Skip to main content
Contact Us

DSA-2022-204: Dell PowerEdge Improper SMM Communication Buffer Verification Vulnerability

Summary: Dell PowerEdge remediation is available for an Improper SMM communication buffer verification vulnerability that may be exploited by malicious users to compromise the affected system.

This article applies to This article does not apply to This article is not tied to any specific product. Not all product versions are identified in this article.
Check out other resources

Impact

High

Details

Proprietary Code CVEs Description CVSS Base Score CVSS Vector String
CVE-2022-34377 Dell PowerEdge BIOS and Dell Precision BIOS contain an Improper SMM communication buffer verification vulnerability. A local malicious user with high Privileges may potentially exploit this vulnerability to perform arbitrary code execution or cause denial of service. 1.9 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L
CVE-2022-34376 Dell PowerEdge BIOS and Dell Precision BIOS contain an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by manipulating an SMI to cause a denial of service during SMM. 3.9 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:L/A:L
CVE-2022-34406 Dell PowerEdge BIOS and Dell Precision BIOS contain an Improper SMM communication buffer verification vulnerability. A local malicious user with high Privileges may potentially exploit this vulnerability to perform arbitrary code execution or cause denial of service. 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
CVE-2022-34407
CVE-2022-34408
CVE-2022-34409
CVE-2022-34410
CVE-2022-34411
CVE-2022-34412
CVE-2022-34413
CVE-2022-34414
CVE-2022-34415
CVE-2022-34416
CVE-2022-34417
CVE-2022-34418
CVE-2022-34419
CVE-2022-34420
CVE-2022-34421
CVE-2022-34422
CVE-2022-34423
Proprietary Code CVEs Description CVSS Base Score CVSS Vector String
CVE-2022-34377 Dell PowerEdge BIOS and Dell Precision BIOS contain an Improper SMM communication buffer verification vulnerability. A local malicious user with high Privileges may potentially exploit this vulnerability to perform arbitrary code execution or cause denial of service. 1.9 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L
CVE-2022-34376 Dell PowerEdge BIOS and Dell Precision BIOS contain an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by manipulating an SMI to cause a denial of service during SMM. 3.9 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:L/A:L
CVE-2022-34406 Dell PowerEdge BIOS and Dell Precision BIOS contain an Improper SMM communication buffer verification vulnerability. A local malicious user with high Privileges may potentially exploit this vulnerability to perform arbitrary code execution or cause denial of service. 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
CVE-2022-34407
CVE-2022-34408
CVE-2022-34409
CVE-2022-34410
CVE-2022-34411
CVE-2022-34412
CVE-2022-34413
CVE-2022-34414
CVE-2022-34415
CVE-2022-34416
CVE-2022-34417
CVE-2022-34418
CVE-2022-34419
CVE-2022-34420
CVE-2022-34421
CVE-2022-34422
CVE-2022-34423
Dell Technologies recommends all customers consider both the CVSS base score and any relevant temporal and environmental scores that may impact the potential severity associated with a particular security vulnerability.

