DSA-2022-015: Dell PowerEdge Improper SMM Communication Buffer Verification Vulnerability

Summary: Dell PowerEdge remediation is available for an Improper SMM communication buffer verification vulnerability that may be exploited by malicious users to compromise the affected system.

This article applies to This article does not apply to This article is not tied to any specific product. Not all product versions are identified in this article.
Check out other resources

Impact

Medium

Details

Proprietary Code CVE Description CVSS Base Score CVSS Vector String
CVE-2022-22558 Dell PowerEdge Server BIOS and Dell Precision Workstation 7910 and 7920 Rack BIOS contain an Improper SMM communication buffer verification vulnerability. A Local High Privileged attacker may potentially exploit this vulnerability leading to arbitrary writes or denial of service..
 		 5.7 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H
Proprietary Code CVE Description CVSS Base Score CVSS Vector String
CVE-2022-22558 Dell PowerEdge Server BIOS and Dell Precision Workstation 7910 and 7920 Rack BIOS contain an Improper SMM communication buffer verification vulnerability. A Local High Privileged attacker may potentially exploit this vulnerability leading to arbitrary writes or denial of service..
 		 5.7 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H
Dell Technologies recommends all customers consider both the CVSS base score and any relevant temporal and environmental scores that may impact the potential severity associated with a particular security vulnerability.

Affected Products & Remediation

Product Affected Versions Updated Versions or later Link to Update
R6415 Before 1.18.0 1.18.0 R6415 Drivers & Downloads
R7415 Before 1.18.0 1.18.0 R7415 Drivers & Downloads
R7425 Before 1.18.0 1.18.0 R7425 Drivers & Downloads
R730 Before 2.15.0 2.15.0 R730 Drivers & Downloads
R730XD Before 2.15.0 2.15.0 R730XD Drivers & Downloads
R630 Before 2.15.0 2.15.0 R630 Drivers & Downloads
C4130 Before 2.15.0 2.15.0 C4130 Drivers & Downloads
M630 Before 2.15.0 2.15.0 M630 Drivers & Downloads
M630P Before 2.15.0 2.15.0 M630P Drivers & Downloads
FC630 Before 2.15.0 2.15.0 FC630 Drivers & Downloads
FC430 Before 2.15.0 2.15.0 FC430 Drivers & Downloads
M830 Before 2.15.0 2.15.0 M830 Drivers & Downloads
M830P Before 2.15.0 2.15.0 M830P Drivers & Downloads
FC830 Before 2.15.0 2.15.0 FC830 Drivers & Downloads
T630 Before 2.15.0 2.15.0 T630 Drivers & Downloads
R530 Before 2.15.0 2.15.0 R530 Drivers & Downloads
R430 Before 2.15.0 2.15.0 R430 Drivers & Downloads
T430 Before 2.15.0 2.15.0 T430 Drivers & Downloads
R830 Before 1.15.0 1.15.0 R830 Drivers & Downloads
C6320 Before 2.15.0 2.15.0 C6320 Drivers & Downloads
XE8545 Before 2.6.6 2.6.6 XE8545 Drivers & Downloads
XE2420  Before 2.15.0 2.15.0
XE2420 Drivers & Downloads

Note: The table above may not be a comprehensive list of all affected supported versions and may be updated as more information becomes available.

*Out of an abundance of caution, version 2.14.x and 1.14.x was removed while Dell investigates issues reported by small number of customers with the BIOS release. Once the issue is resolved, Dell will release an updated BIOS if needed.
Product Affected Versions Updated Versions or later Link to Update
R6415 Before 1.18.0 1.18.0 R6415 Drivers & Downloads
R7415 Before 1.18.0 1.18.0 R7415 Drivers & Downloads
R7425 Before 1.18.0 1.18.0 R7425 Drivers & Downloads
R730 Before 2.15.0 2.15.0 R730 Drivers & Downloads
R730XD Before 2.15.0 2.15.0 R730XD Drivers & Downloads
R630 Before 2.15.0 2.15.0 R630 Drivers & Downloads
C4130 Before 2.15.0 2.15.0 C4130 Drivers & Downloads
M630 Before 2.15.0 2.15.0 M630 Drivers & Downloads
M630P Before 2.15.0 2.15.0 M630P Drivers & Downloads
FC630 Before 2.15.0 2.15.0 FC630 Drivers & Downloads
FC430 Before 2.15.0 2.15.0 FC430 Drivers & Downloads
M830 Before 2.15.0 2.15.0 M830 Drivers & Downloads
M830P Before 2.15.0 2.15.0 M830P Drivers & Downloads
FC830 Before 2.15.0 2.15.0 FC830 Drivers & Downloads
T630 Before 2.15.0 2.15.0 T630 Drivers & Downloads
R530 Before 2.15.0 2.15.0 R530 Drivers & Downloads
R430 Before 2.15.0 2.15.0 R430 Drivers & Downloads
T430 Before 2.15.0 2.15.0 T430 Drivers & Downloads
R830 Before 1.15.0 1.15.0 R830 Drivers & Downloads
C6320 Before 2.15.0 2.15.0 C6320 Drivers & Downloads
XE8545 Before 2.6.6 2.6.6 XE8545 Drivers & Downloads
XE2420  Before 2.15.0 2.15.0
XE2420 Drivers & Downloads

Note: The table above may not be a comprehensive list of all affected supported versions and may be updated as more information becomes available.

*Out of an abundance of caution, version 2.14.x and 1.14.x was removed while Dell investigates issues reported by small number of customers with the BIOS release. Once the issue is resolved, Dell will release an updated BIOS if needed.

Revision History

RevisionDateDescription
1.02022-03-31Initial release
1.12022-05-31Updated "Affected Products and Remediation" section
1.22022-06-20Updated Target Release Dates
1.32022-07-27
Updated "Affected Products and Remediation" section
1.42022-08-04Updated CVE Description. 
1.52022-08-22Added PowerEdge XE8545 to "Affected Products and Remediation" section.
1.62022-009-28
Updated "Affected Products and Remediation" section

Acknowledgements

Dell would like to thank yngweijw for reporting this issue.

Related Information

Dell Security Advisories and Notices
Dell Vulnerability Response Policy
CVSS Scoring Guide

Legal Disclaimer

Affected Products

PowerEdge, PowerEdge C4130, PowerEdge c6320, Poweredge FC430, Poweredge FC630, Poweredge FC830, PowerEdge M630, PowerEdge M630 (for PE VRTX), PowerEdge M830, PowerEdge M830 (for PE VRTX), PowerEdge R430, PowerEdge R530, PowerEdge R630 , PowerEdge R6415, PowerEdge R730, PowerEdge R730xd, PowerEdge R7415, PowerEdge R7425, PowerEdge R830, PowerEdge T430, PowerEdge T630, PowerEdge XE2420, PowerEdge XE8545, Product Security Information ...
Article Properties
Article Number: 000197971
Article Type: Dell Security Advisory
Last Modified: 28 Sept 2022
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.