DSA-2022-015: Dell PowerEdge Improper SMM Communication Buffer Verification Vulnerability
Summary: Dell PowerEdge remediation is available for an Improper SMM communication buffer verification vulnerability that may be exploited by malicious users to compromise the affected system.
Αυτό το άρθρο ισχύει για
Αυτό το άρθρο δεν ισχύει για
Αυτό το άρθρο δεν συνδέεται με κάποιο συγκεκριμένο προϊόν.
Δεν προσδιορίζονται όλες οι εκδόσεις προϊόντων σε αυτό το άρθρο.
Impact
Medium
Details
| Proprietary Code CVE | Description | CVSS Base Score | CVSS Vector String |
| CVE-2022-22558 | Dell PowerEdge Server BIOS and Dell Precision Workstation 7910 and 7920 Rack BIOS contain an Improper SMM communication buffer verification vulnerability. A Local High Privileged attacker may potentially exploit this vulnerability leading to arbitrary writes or denial of service.. |
5.7 | CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H |
| Proprietary Code CVE | Description | CVSS Base Score | CVSS Vector String |
| CVE-2022-22558 | Dell PowerEdge Server BIOS and Dell Precision Workstation 7910 and 7920 Rack BIOS contain an Improper SMM communication buffer verification vulnerability. A Local High Privileged attacker may potentially exploit this vulnerability leading to arbitrary writes or denial of service.. |
5.7 | CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H |
Επηρεαζόμενα προϊόντα και αποκατάσταση
| Product | Affected Versions | Updated Versions or later | Link to Update | |
| R6415 | Before 1.18.0 | 1.18.0 | R6415 Drivers & Downloads | |
| R7415 | Before 1.18.0 | 1.18.0 | R7415 Drivers & Downloads | |
| R7425 | Before 1.18.0 | 1.18.0 | R7425 Drivers & Downloads | |
| R730 | Before 2.15.0 | 2.15.0 | R730 Drivers & Downloads | |
| R730XD | Before 2.15.0 | 2.15.0 | R730XD Drivers & Downloads | |
| R630 | Before 2.15.0 | 2.15.0 | R630 Drivers & Downloads | |
| C4130 | Before 2.15.0 | 2.15.0 | C4130 Drivers & Downloads | |
| M630 | Before 2.15.0 | 2.15.0 | M630 Drivers & Downloads | |
| M630P | Before 2.15.0 | 2.15.0 | M630P Drivers & Downloads | |
| FC630 | Before 2.15.0 | 2.15.0 | FC630 Drivers & Downloads | |
| FC430 | Before 2.15.0 | 2.15.0 | FC430 Drivers & Downloads | |
| M830 | Before 2.15.0 | 2.15.0 | M830 Drivers & Downloads | |
| M830P | Before 2.15.0 | 2.15.0 | M830P Drivers & Downloads | |
| FC830 | Before 2.15.0 | 2.15.0 | FC830 Drivers & Downloads | |
| T630 | Before 2.15.0 | 2.15.0 | T630 Drivers & Downloads | |
| R530 | Before 2.15.0 | 2.15.0 | R530 Drivers & Downloads | |
| R430 | Before 2.15.0 | 2.15.0 | R430 Drivers & Downloads | |
| T430 | Before 2.15.0 | 2.15.0 | T430 Drivers & Downloads | |
| R830 | Before 1.15.0 | 1.15.0 | R830 Drivers & Downloads | |
| C6320 | Before 2.15.0 | 2.15.0 | C6320 Drivers & Downloads | |
| XE8545 | Before 2.6.6 | 2.6.6 | XE8545 Drivers & Downloads | |
| XE2420 | Before 2.15.0 | 2.15.0 |
|
Note: The table above may not be a comprehensive list of all affected supported versions and may be updated as more information becomes available.