Affected Products & Remediation

Product Affected Versions Updated Versions or later Link to Update
R6515 Before 2.9.3 2.9.3 R6515 Drivers & Downloads
R7515 Before 2.9.3 2.9.3 R7515 Drivers & Downloads
R6525 Before 2.9.3 2.9.3 R6525 Drivers & Downloads
R7525 Before 2.9.3 2.9.3 R7525 Drivers & Downloads
XE8545 Before 2.9.4 2.9.4 XE8545 Drivers & Downloads
C6525 Before 2.9.4 2.9.4 C6525 Drivers & Downloads
R6415 Before 1.19.0 1.19.0 R6415 Drivers & Downloads
R7415 Before 1.19.0 1.19.0 R7415 Drivers & Downloads
R7425 Before 1.19.0 1.19.0 R7425 Drivers & Downloads
R750 Before 1.8.2 1.8.2 R750 Drivers & Downloads
R750XA Before 1.8.2 1.8.2 R750XA Drivers & Downloads
R650 Before 1.8.2 1.8.2 R650 Drivers & Downloads
C6520 Before 1.8.2 1.8.2 C6520 Drivers & Downloads
MX750c Before 1.8.2 1.8.2 MX750c Drivers & Downloads
R450 Before 1.8.2 1.8.2 R450 Drivers & Downloads
R550 Before 1.8.2 1.8.2 R550 Drivers & Downloads
R650xs Before 1.8.2 1.8.2 R650xs Drivers & Downloads
R750xs Before 1.8.2 1.8.2 R750xs Drivers & Downloads
T550 Before 1.8.2 1.8.2 T550 Drivers & Downloads
XR11 Before 1.8.2 1.8.2 XR11 Drivers & Downloads
XR12 Before 1.8.2 1.8.2 XR12 Drivers & Downloads
R250 Before 1.4.2 1.4.2 R250 Drivers & Downloads
R350 Before 1.4.2 1.4.2 R350 Drivers & Downloads
T150 Before 1.4.2 1.4.2 T150 Drivers & Downloads
T350 Before 1.4.2 1.4.2 T350 Drivers & Downloads
R740 Before 2.16.1 2.16.1 R740 Drivers & Downloads
R740XD Before 2.16.1 2.16.1 R740XD Drivers & Downloads
R640 Before 2.16.1 2.16.1 R640 Drivers & Downloads
R940 Before 2.16.1 2.16.1 R940 Drivers & Downloads
R540 Before 2.16.1 2.16.1 R540 Drivers & Downloads
R440 Before 2.16.1 2.16.1 R440 Drivers & Downloads
T440 Before 2.16.1 2.16.1 T440 Drivers & Downloads
XR2 Before 2.16.1 2.16.1 XR2 Drivers & Downloads
R740XD2 Before 2.16.1 2.16.1 R740XD2 Drivers & Downloads
R840 Before 2.16.1 2.16.1 R840 Drivers & Downloads
R940XA Before 2.16.1 2.16.1 R940XA Drivers & Downloads
T640 Before 2.16.1 2.16.1 T640 Drivers & Downloads
C6420 Before 2.16.1 2.16.1 C6420 Drivers & Downloads
FC640 Before 2.16.1 2.16.1 FC640 Drivers & Downloads
M640 Before 2.16.1 2.16.1 M640 Drivers & Downloads
M640P Before 2.16.1 2.16.1 M640P Drivers & Downloads
MX740C Before 2.16.1 2.16.1 MX740C Drivers & Downloads
MX840C Before 2.16.1 2.16.1 MX840C Drivers & Downloads
C4140 Before 2.16.1 2.16.1 C4140 Drivers & Downloads
DSS8440 Before 2.16.1 2.16.1 DSS8440 Drivers & Downloads
T140 Before 2.11.1 2.11.1 T140 Drivers & Downloads
T340 Before 2.11.1 2.11.1 T340 Drivers & Downloads
R240 Before 2.11.1 2.11.1 R240 Drivers & Downloads
R340 Before 2.11.1 2.11.1 R340 Drivers & Downloads
XE2420 Before 2.16.0 2.16.0 XE2420 Drivers & Downloads
XE7420 Before 2.16.1 2.16.1 XE7420 Drivers & Downloads
XE7440 Before 2.16.1 2.16.1 XE7440 Drivers & Downloads
R730 Before 2.16.0 2.16.0 R730 Drivers & Downloads
R730xd Before 2.16.0 2.16.0 R730XD Drivers & Downloads
R630 Before 2.16.0 2.16.0 R630 Drivers & Downloads
C4130 Before 2.16.0 2.16.0 C4130 Drivers & Downloads  
R930 Before 2.16.0 2.11.0 R930 Drivers & Downloads
M630 Before 2.16.0 2.16.0 M630 Drivers & Downloads
M630p Before 2.16.0 2.16.0 M630P Drivers & Downloads
FC630 Before 2.16.0 2.16.0 FC630 Drivers & Downloads
FC430 Before 2.16.0 2.16.0 FC430 Drivers & Downloads
M830 Before 2.16.0 2.16.0 M830 Drivers & Downloads
M830p Before 2.16.0 2.16.0 M830P Drivers & Downloads
FC830 Before 2.16.0 2.16.0 FC830 Drivers & Downloads
T630 Before 2.16.0 2.16.0 T630 Drivers & Downloads
R530 Before 2.16.0 2.16.0 R530 Drivers & Downloads
R430 Before 2.16.0 2.16.0 R430 Drivers & Downloads
T430 Before 2.16.0 2.16.0 T430 Drivers & Downloads
R830 Before 1.16.0 1.16.0 R830 Drivers & Downloads
C6320 Before 2.16.0 2.16.0 C6320 Drivers & Downloads
T130 Before 2.16.0  2.16.0 T130 Drivers & Downloads
R230 Before 2.16.0  2.16.0 R230 Drivers & Downloads
T330 Before 2.16.0  2.16.0 T330 Drivers & Downloads
R330 Before 2.16.0  2.16.0 R330 Drivers & Downloads
NX430 Before 2.16.0 2.16.0 NX430 Drivers & Downloads
NX3230 Before 2.16.0 2.16.0 NX3230 Drivers & Downloads
NX3330 Before 2.16.0 2.16.0 NX3330 Drivers & Downloads
NX440 Before 2.11.1 2.11.1 NX440 Drivers & Downloads
NX3240 Before 2.16.1 2.16.1 NX3240 Drivers & Downloads
NX3340 Before 2.16.1 2.16.1 NX3340 Drivers & Downloads

