DSA-2022-327: Dell Client Security Update for Multiple Dell Client BIOS Vulnerabilities
Résumé: Dell Client Consumer platform remediation is available for multiple Dell BIOS vulnerabilities that may be exploited by malicious users to compromise the affected systems.
Cet article concerne
Cet article ne concerne pas
Cet article n’est associé à aucun produit spécifique.
Toutes les versions du produit ne sont pas identifiées dans cet article.
Impact
High
Détails
| Proprietary Code CVEs | Description | CVSS Base Score | CVSS Vector String |
| CVE-2022-34403 | Dell BIOS contains a Stack based buffer overflow vulnerability. A local authenticated attacker may potentially exploit this vulnerability by using an SMI to send larger than expected input to a parameter to gain arbitrary code execution in SMRAM. |
7.5 |
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H |
| CVE-2022-34400 | Dell BIOS contains a heap buffer overflow vulnerability. A local attacker with admin privileges may potentially exploit this vulnerability to perform an arbitrary write to SMRAM during SMM. |
7.1 | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H |
See the table below for Dell Client BIOS releases containing resolutions to these vulnerabilities. Dell Technologies recommends all customers update at the earliest opportunity.
Go to the Drivers & Downloads site for updates on the applicable products. To learn more, see Dell KB article 124211: Dell BIOS Updates, and download the update for your Dell computer.
Customers may use one of the Dell notification solutions to be notified on download driver, BIOS, and firmware updates automatically once available.
| Proprietary Code CVEs | Description | CVSS Base Score | CVSS Vector String |
| CVE-2022-34403 | Dell BIOS contains a Stack based buffer overflow vulnerability. A local authenticated attacker may potentially exploit this vulnerability by using an SMI to send larger than expected input to a parameter to gain arbitrary code execution in SMRAM. |
7.5 |
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H |
| CVE-2022-34400 | Dell BIOS contains a heap buffer overflow vulnerability. A local attacker with admin privileges may potentially exploit this vulnerability to perform an arbitrary write to SMRAM during SMM. |
7.1 | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H |
See the table below for Dell Client BIOS releases containing resolutions to these vulnerabilities. Dell Technologies recommends all customers update at the earliest opportunity.
Go to the Drivers & Downloads site for updates on the applicable products. To learn more, see Dell KB article 124211: Dell BIOS Updates, and download the update for your Dell computer.
Customers may use one of the Dell notification solutions to be notified on download driver, BIOS, and firmware updates automatically once available.
Produits concernés et mesure corrective
