Dell Family Security Update Advisory

Overview

 

An update has been released to address vulnerabilities in Dell products. Users of the affected versions are advised to update to the latest version.

Affected Products

 

CVE-2024-0155, CVE-2024-0156

  • Dell Digital Delivery versions: ~ 5.2.0.0 (excluded)

 

CVE-2024-38305

  • Dell SupportAssist for Home PCs Installer exe version: 4.0.3

 

 

Resolved Vulnerabilities

 

Use After Free vulnerability (CVE-2024-0155) that could allow an attacker to cause an application crash or arbitrary code execution

Buffer overflow vulnerability (CVE-2024-0156) that could allow an attacker to cause arbitrary code execution and/or elevation of privilege

Privilege escalation vulnerability that could potentially allow an attacker to execute arbitrary executable files with elevated privileges on the operating system (CVE-2024-38305)

 

Vulnerability Patches

 

The following product-specific Vulnerability Patches have been made available in the latest update. Please follow the instructions on the Referenced Sites to update to the latest Vulnerability Patches version.

 

CVE-2024-0155

  • Dell Digital Delivery version: 5.2.0.0

 

CVE-2024-0156

  • Dell Digital Delivery version: 5.2.0.0 or later

 

CVE-2024-38305

  • Dell SupportAssist for Home PCs Installer exe version: 4.3.1

 

 

References

 

[1] DSA-2024-033: Security Update for a Dell Digital Delivery Vulnerability

https://www.dell.com/support/kbdoc/ko-kr/000222292/dsa-2024-033-security-update-for-a-dell-digital-delivery-vulnerability

[2] DSA-2024-032: Security Update for Dell Digital Delivery for a Buffer Overflow Vulnerability

https://www.dell.com/support/kbdoc/ko-kr/000222536/dsa-2024-032-security-update-for-dell-digital-delivery-for-a-buffer-overflow-vulnerability

[3] DSA-2024-312: Security Update for Dell SupportAssist for Home PCs Installer file Local Privilege Escalation Vulnerability

https://www.dell.com/support/kbdoc/ko-kr/000227899/dsa-2024-312-security-update-for-dell-supportassist-for-home-pcs-installer-file-local-privilege-escalation-vulnerability

Article Link: Dell Family Security Update Advisory – ASEC