Ga naar hoofdinhoud
  • Snel en eenvoudig bestellen
  • Bestellingen en de verzendstatus bekijken
  • Een lijst met producten maken en openen
  • Beheer uw Dell EMC locaties, producten en contactpersonen op productniveau met Company Administration.

Artikelnummer: 000197971


DSA-2022-015: Dell PowerEdge Improper SMM Communication Buffer Verification Vulnerability

Samenvatting: Dell PowerEdge remediation is available for an Improper SMM communication buffer verification vulnerability that may be exploited by malicious users to compromise the affected system.

Article content


Impact

Medium

Gegevens

Proprietary Code CVE Description CVSS Base Score CVSS Vector String
CVE-2022-22558 Dell PowerEdge Server BIOS and Dell Precision Workstation 7910 and 7920 Rack BIOS contain an Improper SMM communication buffer verification vulnerability. A Local High Privileged attacker may potentially exploit this vulnerability leading to arbitrary writes or denial of service..
 
5.7 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H
Proprietary Code CVE Description CVSS Base Score CVSS Vector String
CVE-2022-22558 Dell PowerEdge Server BIOS and Dell Precision Workstation 7910 and 7920 Rack BIOS contain an Improper SMM communication buffer verification vulnerability. A Local High Privileged attacker may potentially exploit this vulnerability leading to arbitrary writes or denial of service..
 
5.7 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H
Dell Technologies raadt aan dat alle klanten rekening houden met zowel de basisscore van CVSS als alle relevante tijdelijke en omgevingsscores die gevolgen kunnen hebben voor de mogelijke ernst van de specifieke beveiligingsproblemen.

Getroffen producten en herstel

Product Affected Versions Updated Versions or later Link to Update
R6415 Before 1.18.0 1.18.0 R6415 Drivers & Downloads
R7415 Before 1.18.0 1.18.0 R7415 Drivers & Downloads
R7425 Before 1.18.0 1.18.0 R7425 Drivers & Downloads
R730 Before 2.15.0 2.15.0 R730 Drivers & Downloads
R730XD Before 2.15.0 2.15.0 R730XD Drivers & Downloads
R630 Before 2.15.0 2.15.0 R630 Drivers & Downloads
C4130 Before 2.15.0 2.15.0 C4130 Drivers & Downloads
M630 Before 2.15.0 2.15.0 M630 Drivers & Downloads
M630P Before 2.15.0 2.15.0 M630P Drivers & Downloads
FC630 Before 2.15.0 2.15.0 FC630 Drivers & Downloads
FC430 Before 2.15.0 2.15.0 FC430 Drivers & Downloads
M830 Before 2.15.0 2.15.0 M830 Drivers & Downloads
M830P Before 2.15.0 2.15.0 M830P Drivers & Downloads
FC830 Before 2.15.0 2.15.0 FC830 Drivers & Downloads
T630 Before 2.15.0 2.15.0 T630 Drivers & Downloads
R530 Before 2.15.0 2.15.0 R530 Drivers & Downloads
R430 Before 2.15.0 2.15.0 R430 Drivers & Downloads
T430 Before 2.15.0 2.15.0 T430 Drivers & Downloads
R830 Before 1.15.0 1.15.0 R830 Drivers & Downloads
C6320 Before 2.15.0 2.15.0 C6320 Drivers & Downloads
XE8545 Before 2.6.6 2.6.6 XE8545 Drivers & Downloads
XE2420  Before 2.15.0 2.15.0
XE2420 Drivers & Downloads

Note: The table above may not be a comprehensive list of all affected supported versions and may be updated as more information becomes available.

*Out of an abundance of caution, version 2.14.x and 1.14.x was removed while Dell investigates issues reported by small number of customers with the BIOS release. Once the issue is resolved, Dell will release an updated BIOS if needed.
Product Affected Versions Updated Versions or later Link to Update
R6415 Before 1.18.0 1.18.0 R6415 Drivers & Downloads
R7415 Before 1.18.0 1.18.0 R7415 Drivers & Downloads
R7425 Before 1.18.0 1.18.0 R7425 Drivers & Downloads
R730 Before 2.15.0 2.15.0 R730 Drivers & Downloads
R730XD Before 2.15.0 2.15.0 R730XD Drivers & Downloads
R630 Before 2.15.0 2.15.0 R630 Drivers & Downloads
C4130 Before 2.15.0 2.15.0 C4130 Drivers & Downloads
M630 Before 2.15.0 2.15.0 M630 Drivers & Downloads
M630P Before 2.15.0 2.15.0 M630P Drivers & Downloads
FC630 Before 2.15.0 2.15.0 FC630 Drivers & Downloads
FC430 Before 2.15.0 2.15.0 FC430 Drivers & Downloads
M830 Before 2.15.0 2.15.0 M830 Drivers & Downloads
M830P Before 2.15.0 2.15.0 M830P Drivers & