DSA-2023-050: Dell Client Platform Security Update for an AMI UEFI BIOS Vulnerability

Summary: Dell Client Platform BIOS remediation is available for a UEFI BIOS vulnerability that could be exploited by malicious users to compromise the affected system.

This article applies to This article does not apply to This article is not tied to any specific product. Not all product versions are identified in this article.
Check out other resources

Impact

High

Details

Third-party Component CVEs More information
AMI UEFI BIOS CVE-2022-40262 See NVD (http://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.) for individual scores for each CVE.

See tables in the "Affected Products and Remediation" and "Additional Information" sections for Dell Client BIOS releases containing resolutions to these vulnerabilities. Dell Technologies recommends all customers update at the earliest opportunity.

Go to the Drivers & Downloads site for updates on the applicable products. To learn more, see Dell KB article Dell BIOS Updates, and download the update for your Dell system.

Customers may use one of the Dell notification solutions to be notified and download driver, BIOS, and firmware updates automatically once available.
Third-party Component CVEs More information
AMI UEFI BIOS CVE-2022-40262 See NVD (http://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.) for individual scores for each CVE.

See tables in the "Affected Products and Remediation" and "Additional Information" sections for Dell Client BIOS releases containing resolutions to these vulnerabilities. Dell Technologies recommends all customers update at the earliest opportunity.

Go to the Drivers & Downloads site for updates on the applicable products. To learn more, see Dell KB article Dell BIOS Updates, and download the update for your Dell system.

Customers may use one of the Dell notification solutions to be notified and download driver, BIOS, and firmware updates automatically once available.
Dell Technologies recommends all customers consider both the CVSS base score and any relevant temporal and environmental scores that may impact the potential severity associated with a particular security vulnerability.

Affected Products & Remediation

Product BIOS Update Version BIOS Release Date
Alienware Area 51m R1 1.23.0 12/13/2022
Alienware Aurora R10 2.3.3 12/07/2022
Alienware Aurora R8 1.0.26 12/12/2022
Alienware Aurora R9 1.0.23 12/12/2022
Alienware m15 R2 1.19.0 12/13/2022
Alienware m17 R2 1.19.0 12/13/2022
Alienware m15 R1 2.16.0 12/13/2022
Alienware m17 R1 2.16.0 12/13/2022
ChengMing 3980 TOWER 2.26.0 12/21/2022
ChengMing 3988 1.13.0 12/19/2022
Dell G3 3579 1.24.0 12/14/2022
Dell G3 3779 1.24.0 12/14/2022
Dell G5 5090 1.17.0 12/12/2022
Dell Precision 3430 Tower 1.22.0 12/12/2022
Dell Precision 3431 Tower 1.17.0 12/12/2022
Dell Precision 3630 Tower 2.18.0 12/13/2022
Dell Precision 3930 Rack 2.23.0 12/12/2022
Dell Precision 7820 Tower 2.28.0 12/12/2022
Dell Precision 7820 Tower 2.28.0 12/12/2022
Dell Precision 7920 Tower 2.28.0 12/12/2022
Dell Precision 7920 Tower 2.28.0 12/12/2022
Edge Gateway 3000 series 1.11.0 12/13/2022
Edge Gateway 5000 (Commercial) 1.21.0 12/13/2022
Embedded Box PC 3000 1.17.0 12/13/2022
Embedded Box PC 5000 1.18.0 12/13/2022
Inspiron 3280 1.17.2 12/12/2022
Inspiron 3470 2.26.0 12/21/2022
Inspiron 3471 1.13.0 12/19/2022
Inspiron 3480 1.22.1 01/18/2023
Inspiron 3481 1.20.0 12/13/2022
Inspiron 3482 1.17.0 12/13/2022
Inspiron 3502 1.11.0 12/12/2022
Inspiron 3580 1.22.1 01/18/2023
Inspiron 3580 1.22.1 01/18/2023
Inspiron 3581 1.20.0 12/13/2022
Inspiron 3581 1.20.0 12/13/2022
Inspiron 3582 1.17.0 12/13/2022
Inspiron 3670 2.26.0 12/21/2022
Inspiron 3671 1.13.0 12/19/2022
Inspiron 3780 1.22.1 01/18/2023
Inspiron 3781 1.20.0 12/13/2022
Inspiron 3782 1.17.0 12/13/2022
Inspiron 5570 1.12.0 12/14/2022
Inspiron 5770 1.12.0 12/14/2022


