportAssist for Home PCs Installer file Local Privilege Escalation Vulnerability
[4] DSA-2024-323: Security Update for Dell Power Manager for an Incorrect Privilege Assignment Vulnerability
https://www.dell.com/support/kbdoc/en-us/000227010/dsa-2024-323