Note:
For those customers that enable SGX function on R750, R750XA, R650, C6520, MX750c, R450, R550, R650xs, R750xs, T550, XR11, or XR12, do not roll back the BIOS to older versions. An issue that is discovered within Intel microcode may cause TCB recovery failure and result in a system to stop responding. By default, SGX function is disabled. To determine if SGX function is enabled:
  • From the BIOS - Systems Utilities screen, select System Configuration > BIOS/Platform Configuration (RBSI) > System Options > Processor Options > Intel Software Guard Extensions (SGX) and press Enter.
  • If it is set to Enabled or software controlled, then the SGX function is enabled.
Product Affected Versions Updated Versions or later Link to Update
R6515 Before 2.9.3 2.9.3 R6515 Drivers & Downloads
R7515 Before 2.9.3 2.9.3 R7515 Drivers & Downloads
R6525 Before 2.9.3 2.9.3 R6525 Drivers & Downloads
R7525 Before 2.9.3 2.9.3 R7525 Drivers & Downloads
XE8545 Before 2.9.4 2.9.4 XE8545 Drivers & Downloads
C6525 Before 2.9.4 2.9.4 C6525 Drivers & Downloads
R6415 Before 1.19.0 1.19.0 R6415 Drivers & Downloads
R7415 Before 1.19.0 1.19.0 R7415 Drivers & Downloads
R7425 Before 1.19.0 1.19.0 R7425 Drivers & Downloads
R750 Before 1.8.2 1.8.2 R750 Drivers & Downloads
R750XA Before 1.8.2 1.8.2 R750XA Drivers & Downloads
R650 Before 1.8.2 1.8.2 R650 Drivers & Downloads
C6520 Before 1.8.2 1.8.2 C6520 Drivers & Downloads
MX750c Before 1.8.2 1.8.2 MX750c Drivers & Downloads
R450 Before 1.8.2 1.8.2 R450 Drivers & Downloads
R550 Before 1.8.2 1.8.2 R550 Drivers & Downloads
R650xs Before 1.8.2 1.8.2 R650xs Drivers & Downloads
R750xs Before 1.8.2 1.8.2 R750xs Drivers & Downloads
T550 Before 1.8.2 1.8.2 T550 Drivers & Downloads
XR11 Before 1.8.2 1.8.2 XR11 Drivers & Downloads
XR12 Before 1.8.2 1.8.2 XR12 Drivers & Downloads
R250 Before 1.4.2 1.4.2 R250 Drivers & Downloads
R350 Before 1.4.2 1.4.2 R350 Drivers & Downloads
T150 Before 1.4.2 1.4.2 T150 Drivers & Downloads
T350 Before 1.4.2 1.4.2 T350 Drivers & Downloads
R740 Before 2.16.1 2.16.1 R740 Drivers & Downloads
R740XD Before 2.16.1 2.16.1 R740XD Drivers & Downloads
R640 Before 2.16.1 2.16.1 R640 Drivers & Downloads
R940 Before 2.16.1 2.16.1 R940 Drivers & Downloads
R540 Before 2.16.1 2.16.1 R540 Drivers & Downloads
R440 Before 2.16.1 2.16.1 R440 Drivers & Downloads
T440 Before 2.16.1 2.16.1 T440 Drivers & Downloads
XR2 Before 2.16.1 2.16.1 XR2 Drivers & Downloads
R740XD2 Before 2.16.1 2.16.1 R740XD2 Drivers & Downloads