| Product | BIOS Update Version | BIOS Release Date |
| Alienware m15 R6 | 1.17.0 | 10-19-2022 |
| Alienware m15 R7 | 1.4.3 | 09-29-2022 |
| Alienware m15 Ryzen Edition R5 | 1.8.0 | 10-26-2022 |
| Alienware m17 R5 AMD | 1.4.3 | 09-29-2022 |
| Dell G15 5510 | 1.16.0 | 10-11-2022 |
| Dell G15 5511 | 1.18.0 | 10-11-2022 |
| Dell G15 5515 | 1.8.0 | 10-26-2022 |
| Dell G15 5525 | 1.4.3 | 09-29-2022 |
| Dell G5 SE 5505 | 1.13.0 | 11-08-2022 |
| Inspiron 14 5410 2-in-1 | 2.15.2 | 11-15-2022 |
| Inspiron 15 3511 | 1.18.2 | 11-21-2022 |
| Inspiron 3195 2-in-1 | 1.6.0 | 10-26-2022 |
| Inspiron 3275 | 1.9.2 | 10-05-2022 |
| Inspiron 3475 | 1.9.2 | 10-05-2022 |
| Inspiron 3505 | 1.9.0 | 10-11-2022 |
| Inspiron 3515 | 1.9.0 | 10-11-2022 |
| Inspiron 3525 | 1.5.0 | 10-13-2022 |
| Inspiron 3585 | 1.10.0 | 10-26-2022 |
| Inspiron 3595 | 1.5.0 | 10-26-2022 |
| Inspiron 3785 | 1.10.0 | 10-26-2022 |
| Inspiron 3891 | 1.12.0 | 10-17-2022 |
| Inspiron 5310 | 2.15.0 | 10-11-2022 |
| Inspiron 5405 | 1.9.0 | 11-08-2022 |
| Inspiron 5410 | 2.14.0 | 10-07-2022 |
| Inspiron 5415 | 1.13.0 | 11-08-2022 |
| Inspiron 5425 | 1.5.0 | 10-11-2022 |
| Inspiron 5485 | 2.11.0 | 10-26-2022 |
| Inspiron 5485 2-in-1 | 2.11.0 | 10-26-2022 |
| Inspiron 5505 | 1.9.0 | 11-08-2022 |
| Inspiron 5510 | 2.15.2 | 11-15-2022 |
| Inspiron 5515 | 1.13.0 | 11-08-2022 |
| Inspiron 5585 | 2.11.0 | 10-26-2022 |
| Inspiron 7405 2-in-1 | 1.10.1 | 12-01-2022 |
| Inspiron 7415 | 1.13.0 | 11-09-2022 |
| Inspiron 7425 | 1.5.0 | 10-11-2022 |
| Inspiron 7510 | 1.12.0 | 10-12-2022 |
| Inspiron 7610 | 1.12.0 | 10-12-2022 |
| Latitude 3320 | 1.18.2 | 11-15-2022 |
| Latitude 3420 | 1.23.2 | 11-07-2022 |
| Latitude 3520 | 1.23.2 | 11-07-2022 |
| Latitude 5320 | 1.24.3 | 11-16-2022 |
| Latitude 5420 | 1.22.0 | 10-17-2022 |
| Latitude 5520 | 1.24.3 | 11-16-2022 |
| Latitude 5521 | 1.17.3 | 11-16-2022 |
| Latitude 7320 | 1.20.0 | 10-17-2022 |
| Latitude 7320 Detachable | 1.17.2 | 11-22-2022 |
| Latitude 7420 | 1.20.0 | 10-17-2022 |
| Latitude 7520 | 1.20.0 | 10-17-2022 |
| Latitude 9420 | 1.16.2 | 11-22-2022 |
| Latitude 9520 | 1.17.0 | 10-17-2022 |
| Latitude Rugged 5430 | 1.12.0 | 10-11-2022 |
| Latitude Rugged 7330 | 1.12.0 | 10-11-2022 |
| Latitude 5421 | 1.15.0 | 10-17-2022 |
| OptiPlex 3090 Ultra | 1.15.0 | 10-12-2022 |
| OptiPlex 5090 | 1.12.0 | 10-17-2022 |
| OptiPlex 5490 All-In-One | 1.15.0 | 10-11-2022 |
| OptiPlex 7090 Tower | 1.12.0 | 10-11-2022 |
| OptiPlex 7090 Ultra | 1.15.0 | 10-12-2022 |
| OptiPlex 7490 AIO | 1.15.0 | 10-11-2022 |
| Precision 3450 | 1.12.0 | 10-11-2022 |
| Precision 3560 | 1.24.3 | 11-16-2022 |
| Precision 3561 | 1.17.3 | 11-16-2022 |
| Precision 3650 Tower | 1.16.0 | 10-11-2022 |
| Precision 5560 | 1.15.2 | 11-21-2022 |
| Precision 5760 | 1.15.2 | 11-16-2022 |
| Precision 7560 | 1.16.0 | 10-14-2022 |
| Precision 7760 | 1.16.0 | 10-14-2022 |
