Overview
An update has been released to address vulnerabilities in Dell products. Users of the affected versions are advised to update to the latest version.
Affected Products
CVE-2024-0155, CVE-2024-0156
- Dell Digital Delivery versions: ~ 5.2.0.0 (excluded)
CVE-2024-38305
- Dell SupportAssist for Home PCs Installer exe version: 4.0.3
Resolved Vulnerabilities
Use After Free vulnerability (CVE-2024-0155) that could allow an attacker to cause an application crash or arbitrary code execution
Buffer overflow vulnerability (CVE-2024-0156) that could allow an attacker to cause arbitrary code execution and/or elevation of privilege
Privilege escalation vulnerability that could potentially allow an attacker to execute arbitrary executable files with elevated privileges on the operating system (CVE-2024-38305)
Vulnerability Patches
The following product-specific Vulnerability Patches have been made available in the latest update. Please follow the instructions on the Referenced Sites to update to the latest Vulnerability Patches version.
CVE-2024-0155
- Dell Digital Delivery version: 5.2.0.0
CVE-2024-0156
- Dell Digital Delivery version: 5.2.0.0 or later
CVE-2024-38305
- Dell SupportAssist for Home PCs Installer exe version: 4.3.1
References
[1] DSA-2024-033: Security Update for a Dell Digital Delivery Vulnerability
[2] DSA-2024-032: Security Update for Dell Digital Delivery for a Buffer Overflow Vulnerability
[3] DSA-2024-312: Security Update for Dell SupportAssist for Home PCs Installer file Local Privilege Escalation Vulnerability
Article Link: Dell Family Security Update Advisory – ASEC