Dell Firmware and BIOS Update (MINDBREEZE30802)

ID: MINDBREEZE30802 
Affected Components: Mindbreeze InSpire, Mindbreeze InSpire SaaS 
Severity: 7.9 High 
Status: Final 
First published: May 28, 2024 
CVEs: CVE-2024-0172, CVE-2024-0154, CVE-2024-0173, CVE-2023-22655, CVE-2024-0161, CVE-2024-0162,  CVE-2024-0163, CVE-2022-21233, CVE-2021-33060 

Summary

• improper privilege management
• improper parameter initialization
• possible Trusted Execution Configuration Register Access
• Improper SMM Communication Buffer Verification
• Time-of-check Time-of-use (TOCTOU)
• Stale Data Read from Legacy xAPIC
• Out-of-bounds write in the BIOS firmware

Hotfix Information

Fixed with following versions of Mindbreeze InSpire On-Premises or Mindbreeze InSpire SaaS: 

• Mindbreeze InSpire 24.2 Release 
• Mindbreeze InSpire SaaS 24.2 Release