| Vostro 3405 | 1.9.0 | 10-11-2022 |
| Vostro 3425 | 1.5.0 | 10-13-2022 |
| Vostro 3510 | 1.18.2 | 11-21-2022 |
| Vostro 3515 | 1.9.0 | 10-11-2022 |
| Vostro 3525 | 1.5.0 | 10-13-2022 |
| Vostro 3690 | 1.12.0 | 10-17-2022 |
| Vostro 3890 | 1.12.0 | 10-17-2022 |
| Vostro 5310 | 2.15.0 | 10-11-2022 |
| Vostro 5410 | 2.15.2 | 11-15-2022 |
| Vostro 5415 | 1.13.0 | 11-08-2022 |
| Vostro 5510 | 2.15.2 | 11-15-2022 |
| Vostro 5515 | 1.13.0 | 11-08-2022 |
| Vostro 5625 | 1.5.0 | 10-11-2022 |
| Vostro 5890 | 1.12.0 | 10-11-2022 |
| Vostro 7510 | 1.12.0 | 10-12-2022 |
| XPS 15 9510 | 1.15.2 | 11-21-2022 |
| XPS 17 9710 | 1.15.2 | 11-14-2022 |
| Product | BIOS Update Version | BIOS Release Date |
| Alienware m15 R6 | 1.17.0 | 10-19-2022 |
| Alienware m15 R7 | 1.4.3 | 09-29-2022 |
| Alienware m15 Ryzen Edition R5 | 1.8.0 | 10-26-2022 |
| Alienware m17 R5 AMD | 1.4.3 | 09-29-2022 |
| Dell G15 5510 | 1.16.0 | 10-11-2022 |
| Dell G15 5511 | 1.18.0 | 10-11-2022 |
| Dell G15 5515 | 1.8.0 | 10-26-2022 |
| Dell G15 5525 | 1.4.3 | 09-29-2022 |
| Dell G5 SE 5505 | 1.13.0 | 11-08-2022 |
| Inspiron 14 5410 2-in-1 | 2.15.2 | 11-15-2022 |
| Inspiron 15 3511 | 1.18.2 | 11-21-2022 |
| Inspiron 3195 2-in-1 | 1.6.0 | 10-26-2022 |
| Inspiron 3275 | 1.9.2 | 10-05-2022 |
| Inspiron 3475 | 1.9.2 | 10-05-2022 |
| Inspiron 3505 | 1.9.0 | 10-11-2022 |
| Inspiron 3515 | 1.9.0 | 10-11-2022 |
| Inspiron 3525 | 1.5.0 | 10-13-2022 |
| Inspiron 3585 | 1.10.0 | 10-26-2022 |
| Inspiron 3595 | 1.5.0 | 10-26-2022 |
| Inspiron 3785 | 1.10.0 | 10-26-2022 |
| Inspiron 3891 | 1.12.0 | 10-17-2022 |
| Inspiron 5310 | 2.15.0 | 10-11-2022 |
| Inspiron 5405 | 1.9.0 | 11-08-2022 |
| Inspiron 5410 | 2.14.0 | 10-07-2022 |
| Inspiron 5415 | 1.13.0 | 11-08-2022 |
| Inspiron 5425 | 1.5.0 | 10-11-2022 |
| Inspiron 5485 | 2.11.0 | 10-26-2022 |
| Inspiron 5485 2-in-1 | 2.11.0 | 10-26-2022 |
| Inspiron 5505 | 1.9.0 | 11-08-2022 |
| Inspiron 5510 | 2.15.2 | 11-15-2022 |
| Inspiron 5515 | 1.13.0 | 11-08-2022 |
| Inspiron 5585 | 2.11.0 | 10-26-2022 |
| Inspiron 7405 2-in-1 | 1.10.1 | 12-01-2022 |
| Inspiron 7415 | 1.13.0 | 11-09-2022 |
| Inspiron 7425 | 1.5.0 | 10-11-2022 |
| Inspiron 7510 | 1.12.0 | 10-12-2022 |
| Inspiron 7610 | 1.12.0 | 10-12-2022 |
| Latitude 3320 | 1.18.2 | 11-15-2022 |
| Latitude 3420 | 1.23.2 | 11-07-2022 |
| Latitude 3520 | 1.23.2 | 11-07-2022 |
| Latitude 5320 | 1.24.3 | 11-16-2022 |
| Latitude 5420 | 1.22.0 | 10-17-2022 |
| Latitude 5520 | 1.24.3 | 11-16-2022 |
| Latitude 5521 | 1.17.3 | 11-16-2022 |
| Latitude 7320 | 1.20.0 | 10-17-2022 |
| Latitude 7320 Detachable | 1.17.2 | 11-22-2022 |
| Latitude 7420 | 1.20.0 | 10-17-2022 |
| Latitude 7520 | 1.20.0 | 10-17-2022 |
| Latitude 9420 | 1.16.2 | 11-22-2022 |
| Latitude 9520 | 1.17.0 | 10-17-2022 |
| Latitude Rugged 5430 | 1.12.0 | 10-11-2022 |
| Latitude Rugged 7330 | 1.12.0 | 10-11-2022 |
| Latitude 5421 | 1.15.0 | 10-17-2022 |
