DSA-2022-204: Dell PowerEdge Improper SMM Communication Buffer Verification Vulnerability
Summary: Dell PowerEdge remediation is available for an Improper SMM communication buffer verification vulnerability that may be exploited by malicious users to compromise the affected system.
This article applies to
This article does not apply to
This article is not tied to any specific product.
Not all product versions are identified in this article.
Impact
High
Details
| Proprietary Code CVEs | Description | CVSS Base Score | CVSS Vector String |
| CVE-2022-34377 | Dell PowerEdge BIOS and Dell Precision BIOS contain an Improper SMM communication buffer verification vulnerability. A local malicious user with high Privileges may potentially exploit this vulnerability to perform arbitrary code execution or cause denial of service. | 1.9 | CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L |
| CVE-2022-34376 | Dell PowerEdge BIOS and Dell Precision BIOS contain an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by manipulating an SMI to cause a denial of service during SMM. | 3.9 | CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:L/A:L |
| CVE-2022-34406 | Dell PowerEdge BIOS and Dell Precision BIOS contain an Improper SMM communication buffer verification vulnerability. A local malicious user with high Privileges may potentially exploit this vulnerability to perform arbitrary code execution or cause denial of service. | 7.5 | CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H |
| CVE-2022-34407 | |||
| CVE-2022-34408 | |||
| CVE-2022-34409 | |||
| CVE-2022-34410 | |||
| CVE-2022-34411 | |||
| CVE-2022-34412 | |||
| CVE-2022-34413 | |||
| CVE-2022-34414 | |||
| CVE-2022-34415 | |||
| CVE-2022-34416 | |||
| CVE-2022-34417 | |||
| CVE-2022-34418 | |||
| CVE-2022-34419 | |||
| CVE-2022-34420 | |||
| CVE-2022-34421 | |||
| CVE-2022-34422 | |||
| CVE-2022-34423 |
| Proprietary Code CVEs | Description | CVSS Base Score | CVSS Vector String |
| CVE-2022-34377 | Dell PowerEdge BIOS and Dell Precision BIOS contain an Improper SMM communication buffer verification vulnerability. A local malicious user with high Privileges may potentially exploit this vulnerability to perform arbitrary code execution or cause denial of service. | 1.9 | CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L |
| CVE-2022-34376 | Dell PowerEdge BIOS and Dell Precision BIOS contain an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by manipulating an SMI to cause a denial of service during SMM. | 3.9 | CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:L/A:L |
| CVE-2022-34406 | Dell PowerEdge BIOS and Dell Precision BIOS contain an Improper SMM communication buffer verification vulnerability. A local malicious user with high Privileges may potentially exploit this vulnerability to perform arbitrary code execution or cause denial of service. | 7.5 | CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H |
| CVE-2022-34407 | |||
| CVE-2022-34408 | |||
| CVE-2022-34409 | |||
| CVE-2022-34410 | |||
| CVE-2022-34411 | |||
| CVE-2022-34412 | |||
| CVE-2022-34413 | |||
| CVE-2022-34414 | |||
| CVE-2022-34415 | |||
| CVE-2022-34416 | |||
| CVE-2022-34417 | |||
| CVE-2022-34418 | |||
| CVE-2022-34419 | |||
| CVE-2022-34420 | |||
| CVE-2022-34421 | |||
| CVE-2022-34422 | |||
| CVE-2022-34423 |
