vulnerability

Dell PowerEdge: CVE-2024-36354: DSA-2025-298: Security Update for Dell AMD-based PowerEdge Server Vulnerabilities

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
6	(AV:L/AC:M/Au:M/C:C/I:C/A:C)	Aug 13, 2025	Jan 12, 2026	Jan 12, 2026

Severity

CVSS

(AV:L/AC:M/Au:M/C:C/I:C/A:C)

Published

Aug 13, 2025

Added

Jan 12, 2026

Modified

Jan 12, 2026

Description

Improper input validation for DIMM serial presence detect (SPD) metadata could allow an attacker with physical access, ring0 access on a system with a non-compliant DIMM, or control over the Root of Trust for BIOS update, to bypass SMM isolation potentially resulting in arbitrary code execution at the SMM level.

Solution

dell-poweredge-upgrade-latest

References

CVE-2024-36354
https://attackerkb.com/topics/CVE-2024-36354
URL-https://www.dell.com/support/kbdoc/en-us/000356333/dsa-2025-298-security-update-for-dell-amd-based-poweredge-server-vulnerabilities
CWE-1231

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today