| OptiPlex 3090 Ultra | 1.15.0 | 10-12-2022 |
| OptiPlex 5090 | 1.12.0 | 10-17-2022 |
| OptiPlex 5490 All-In-One | 1.15.0 | 10-11-2022 |
| OptiPlex 7090 Tower | 1.12.0 | 10-11-2022 |
| OptiPlex 7090 Ultra | 1.15.0 | 10-12-2022 |
| OptiPlex 7490 AIO | 1.15.0 | 10-11-2022 |
| Precision 3450 | 1.12.0 | 10-11-2022 |
| Precision 3560 | 1.24.3 | 11-16-2022 |
| Precision 3561 | 1.17.3 | 11-16-2022 |
| Precision 3650 Tower | 1.16.0 | 10-11-2022 |
| Precision 5560 | 1.15.2 | 11-21-2022 |
| Precision 5760 | 1.15.2 | 11-16-2022 |
| Precision 7560 | 1.16.0 | 10-14-2022 |
| Precision 7760 | 1.16.0 | 10-14-2022 |
| Vostro 3405 | 1.9.0 | 10-11-2022 |
| Vostro 3425 | 1.5.0 | 10-13-2022 |
| Vostro 3510 | 1.18.2 | 11-21-2022 |
| Vostro 3515 | 1.9.0 | 10-11-2022 |
| Vostro 3525 | 1.5.0 | 10-13-2022 |
| Vostro 3690 | 1.12.0 | 10-17-2022 |
| Vostro 3890 | 1.12.0 | 10-17-2022 |
| Vostro 5310 | 2.15.0 | 10-11-2022 |
| Vostro 5410 | 2.15.2 | 11-15-2022 |
| Vostro 5415 | 1.13.0 | 11-08-2022 |
| Vostro 5510 | 2.15.2 | 11-15-2022 |
| Vostro 5515 | 1.13.0 | 11-08-2022 |
| Vostro 5625 | 1.5.0 | 10-11-2022 |
| Vostro 5890 | 1.12.0 | 10-11-2022 |
| Vostro 7510 | 1.12.0 | 10-12-2022 |
| XPS 15 9510 | 1.15.2 | 11-21-2022 |
| XPS 17 9710 | 1.15.2 | 11-14-2022 |
Historique des révisions
| Revision | Date | Description |
| 1.0 | 2022-12-15 | Initial Release |
Remerciements
CVE-2022-34400, CVE-2022-34403: Dell Technologies would like to thank Cederic Laumen (@ling_sec) for reporting this issue.
Informations connexes
Mention légale
Produits concernés
Dell G15 5510, Dell G15 5511, Dell G15 5515 Ryzen Edition, Dell G15 5525, Inspiron 3195 2-in-1, Inspiron 5405, Inspiron 14 5410 2-in-1, Inspiron 5415, Inspiron 7405 2-in-1, Inspiron 3505, Inspiron 15 3511, Inspiron 3585, Inspiron 3595, Inspiron 5505
, Inspiron 5515, Inspiron 3785, Inspiron 3275, Inspiron 3475, Inspiron 3891, Inspiron 531s, Inspiron 5425 (End of Life), Latitude 3320, Latitude 5320, Latitude 7320, Latitude 7320 Detachable, Latitude 7330 Rugged Extreme, Latitude 3420, Latitude 5421, Latitude 5430 Rugged, Latitude 7420, Latitude 7424 Rugged Extreme, Latitude 9420, Latitude 3520, Latitude 5520, Latitude 5521, Latitude 9520, Latitude 5420, OptiPlex 3090 Ultra, OptiPlex 5090 Tower, OptiPlex 5490 All-In-One, OptiPlex 7090 Ultra, OptiPlex 7490 All-In-One, Precision 3540, Precision 3560, Precision 3561, Precision 5560, Precision 7560, Precision 5760, Precision 7760, Precision 3650 Tower, Product Security Information, Vostro 3405, Vostro 3425, Vostro 3525, Vostro 5625, Vostro 3690, Vostro 5890, XPS 15 9510
...
Propriétés de l’article
Numéro d’article: 000205716
Type d’article: Dell Security Advisory
Dernière modification: 16 Dec 2022
Trouvez des réponses à vos questions auprès d’autres utilisateurs Dell
Services de support
Vérifiez si votre appareil est couvert par les services de support.