Affected Products & Remediation
| Product | Affected Versions | Updated Versions or later | Link to Update |
| R6515 | Before 2.9.3 | 2.9.3 | R6515 Drivers & Downloads |
| R7515 | Before 2.9.3 | 2.9.3 | R7515 Drivers & Downloads |
| R6525 | Before 2.9.3 | 2.9.3 | R6525 Drivers & Downloads |
| R7525 | Before 2.9.3 | 2.9.3 | R7525 Drivers & Downloads |
| XE8545 | Before 2.9.4 | 2.9.4 | XE8545 Drivers & Downloads |
| C6525 | Before 2.9.4 | 2.9.4 | C6525 Drivers & Downloads |
| R6415 | Before 1.19.0 | 1.19.0 | R6415 Drivers & Downloads |
| R7415 | Before 1.19.0 | 1.19.0 | R7415 Drivers & Downloads |
| R7425 | Before 1.19.0 | 1.19.0 | R7425 Drivers & Downloads |
| R750 | Before 1.8.2 | 1.8.2 | R750 Drivers & Downloads |
| R750XA | Before 1.8.2 | 1.8.2 | R750XA Drivers & Downloads |
| R650 | Before 1.8.2 | 1.8.2 | R650 Drivers & Downloads |
| C6520 | Before 1.8.2 | 1.8.2 | C6520 Drivers & Downloads |
| MX750c | Before 1.8.2 | 1.8.2 | MX750c Drivers & Downloads |
| R450 | Before 1.8.2 | 1.8.2 | R450 Drivers & Downloads |
| R550 | Before 1.8.2 | 1.8.2 | R550 Drivers & Downloads |
| R650xs | Before 1.8.2 | 1.8.2 | R650xs Drivers & Downloads |
| R750xs | Before 1.8.2 | 1.8.2 | R750xs Drivers & Downloads |
| T550 | Before 1.8.2 | 1.8.2 | T550 Drivers & Downloads |
| XR11 | Before 1.8.2 | 1.8.2 | XR11 Drivers & Downloads |
| XR12 | Before 1.8.2 | 1.8.2 | XR12 Drivers & Downloads |
| R250 | Before 1.4.2 | 1.4.2 | R250 Drivers & Downloads |
| R350 | Before 1.4.2 | 1.4.2 | R350 Drivers & Downloads |
| T150 | Before 1.4.2 | 1.4.2 | T150 Drivers & Downloads |
| T350 | Before 1.4.2 | 1.4.2 | T350 Drivers & Downloads |
| R740 | Before 2.16.1 | 2.16.1 | R740 Drivers & Downloads |
| R740XD | Before 2.16.1 | 2.16.1 | R740XD Drivers & Downloads |
| R640 | Before 2.16.1 | 2.16.1 | R640 Drivers & Downloads |
| R940 | Before 2.16.1 | 2.16.1 | R940 Drivers & Downloads |
| R540 | Before 2.16.1 | 2.16.1 | R540 Drivers & Downloads |
| R440 | Before 2.16.1 | 2.16.1 | R440 Drivers & Downloads |
| T440 | Before 2.16.1 | 2.16.1 | T440 Drivers & Downloads |
| XR2 | Before 2.16.1 | 2.16.1 | XR2 Drivers & Downloads |
| R740XD2 | Before 2.16.1 | 2.16.1 | R740XD2 Drivers & Downloads |
| R840 | Before 2.16.1 | 2.16.1 | R840 Drivers & Downloads |
| R940XA | Before 2.16.1 | 2.16.1 | R940XA Drivers & Downloads |
| T640 | Before 2.16.1 | 2.16.1 | T640 Drivers & Downloads |
| C6420 | Before 2.16.1 | 2.16.1 | C6420 Drivers & Downloads |
| FC640 | Before 2.16.1 | 2.16.1 | FC640 Drivers & Downloads |
| M640 | Before 2.16.1 | 2.16.1 | M640 Drivers & Downloads |
| M640P | Before 2.16.1 | 2.16.1 | M640P Drivers & Downloads |
| MX740C | Before 2.16.1 | 2.16.1 | MX740C Drivers & Downloads |
| MX840C | Before 2.16.1 | 2.16.1 | MX840C Drivers & Downloads |
| C4140 | Before 2.16.1 | 2.16.1 | C4140 Drivers & Downloads |
| DSS8440 | Before 2.16.1 | 2.16.1 | DSS8440 Drivers & Downloads |
| T140 | Before 2.11.1 | 2.11.1 | T140 Drivers & Downloads |
| T340 | Before 2.11.1 | 2.11.1 | T340 Drivers & Downloads |
| R240 | Before 2.11.1 | 2.11.1 | R240 Drivers & Downloads |
| R340 | Before 2.11.1 | 2.11.1 | R340 Drivers & Downloads |
| XE2420 | Before 2.16.0 | 2.16.0 | XE2420 Drivers & Downloads |
| XE7420 | Before 2.16.1 | 2.16.1 | XE7420 Drivers & Downloads |
| XE7440 | Before 2.16.1 | 2.16.1 | XE7440 Drivers & Downloads |