R840 Before 2.16.1 2.16.1 R840 Drivers & Downloads
R940XA Before 2.16.1 2.16.1 R940XA Drivers & Downloads
T640 Before 2.16.1 2.16.1 T640 Drivers & Downloads
C6420 Before 2.16.1 2.16.1 C6420 Drivers & Downloads
FC640 Before 2.16.1 2.16.1 FC640 Drivers & Downloads
M640 Before 2.16.1 2.16.1 M640 Drivers & Downloads
M640P Before 2.16.1 2.16.1 M640P Drivers & Downloads
MX740C Before 2.16.1 2.16.1 MX740C Drivers & Downloads
MX840C Before 2.16.1 2.16.1 MX840C Drivers & Downloads
C4140 Before 2.16.1 2.16.1 C4140 Drivers & Downloads
DSS8440 Before 2.16.1 2.16.1 DSS8440 Drivers & Downloads
T140 Before 2.11.1 2.11.1 T140 Drivers & Downloads
T340 Before 2.11.1 2.11.1 T340 Drivers & Downloads
R240 Before 2.11.1 2.11.1 R240 Drivers & Downloads
R340 Before 2.11.1 2.11.1 R340 Drivers & Downloads
XE2420 Before 2.16.0 2.16.0 XE2420 Drivers & Downloads
XE7420 Before 2.16.1 2.16.1 XE7420 Drivers & Downloads
XE7440 Before 2.16.1 2.16.1 XE7440 Drivers & Downloads
R730 Before 2.16.0 2.16.0 R730 Drivers & Downloads
R730xd Before 2.16.0 2.16.0 R730XD Drivers & Downloads
R630 Before 2.16.0 2.16.0 R630 Drivers & Downloads
C4130 Before 2.16.0 2.16.0 C4130 Drivers & Downloads  
R930 Before 2.16.0 2.11.0 R930 Drivers & Downloads
M630 Before 2.16.0 2.16.0 M630 Drivers & Downloads
M630p Before 2.16.0 2.16.0 M630P Drivers & Downloads
FC630 Before 2.16.0 2.16.0 FC630 Drivers & Downloads
FC430 Before 2.16.0 2.16.0 FC430 Drivers & Downloads
M830 Before 2.16.0 2.16.0 M830 Drivers & Downloads
M830p Before 2.16.0 2.16.0 M830P Drivers & Downloads
FC830 Before 2.16.0 2.16.0 FC830 Drivers & Downloads
T630 Before 2.16.0 2.16.0 T630 Drivers & Downloads
R530 Before 2.16.0 2.16.0 R530 Drivers & Downloads
R430 Before 2.16.0 2.16.0 R430 Drivers & Downloads
T430 Before 2.16.0 2.16.0 T430 Drivers & Downloads
R830 Before 1.16.0 1.16.0 R830 Drivers & Downloads
C6320 Before 2.16.0 2.16.0 C6320 Drivers & Downloads
T130 Before 2.16.0  2.16.0 T130 Drivers & Downloads
R230 Before 2.16.0  2.16.0 R230 Drivers & Downloads
T330 Before 2.16.0  2.16.0 T330 Drivers & Downloads
R330 Before 2.16.0  2.16.0 R330 Drivers & Downloads
NX430 Before 2.16.0 2.16.0 NX430 Drivers & Downloads
NX3230 Before 2.16.0 2.16.0 NX3230 Drivers & Downloads
NX3330 Before 2.16.0 2.16.0 NX3330 Drivers & Downloads
NX440 Before 2.11.1 2.11.1 NX440 Drivers & Downloads
NX3240 Before 2.16.1 2.16.1 NX3240 Drivers & Downloads
NX3340 Before 2.16.1 2.16.1 NX3340 Drivers & Downloads

