Dell Firmware and BIOS Update (MINDBREEZE30802)
ID: MINDBREEZE30802
Affected Components: Mindbreeze InSpire, Mindbreeze InSpire SaaS
Severity: 7.9 High
Status: Final
First published: May 28, 2024
CVEs: CVE-2024-0172, CVE-2024-0154, CVE-2024-0173, CVE-2023-22655, CVE-2024-0161, CVE-2024-0162, CVE-2024-0163, CVE-2022-21233, CVE-2021-33060
Summary
- improper privilege management
- improper parameter initialization
- possible Trusted Execution Configuration Register Access
- Improper SMM Communication Buffer Verification
- Time-of-check Time-of-use (TOCTOU)
- Stale Data Read from Legacy xAPIC
- Out-of-bounds write in the BIOS firmware
Hotfix Information
Fixed with following versions of Mindbreeze InSpire On-Premises or Mindbreeze InSpire SaaS:
- Mindbreeze InSpire 24.2 Release
- Mindbreeze InSpire SaaS 24.2 Release