| R730 | Before 2.16.0 | 2.16.0 | R730 Drivers & Downloads |
| R730xd | Before 2.16.0 | 2.16.0 | R730XD Drivers & Downloads |
| R630 | Before 2.16.0 | 2.16.0 | R630 Drivers & Downloads |
| C4130 | Before 2.16.0 | 2.16.0 | C4130 Drivers & Downloads |
| R930 | Before 2.16.0 | 2.11.0 | R930 Drivers & Downloads |
| M630 | Before 2.16.0 | 2.16.0 | M630 Drivers & Downloads |
| M630p | Before 2.16.0 | 2.16.0 | M630P Drivers & Downloads |
| FC630 | Before 2.16.0 | 2.16.0 | FC630 Drivers & Downloads |
| FC430 | Before 2.16.0 | 2.16.0 | FC430 Drivers & Downloads |
| M830 | Before 2.16.0 | 2.16.0 | M830 Drivers & Downloads |
| M830p | Before 2.16.0 | 2.16.0 | M830P Drivers & Downloads |
| FC830 | Before 2.16.0 | 2.16.0 | FC830 Drivers & Downloads |
| T630 | Before 2.16.0 | 2.16.0 | T630 Drivers & Downloads |
| R530 | Before 2.16.0 | 2.16.0 | R530 Drivers & Downloads |
| R430 | Before 2.16.0 | 2.16.0 | R430 Drivers & Downloads |
| T430 | Before 2.16.0 | 2.16.0 | T430 Drivers & Downloads |
| R830 | Before 1.16.0 | 1.16.0 | R830 Drivers & Downloads |
| C6320 | Before 2.16.0 | 2.16.0 | C6320 Drivers & Downloads |
| T130 | Before 2.16.0 | 2.16.0 | T130 Drivers & Downloads |
| R230 | Before 2.16.0 | 2.16.0 | R230 Drivers & Downloads |
| T330 | Before 2.16.0 | 2.16.0 | T330 Drivers & Downloads |
| R330 | Before 2.16.0 | 2.16.0 | R330 Drivers & Downloads |
| NX430 | Before 2.16.0 | 2.16.0 | NX430 Drivers & Downloads |
| NX3230 | Before 2.16.0 | 2.16.0 | NX3230 Drivers & Downloads |
| NX3330 | Before 2.16.0 | 2.16.0 | NX3330 Drivers & Downloads |
| NX440 | Before 2.11.1 | 2.11.1 | NX440 Drivers & Downloads |
| NX3240 | Before 2.16.1 | 2.16.1 | NX3240 Drivers & Downloads |
| NX3340 | Before 2.16.1 | 2.16.1 | NX3340 Drivers & Downloads |
Note:
For those customers that enable SGX function on R750, R750XA, R650, C6520, MX750c, R450, R550, R650xs, R750xs, T550, XR11, or XR12, do not roll back the BIOS to older versions. An issue that is discovered within Intel microcode may cause TCB recovery failure and result in a system to stop responding. By default, SGX function is disabled. To determine if SGX function is enabled:
- From the BIOS - Systems Utilities screen, select System Configuration > BIOS/Platform Configuration (RBSI) > System Options > Processor Options > Intel Software Guard Extensions (SGX) and press Enter.
- If it is set to Enabled or software controlled, then the SGX function is enabled.
| Product | Affected Versions | Updated Versions or later | Link to Update |
| R6515 | Before 2.9.3 | 2.9.3 | R6515 Drivers & Downloads |
| R7515 | Before 2.9.3 | 2.9.3 | R7515 Drivers & Downloads |
| R6525 | Before 2.9.3 | 2.9.3 | R6525 Drivers & Downloads |
| R7525 | Before 2.9.3 | 2.9.3 | R7525 Drivers & Downloads |
| XE8545 | Before 2.9.4 | 2.9.4 | XE8545 Drivers & Downloads |
| C6525 | Before 2.9.4 | 2.9.4 | C6525 Drivers & Downloads |
| R6415 | Before 1.19.0 | 1.19.0 | R6415 Drivers & Downloads |
| R7415 | Before 1.19.0 | 1.19.0 | R7415 Drivers & Downloads |
| R7425 | Before 1.19.0 | 1.19.0 | R7425 Drivers & Downloads |
| R750 | Before 1.8.2 | 1.8.2 | R750 Drivers & Downloads |
| R750XA | Before 1.8.2 | 1.8.2 | R750XA Drivers & Downloads |
| R650 | Before 1.8.2 | 1.8.2 | R650 Drivers & Downloads |
| C6520 | Before 1.8.2 | 1.8.2 | C6520 Drivers & Downloads |
| MX750c | Before 1.8.2 | 1.8.2 | MX750c Drivers & Downloads |