See 'Additional Information' section for a continuation of the table.
Product BIOS Update Version BIOS Release Date
Alienware Area 51m R1 1.23.0 12/13/2022
Alienware Aurora R10 2.3.3 12/07/2022
Alienware Aurora R8 1.0.26 12/12/2022
Alienware Aurora R9 1.0.23 12/12/2022
Alienware m15 R2 1.19.0 12/13/2022
Alienware m17 R2 1.19.0 12/13/2022
Alienware m15 R1 2.16.0 12/13/2022
Alienware m17 R1 2.16.0 12/13/2022
ChengMing 3980 TOWER 2.26.0 12/21/2022
ChengMing 3988 1.13.0 12/19/2022
Dell G3 3579 1.24.0 12/14/2022
Dell G3 3779 1.24.0 12/14/2022
Dell G5 5090 1.17.0 12/12/2022
Dell Precision 3430 Tower 1.22.0 12/12/2022
Dell Precision 3431 Tower 1.17.0 12/12/2022
Dell Precision 3630 Tower 2.18.0 12/13/2022
Dell Precision 3930 Rack 2.23.0 12/12/2022
Dell Precision 7820 Tower 2.28.0 12/12/2022
Dell Precision 7820 Tower 2.28.0 12/12/2022
Dell Precision 7920 Tower 2.28.0 12/12/2022
Dell Precision 7920 Tower 2.28.0 12/12/2022
Edge Gateway 3000 series 1.11.0 12/13/2022
Edge Gateway 5000 (Commercial) 1.21.0 12/13/2022
Embedded Box PC 3000 1.17.0 12/13/2022
Embedded Box PC 5000 1.18.0 12/13/2022
Inspiron 3280 1.17.2 12/12/2022
Inspiron 3470 2.26.0 12/21/2022
Inspiron 3471 1.13.0 12/19/2022
Inspiron 3480 1.22.1 01/18/2023
Inspiron 3481 1.20.0 12/13/2022
Inspiron 3482 1.17.0 12/13/2022
Inspiron 3502 1.11.0 12/12/2022
Inspiron 3580 1.22.1 01/18/2023
Inspiron 3580 1.22.1 01/18/2023
Inspiron 3581 1.20.0 12/13/2022
Inspiron 3581 1.20.0 12/13/2022
Inspiron 3582 1.17.0 12/13/2022
Inspiron 3670 2.26.0 12/21/2022
Inspiron 3671 1.13.0 12/19/2022
Inspiron 3780 1.22.1 01/18/2023
Inspiron 3781 1.20.0 12/13/2022
Inspiron 3782 1.17.0 12/13/2022
Inspiron 5570 1.12.0 12/14/2022
Inspiron 5770 1.12.0 12/14/2022


See 'Additional Information' section for a continuation of the table.
Table continued from the 'Affected Products and Remediation' section.