*Out of an abundance of caution, version 2.14.x and 1.14.x was removed while Dell investigates issues reported by small number of customers with the BIOS release. Once the issue is resolved, Dell will release an updated BIOS if needed.
| Product | Affected Versions | Updated Versions or later | Link to Update | |
| R6415 | Before 1.18.0 | 1.18.0 | R6415 Drivers & Downloads | |
| R7415 | Before 1.18.0 | 1.18.0 | R7415 Drivers & Downloads | |
| R7425 | Before 1.18.0 | 1.18.0 | R7425 Drivers & Downloads | |
| R730 | Before 2.15.0 | 2.15.0 | R730 Drivers & Downloads | |
| R730XD | Before 2.15.0 | 2.15.0 | R730XD Drivers & Downloads | |
| R630 | Before 2.15.0 | 2.15.0 | R630 Drivers & Downloads | |
| C4130 | Before 2.15.0 | 2.15.0 | C4130 Drivers & Downloads | |
| M630 | Before 2.15.0 | 2.15.0 | M630 Drivers & Downloads | |
| M630P | Before 2.15.0 | 2.15.0 | M630P Drivers & Downloads | |
| FC630 | Before 2.15.0 | 2.15.0 | FC630 Drivers & Downloads | |
| FC430 | Before 2.15.0 | 2.15.0 | FC430 Drivers & Downloads | |
| M830 | Before 2.15.0 | 2.15.0 | M830 Drivers & Downloads | |
| M830P | Before 2.15.0 | 2.15.0 | M830P Drivers & Downloads | |
| FC830 | Before 2.15.0 | 2.15.0 | FC830 Drivers & Downloads | |
| T630 | Before 2.15.0 | 2.15.0 | T630 Drivers & Downloads | |
| R530 | Before 2.15.0 | 2.15.0 | R530 Drivers & Downloads | |
| R430 | Before 2.15.0 | 2.15.0 | R430 Drivers & Downloads | |
| T430 | Before 2.15.0 | 2.15.0 | T430 Drivers & Downloads | |
| R830 | Before 1.15.0 | 1.15.0 | R830 Drivers & Downloads | |
| C6320 | Before 2.15.0 | 2.15.0 | C6320 Drivers & Downloads | |
| XE8545 | Before 2.6.6 | 2.6.6 | XE8545 Drivers & Downloads | |
| XE2420 | Before 2.15.0 | 2.15.0 |
|
Note: The table above may not be a comprehensive list of all affected supported versions and may be updated as more information becomes available.
*Out of an abundance of caution, version 2.14.x and 1.14.x was removed while Dell investigates issues reported by small number of customers with the BIOS release. Once the issue is resolved, Dell will release an updated BIOS if needed.
Revision History
| Revision | Date | Description | |
| 1.0 | 2022-03-31 | Initial release | |
| 1.1 | 2022-05-31 | Updated "Affected Products and Remediation" section | |
| 1.2 | 2022-06-20 | Updated Target Release Dates | |
| 1.3 | 2022-07-27 |
| |
| 1.4 | 2022-08-04 | Updated CVE Description. | |
| 1.5 | 2022-08-22 | Added PowerEdge XE8545 to "Affected Products and Remediation" section. | |
| 1.6 | 2022-009-28 |
|
Acknowledgements
Dell would like to thank yngweijw for reporting this issue.
Related Information
Νομική αποποίηση ευθύνης
Επηρεαζόμενα προϊόντα
PowerEdge, PowerEdge C4130, PowerEdge c6320, Poweredge FC430, Poweredge FC630, Poweredge FC830, PowerEdge M630, PowerEdge M630 (for PE VRTX), PowerEdge M830, PowerEdge M830 (for PE VRTX), PowerEdge R430, PowerEdge R530, PowerEdge R630
, PowerEdge R6415, PowerEdge R730, PowerEdge R730xd, PowerEdge R7415, PowerEdge R7425, PowerEdge R830, PowerEdge T430, PowerEdge T630, PowerEdge XE2420, PowerEdge XE8545, Product Security Information
...
Ιδιότητες άρθρου
Article Number: 000197971
Article Type: Dell Security Advisory
Τελευταία τροποποίηση: 28 Σεπ 2022
Βρείτε απαντήσεις στις ερωτήσεις σας από άλλους χρήστες της Dell
Υπηρεσίες υποστήριξης
Ελέγξτε αν η συσκευή σας καλύπτεται από τις Υπηρεσίες υποστήριξης.