| R450 | Before 1.8.2 | 1.8.2 | R450 Drivers & Downloads |
| R550 | Before 1.8.2 | 1.8.2 | R550 Drivers & Downloads |
| R650xs | Before 1.8.2 | 1.8.2 | R650xs Drivers & Downloads |
| R750xs | Before 1.8.2 | 1.8.2 | R750xs Drivers & Downloads |
| T550 | Before 1.8.2 | 1.8.2 | T550 Drivers & Downloads |
| XR11 | Before 1.8.2 | 1.8.2 | XR11 Drivers & Downloads |
| XR12 | Before 1.8.2 | 1.8.2 | XR12 Drivers & Downloads |
| R250 | Before 1.4.2 | 1.4.2 | R250 Drivers & Downloads |
| R350 | Before 1.4.2 | 1.4.2 | R350 Drivers & Downloads |
| T150 | Before 1.4.2 | 1.4.2 | T150 Drivers & Downloads |
| T350 | Before 1.4.2 | 1.4.2 | T350 Drivers & Downloads |
| R740 | Before 2.16.1 | 2.16.1 | R740 Drivers & Downloads |
| R740XD | Before 2.16.1 | 2.16.1 | R740XD Drivers & Downloads |
| R640 | Before 2.16.1 | 2.16.1 | R640 Drivers & Downloads |
| R940 | Before 2.16.1 | 2.16.1 | R940 Drivers & Downloads |
| R540 | Before 2.16.1 | 2.16.1 | R540 Drivers & Downloads |
| R440 | Before 2.16.1 | 2.16.1 | R440 Drivers & Downloads |
| T440 | Before 2.16.1 | 2.16.1 | T440 Drivers & Downloads |
| XR2 | Before 2.16.1 | 2.16.1 | XR2 Drivers & Downloads |
| R740XD2 | Before 2.16.1 | 2.16.1 | R740XD2 Drivers & Downloads |
| R840 | Before 2.16.1 | 2.16.1 | R840 Drivers & Downloads |
| R940XA | Before 2.16.1 | 2.16.1 | R940XA Drivers & Downloads |
| T640 | Before 2.16.1 | 2.16.1 | T640 Drivers & Downloads |
| C6420 | Before 2.16.1 | 2.16.1 | C6420 Drivers & Downloads |
| FC640 | Before 2.16.1 | 2.16.1 | FC640 Drivers & Downloads |
| M640 | Before 2.16.1 | 2.16.1 | M640 Drivers & Downloads |
| M640P | Before 2.16.1 | 2.16.1 | M640P Drivers & Downloads |
| MX740C | Before 2.16.1 | 2.16.1 | MX740C Drivers & Downloads |
| MX840C | Before 2.16.1 | 2.16.1 | MX840C Drivers & Downloads |
| C4140 | Before 2.16.1 | 2.16.1 | C4140 Drivers & Downloads |
| DSS8440 | Before 2.16.1 | 2.16.1 | DSS8440 Drivers & Downloads |
| T140 | Before 2.11.1 | 2.11.1 | T140 Drivers & Downloads |
| T340 | Before 2.11.1 | 2.11.1 | T340 Drivers & Downloads |
| R240 | Before 2.11.1 | 2.11.1 | R240 Drivers & Downloads |
| R340 | Before 2.11.1 | 2.11.1 | R340 Drivers & Downloads |
| XE2420 | Before 2.16.0 | 2.16.0 | XE2420 Drivers & Downloads |
| XE7420 | Before 2.16.1 | 2.16.1 | XE7420 Drivers & Downloads |
| XE7440 | Before 2.16.1 | 2.16.1 | XE7440 Drivers & Downloads |
| R730 | Before 2.16.0 | 2.16.0 | R730 Drivers & Downloads |
| R730xd | Before 2.16.0 | 2.16.0 | R730XD Drivers & Downloads |
| R630 | Before 2.16.0 | 2.16.0 | R630 Drivers & Downloads |
| C4130 | Before 2.16.0 | 2.16.0 | C4130 Drivers & Downloads |
| R930 | Before 2.16.0 | 2.11.0 | R930 Drivers & Downloads |
| M630 | Before 2.16.0 | 2.16.0 | M630 Drivers & Downloads |
| M630p | Before 2.16.0 | 2.16.0 | M630P Drivers & Downloads |
| FC630 | Before 2.16.0 | 2.16.0 | FC630 Drivers & Downloads |
| FC430 | Before 2.16.0 | 2.16.0 | FC430 Drivers & Downloads |
| M830 | Before 2.16.0 | 2.16.0 | M830 Drivers & Downloads |
| M830p | Before 2.16.0 | 2.16.0 | M830P Drivers & Downloads |
| FC830 | Before 2.16.0 | 2.16.0 | FC830 Drivers & Downloads |
| T630 | Before 2.16.0 | 2.16.0 | T630 Drivers & Downloads |
| R530 | Before 2.16.0 | 2.16.0 | R530 Drivers & Downloads |
| R430 | Before 2.16.0 | 2.16.0 | R430 Drivers & Downloads |
| T430 | Before 2.16.0 | 2.16.0 | T430 Drivers & Downloads |