 
Product BIOS Update Version BIOS Release Date
Latitude 12 Rugged Extreme 7214 1.39.0 12/09/2022
Latitude 12 Rugged Tablet 7212 1.42.0 12/09/2022
Latitude 14 Rugged 5414 1.39.0 12/09/2022
Latitude 3180 1.21.0 12/20/2022
Latitude 3189 1.21.0 12/20/2022
Latitude 3190 1.24.0 12/20/2022
Latitude 3190 2-in-1 1.24.0 12/20/2022
Latitude 3380 1.21.0 12/21/2022
Latitude 3390 1.23.1 12/21/2022
Latitude 3480 1.23.0 12/21/2022
Latitude 3490 1.23.0 12/14/2022
Latitude 3580 1.23.0 12/21/2022
Latitude 3590 1.23.0 12/14/2022
Latitude 5280 1.28.0 12/20/2022
Latitude 5288 1.28.0 12/20/2022
Latitude 5289 1.31.0 12/20/2022
Latitude 5290 1.26.0 12/20/2022
Latitude 5480 1.28.0 12/20/2022
Latitude 5488 1.28.0 12/20/2022
Latitude 5490 1.26.0 12/20/2022
Latitude 5491 1.25.0 12/26/2022
Latitude 5580 1.28.0 12/20/2022
Latitude 5590 1.26.0 12/20/2022
Latitude 5591 1.25.0 12/26/2022
Latitude 7280 1.29.0 12/20/2022
Latitude 7290 1.30.0 12/22/2022
Latitude 7370 1.32.3 12/20/2022
Latitude 7380 1.29.0 12/20/2022
Latitude 7389 1.31.0 12/20/2022
Latitude 7390 1.30.0 12/22/2022
Latitude 7414 Rugged Extreme 1.39.0 12/09/2022
Latitude 7480 1.29.0 12/20/2022
Latitude 7490 1.30.0 12/22/2022
Latitude Rugged 5420 1.22.0 12/09/2022
Latitude Rugged 5424 1.22.0 12/09/2022
Latitude Rugged 7424 1.22.0 12/09/2022
OptiPlex 3050 AIO19.5" Display 1.24.0 12/22/2022
OptiPlex 3050MT/SFF/Micro 1.23.0 12/22/2022
OptiPlex 5050MT/SFF/Micro 1.23.0 12/22/2022
OptiPlex 7050MT/SFF/Micro 1.23.0 12/22/2022
OptiPlex 7450 AIO23.8" Display 1.24.0 12/22/2022
OptiPlex 3060 1.23.0 12/13/2022
OptiPlex 3070 1.19.0 12/13/2022
OptiPlex 5060 1.23.0 12/13/2022
OptiPlex 5070 1.19.0 12/13/2022
OptiPlex 5250 1.24.0 12/22/2022
OptiPlex 5260 All-in-One 1.24.0 12/13/2022
OptiPlex 5270 All-in-One 1.19.0 12/13/2022
OptiPlex 7060 1.23.0 12/13/2022
OptiPlex 7070 1.19.0 12/13/2022
OptiPlex 7070 UFF 1.16.0 12/13/2022
OptiPlex 7071 1.17.0 12/13/2022
OptiPlex 7460 All-In-One 1.24.0 12/13/2022
OptiPlex 7470 All-in-One 1.19.0 12/13/2022
OptiPlex 7760 AIO 1.24.0 12/13/2022
OptiPlex 7770 All-in-One 1.19.0 12/13/2022
OptiPlex XE3 1.23.0 12/13/2022
Precision 3420 Tower 2.24.0 12/21/2022
Precision 3520 1.28.0 12/20/2022
Precision 3530 1.25.0 12/26/2022
Precision 3620 Tower 2.24.0 12/21/2022
Precision 5520 1.31.0 12/20/2022
Precision 5530 2-in-1 1.22.8 12/14/2022
Precision 5720 AIO 2.17.0 12/21/2022
Precision 7510 1.30.3 12/20/2022
Precision 7520 1.28.0 12/20/2022
Precision 7530 1.26.0 12/23/2022
Precision 7540 1.24.0 01/19/2023
Precision 7710 1.30.3 12/20/2022
Precision 7720 1.28.0 12/20/2022
Precision 7730 1.26.0 12/23/2022
Precision 7740 1.24.0 01/19/2023
Vostro 3070 2.26.0 12/21/2022
Vostro 3267 1.24.0 12/14/2022
Vostro 3268 1.24.0 12/14/2022
Vostro 3470 2.26.0 12/21/2022
Vostro 3471 1.13.0 12/19/2022
Vostro 3480 1.22.1 01/18/2023
Vostro 3481 1.20.0 12/13/2022
Vostro 3582 1.17.0 12/13/2022
Vostro 3583 (1SP) / 3580 (2SP) 1.22.1 01/18/2023
Vostro 3583 (1SP) / 3580 (2SP) 1.22.1 01/18/2023
Vostro 3584 (1SP) / 3581 (2SP) 1.20.0 12/13/2022
Vostro 3584 (1SP) / 3581 (2SP) 1.20.0 12/13/2022
Vostro 3667 1.24.0 12/14/2022
Vostro 3668 1.24.0 12/14/2022
Vostro 3669 1.24.0 12/14/2022
Vostro 3670 2.26.0 12/21/2022
Vostro 3671 1.13.0 12/19/2022
Vostro 5090 1.17.0 12/12/2022
Wyse 5070 1.21.0 12/13/2022
Wyse 5470 1.17.1 01/09/2023
Wyse 5470 All-In-One 1.18.0 12/13/2022
Wyse 7040 Thin Client 1.19.0 12/13/2022
XPS 15 9575 2-in-1 1.24.0 12/14/2022
XPS 8930 1.1.28 01/18/2023

Revision History

RevisionDateDescription
1.02023-02-15Initial Release
1.12023-03-24Reformatted for improved presentation without any changes to content.