Note:
For those customers that enable SGX function on R750, R750XA, R650, C6520, MX750c, R450, R550, R650xs, R750xs, T550, XR11, or XR12, do not roll back the BIOS to older versions. An issue that is discovered within Intel microcode may cause TCB recovery failure and result in a system to stop responding. By default, SGX function is disabled. To determine if SGX function is enabled:
  • From the BIOS - Systems Utilities screen, select System Configuration > BIOS/Platform Configuration (RBSI) > System Options > Processor Options > Intel Software Guard Extensions (SGX) and press Enter.
  • If it is set to Enabled or software controlled, then the SGX function is enabled.

Revision History

RevisionDateDescription
1.02022-12-15Initial release
1.12023-02-10Add PowerVault NX models.
1.22023-03-14Updated CVE Descriptions

Acknowledgements

CVE-2022-34377,CVE-2022-34376: Dell would like to thank Yngwei for reporting this issue.

Related Information

Dell Security Advisories and Notices
Dell Vulnerability Response Policy
CVSS Scoring Guide

Legal Disclaimer

Affected Products

DSS 8440, PowerEdge XR2, PowerEdge C4130, Poweredge C4140, PowerEdge c6320, PowerEdge C6420, PowerEdge C6520, PowerEdge C6525, Poweredge FC430, Poweredge FC630, PowerEdge FC640, Poweredge FC830, PowerEdge M630, PowerEdge M630 (for PE VRTX) , PowerEdge M640, PowerEdge M640 (for PE VRTX), PowerEdge M830, PowerEdge M830 (for PE VRTX), PowerEdge MX740C, PowerEdge MX750c, PowerEdge MX840C, PowerEdge R230, PowerEdge R250, PowerEdge R330, PowerEdge R350, PowerEdge R430, PowerEdge R440, PowerEdge R450, PowerEdge R530, PowerEdge R540, PowerEdge R550, PowerEdge R630, PowerEdge R640, PowerEdge R6415, PowerEdge R650, PowerEdge R650xs, PowerEdge R6515, PowerEdge R6525, PowerEdge R730, PowerEdge R730xd, PowerEdge R740, PowerEdge R740XD, PowerEdge R740XD2, PowerEdge R7415, PowerEdge R7425, PowerEdge R750, PowerEdge R750XA, PowerEdge R750xs, PowerEdge R7515, PowerEdge R830, PowerEdge R840, PowerEdge R930, PowerEdge R940, PowerEdge R940xa, PowerEdge T130, PowerEdge T140, PowerEdge T150, PowerEdge T330, PowerEdge T340, PowerEdge T350, PowerEdge T430, PowerEdge T440, PowerEdge T550, PowerEdge T630, PowerEdge T640, PowerEdge XE2420, PowerEdge XE7420, PowerEdge XE7440, PowerEdge XE8545, PowerEdge XR11, PowerEdge XR12, PowerVault NX3000, PowerVault NX3100, Powervault NX3200, Powervault NX3300, PowerVault NX3500, PowerVault NX3600, PowerVault NX3610, Powervault NX400, Product Security Information ...
Article Properties
Article Number: 000206296
Article Type: Dell Security Advisory
Last Modified: 14 Mar 2023
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.