| R830 | Before 1.16.0 | 1.16.0 | R830 Drivers & Downloads |
| C6320 | Before 2.16.0 | 2.16.0 | C6320 Drivers & Downloads |
| T130 | Before 2.16.0 | 2.16.0 | T130 Drivers & Downloads |
| R230 | Before 2.16.0 | 2.16.0 | R230 Drivers & Downloads |
| T330 | Before 2.16.0 | 2.16.0 | T330 Drivers & Downloads |
| R330 | Before 2.16.0 | 2.16.0 | R330 Drivers & Downloads |
| NX430 | Before 2.16.0 | 2.16.0 | NX430 Drivers & Downloads |
| NX3230 | Before 2.16.0 | 2.16.0 | NX3230 Drivers & Downloads |
| NX3330 | Before 2.16.0 | 2.16.0 | NX3330 Drivers & Downloads |
| NX440 | Before 2.11.1 | 2.11.1 | NX440 Drivers & Downloads |
| NX3240 | Before 2.16.1 | 2.16.1 | NX3240 Drivers & Downloads |
| NX3340 | Before 2.16.1 | 2.16.1 | NX3340 Drivers & Downloads |
Note:
For those customers that enable SGX function on R750, R750XA, R650, C6520, MX750c, R450, R550, R650xs, R750xs, T550, XR11, or XR12, do not roll back the BIOS to older versions. An issue that is discovered within Intel microcode may cause TCB recovery failure and result in a system to stop responding. By default, SGX function is disabled. To determine if SGX function is enabled:
- From the BIOS - Systems Utilities screen, select System Configuration > BIOS/Platform Configuration (RBSI) > System Options > Processor Options > Intel Software Guard Extensions (SGX) and press Enter.
- If it is set to Enabled or software controlled, then the SGX function is enabled.
Revision History
| Revision | Date | Description |
| 1.0 | 2022-12-15 | Initial release |
| 1.1 | 2023-02-10 | Add PowerVault NX models. |
| 1.2 | 2023-03-14 | Updated CVE Descriptions |
Acknowledgements
CVE-2022-34377,CVE-2022-34376: Dell would like to thank Yngwei for reporting this issue.
Related Information
Legal Disclaimer
Affected Products
DSS 8440, PowerEdge XR2, PowerEdge C4130, Poweredge C4140, PowerEdge c6320, PowerEdge C6420, PowerEdge C6520, PowerEdge C6525, Poweredge FC430, Poweredge FC630, PowerEdge FC640, Poweredge FC830, PowerEdge M630, PowerEdge M630 (for PE VRTX)
, PowerEdge M640, PowerEdge M640 (for PE VRTX), PowerEdge M830, PowerEdge M830 (for PE VRTX), PowerEdge MX740C, PowerEdge MX750c, PowerEdge MX840C, PowerEdge R230, PowerEdge R250, PowerEdge R330, PowerEdge R350, PowerEdge R430, PowerEdge R440, PowerEdge R450, PowerEdge R530, PowerEdge R540, PowerEdge R550, PowerEdge R630, PowerEdge R640, PowerEdge R6415, PowerEdge R650, PowerEdge R650xs, PowerEdge R6515, PowerEdge R6525, PowerEdge R730, PowerEdge R730xd, PowerEdge R740, PowerEdge R740XD, PowerEdge R740XD2, PowerEdge R7415, PowerEdge R7425, PowerEdge R750, PowerEdge R750XA, PowerEdge R750xs, PowerEdge R7515, PowerEdge R830, PowerEdge R840, PowerEdge R930, PowerEdge R940, PowerEdge R940xa, PowerEdge T130, PowerEdge T140, PowerEdge T150, PowerEdge T330, PowerEdge T340, PowerEdge T350, PowerEdge T430, PowerEdge T440, PowerEdge T550, PowerEdge T630, PowerEdge T640, PowerEdge XE2420, PowerEdge XE7420, PowerEdge XE7440, PowerEdge XE8545, PowerEdge XR11, PowerEdge XR12, PowerVault NX3000, PowerVault NX3100, Powervault NX3200, Powervault NX3300, PowerVault NX3500, PowerVault NX3600, PowerVault NX3610, Powervault NX400, Product Security Information
...
Article Properties
Article Number: 000206296
Article Type: Dell Security Advisory
Last Modified: 14 Mar 2023
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.