Acknowledgements

CVE-2022-40262: Dell Technologies would like to thank the BINARLY efiXplorer team for reporting this issue. 

Related Information

Dell Security Advisories and Notices
Dell Vulnerability Response Policy
CVSS Scoring Guide

Legal Disclaimer

Affected Products

Alienware Aurora Ryzen Edition R10, Alienware Aurora R8, Alienware Aurora R9, Alienware M15, Alienware M15 R2, Alienware M17, Alienware M17 R2, Alienware Area-51, Alienware m15, Alienware m17, Dell Edge Gateway 3000 Series, Dell Edge Gateway 5000 , Dell Embedded Box PC 3000, Dell Embedded Box PC 5000, Dell G3 3579, Dell G3 3779, Dell G5 5090, Inspiron 3480, Inspiron 3481, Inspiron 3482, Inspiron 3502, Inspiron 3580, Inspiron 3581, Inspiron 5570, Inspiron 3780, Inspiron 3781, Inspiron 3782, Inspiron 5770, Inspiron 3280 AIO, Inspiron 3470, Inspiron 3471, Inspiron 3670, Inspiron 3671, Latitude 3180, Latitude 3189, Latitude 3190 2-in-1, Latitude 3190, Latitude 5280/5288, Latitude 5289 2-in-1, Latitude 5290, Latitude 7212 Rugged Extreme Tablet, Latitude 7214 Rugged Extreme, Latitude 7280, Latitude 7290, Latitude 7370, Latitude 7389 2-in-1, Latitude 7390, Latitude 3490, Latitude 5414 Rugged, Latitude 5420 Rugged, Latitude 5424 Rugged, Latitude 5480/5488, Latitude 5490, Latitude 5491, Latitude 7424 Rugged Extreme, Latitude 7480, Latitude 7490, Dell Latitude 3580/3588, Latitude 3590, OptiPlex 3050 All-In-One, OptiPlex 3050 Tower, OptiPlex 3070 Tower, OptiPlex 5050 Tower, OptiPlex 5250 All-In-One, OptiPlex 5260 All-In-One, OptiPlex 5270 All-In-One, OptiPlex 7050 Tower, OptiPlex 7060 Tower, OptiPlex 7070 Tower, OptiPlex 7070 Ultra, OptiPlex 7071 Tower, OptiPlex 7460 All-In-One, OptiPlex 7470 All-In-One, OptiPlex 7760 All-In-One, OptiPlex 7770 All-In-One, Optiplex XE3, Precision 3930 XL Rack, Precision 5520, Precision 5530 2 in 1, Precision 7520, Precision 7530, Precision 7540, Precision 7720, Precision 7730, Precision 7740, Precision 3430 Small Form Factor, Precision 3431, Precision 3630 Tower, Precision 5720 AIO, Precision 7820 Tower, Precision 7920 Tower, Precision 7510, Precision 7710, Dell Precision Tower 3420, Dell Precision Tower 3620, Product Security Information, Vostro 3480, Vostro 3481, Vostro 3580, Vostro 3581, Vostro 3582, Vostro 3584, Vostro 3070, Vostro 3267, Vostro 3268, Vostro 3470, Vostro 3471, Vostro 3667, Vostro 3668, Vostro 3669, Vostro 3670, Vostro 3671, Vostro 5090, Latitude 3480 mobile thin client, Wyse 5070 Thin Client, Wyse 5470 All-In-One, Wyse 5470, Wyse 7040 Thin Client, XPS 8930 ...
Article Properties
Article Number: 000208382
Article Type: Dell Security Advisory
Last Modified: 24 Mar 2023
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.