DSA-2023-076 Dell Precision 7910 and 7920 Rack Security Update for BIOS Vulnerabilities
Summary: Dell Precision 7910 and 7920 Rack BIOS remediations are available for multiple security vulnerabilities that could be exploited by malicious users to compromise the affected system.
This article applies to
This article does not apply to
This article is not tied to any specific product.
Not all product versions are identified in this article.
Impact
High
Details
| Proprietary Code CVE(s) | Description | CVSS Base Score | CVSS Vector String |
| CVE-2022-34377 | Dell PowerEdge BIOS and Dell Precision BIOS contain an Improper SMM communication buffer verification vulnerability. A local malicious user with high Privileges may potentially exploit this vulnerability to perform arbitrary code execution or cause denial of service. | 1.9 | CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L |
| CVE-2022-34376 | Dell PowerEdge BIOS and Dell Precision BIOS contain an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by manipulating an SMI to cause a denial of service during SMM. | 3.9 | CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:L/A:L |
| CVE-2022-34406 | Dell PowerEdge BIOS and Dell Precision BIOS contain an Improper SMM communication buffer verification vulnerability. A local malicious user with high Privileges may potentially exploit this vulnerability to perform arbitrary code execution or cause denial of service. | 7.5 | CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H |
| CVE-2022-34407 | |||
| CVE-2022-34408 | |||
| CVE-2022-34409 | |||
| CVE-2022-34410 | |||
| CVE-2022-34411 | |||
| CVE-2022-34412 | |||
| CVE-2022-34413 | |||
| CVE-2022-34414 | |||
| CVE-2022-34415 | |||
| CVE-2022-34416 | |||
| CVE-2022-34417 | |||
| CVE-2022-34418 | |||
| CVE-2022-34419 | |||
| CVE-2022-34420 | |||
| CVE-2022-34421 | |||
| CVE-2022-34422 | |||
| CVE-2022-34423 |
| Proprietary Code CVE(s) | Description | CVSS Base Score | CVSS Vector String |
| CVE-2022-34377 | Dell PowerEdge BIOS and Dell Precision BIOS contain an Improper SMM communication buffer verification vulnerability. A local malicious user with high Privileges may potentially exploit this vulnerability to perform arbitrary code execution or cause denial of service. | 1.9 | CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L |
| CVE-2022-34376 | Dell PowerEdge BIOS and Dell Precision BIOS contain an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by manipulating an SMI to cause a denial of service during SMM. | 3.9 | CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:L/A:L |
| CVE-2022-34406 | Dell PowerEdge BIOS and Dell Precision BIOS contain an Improper SMM communication buffer verification vulnerability. A local malicious user with high Privileges may potentially exploit this vulnerability to perform arbitrary code execution or cause denial of service. | 7.5 | CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H |
| CVE-2022-34407 | |||
| CVE-2022-34408 | |||
| CVE-2022-34409 | |||
| CVE-2022-34410 | |||
| CVE-2022-34411 | |||
| CVE-2022-34412 | |||
| CVE-2022-34413 | |||
| CVE-2022-34414 | |||
| CVE-2022-34415 | |||
| CVE-2022-34416 | |||
| CVE-2022-34417 | |||
| CVE-2022-34418 | |||
| CVE-2022-34419 | |||
| CVE-2022-34420 | |||
| CVE-2022-34421 | |||
| CVE-2022-34422 | |||
| CVE-2022-34423 |
Affected Products & Remediation
| CVE(s) Addressed | Product | Affected Version(s) | Updated Version(s) | Link to Update |
| CVE-2022-34377 | Precision Rack 7910 |
Versions prior to 2.16.0 |
2.16.0 | Precision Rack 7910 Drivers and Downloads |
| CVE-2022-34376 | ||||
| CVE-2022-34406 | ||||
| CVE-2022-34407 | ||||
| CVE-2022-34408 | ||||
| CVE-2022-34409 | ||||
| CVE-2022-34410 | ||||
| CVE-2022-34411 | ||||
| CVE-2022-34412 | ||||
| CVE-2022-34413 | ||||
| CVE-2022-34414 | ||||
| CVE-2022-34415 | ||||
| CVE-2022-34416 | ||||
| CVE-2022-34417 | ||||
| CVE-2022-34418 | ||||
| CVE-2022-34419 | ||||
| CVE-2022-34420 | ||||
| CVE-2022-34421 | ||||
| CVE-2022-34422 | ||||
| CVE-2022-34423 | ||||
| CVE-2022-34376 | Precision 7920 Rack |
Versions prior to 2.16.2 | 2.16.2 | Precision 7920 Rack Drivers and Downloads |
| CVE(s) Addressed | Product | Affected Version(s) | Updated Version(s) | Link to Update |
| CVE-2022-34377 | Precision Rack 7910 |
Versions prior to 2.16.0 |
2.16.0 | Precision Rack 7910 Drivers and Downloads |
| CVE-2022-34376 | ||||
| CVE-2022-34406 | ||||
| CVE-2022-34407 | ||||
| CVE-2022-34408 | ||||
| CVE-2022-34409 | ||||
| CVE-2022-34410 | ||||
| CVE-2022-34411 | ||||
| CVE-2022-34412 | ||||
| CVE-2022-34413 | ||||
| CVE-2022-34414 | ||||
| CVE-2022-34415 | ||||
| CVE-2022-34416 | ||||
| CVE-2022-34417 | ||||
| CVE-2022-34418 | ||||
| CVE-2022-34419 | ||||
| CVE-2022-34420 | ||||
| CVE-2022-34421 | ||||
| CVE-2022-34422 | ||||
| CVE-2022-34423 | ||||
| CVE-2022-34376 | Precision 7920 Rack |
Versions prior to 2.16.2 | 2.16.2 | Precision 7920 Rack Drivers and Downloads |
Workarounds & Mitigations
None.
Revision History
| Revision | Date | Description |
| 1.0 | 2023-03-14 | Initial Release |
Acknowledgements
Dell Technologies would like to thank Yngwei for reporting CVE-2022-34377 and CVE-2022-34376.
Related Information
Legal Disclaimer
Affected Products
Precision 7920 Rack, Precision Rack 7910, Product Security InformationArticle Properties
Article Number: 000209466
Article Type: Dell Security Advisory
Last Modified: 14 Mar 2023
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.