Security updates: Dell closes gaps in PCs, drivers and accessories

Various Dell computers are vulnerable. This is primarily due to security gaps in drivers. However, docks and software such as Avamar are also vulnerable. Patches are intended to solve the security problems.

PC security vulnerabilities

If attackers exploit several vulnerabilities in the Realtek PCIe memory card reader driver, they can access memory areas of the kernel (CVE-2024-40431, risk"high"). Several models of the Latitude, Precision and XPS laptop series are affected. In a warning message, the developers state that they have secured driver version 10.0.26100.21374.

A gap (CVE-2024-44074"high") in the Realtek high-definition audio driver makes several Alienware models vulnerable. Malicious code can get onto systems here. The computer manufacturer lists the affected PCs in another article.

Further dangers

Various docks can serve as a gateway for attackers. The vulnerability (CVE-2024-52537"medium") allows them to gain higher rights under certain conditions. The threatened devices and available security updates are listed in a warning message.

A vulnerability(CVE-2024-49600"high") in Dell Power Manager can also be abused to elevate privileges. Version 3.17 is prepared against this. The backup software Avamar can allow malicious code onto systems due to inadequate input sanitization (e.g. CVE-2024-47484"high").

There are also important security updates for PowerFlex and PowerScale. These vulnerabilities can lead to the execution of malicious code, among other things. One vulnerability has been given the highest possible CVSS rating of 10 out of 10(CVE-2024-37143"critical"). It can then be assumed that computers will be completely compromised.

Last week, Dell also provided systems running Dell BSAFE Micro Edition Suite or NetWorker with security updates. But only partially: The updates for the vulnerable versions Dell NetWorker Client 19.11 to 19.11.0.2 are still a long time coming, but are still announced for December.

(des)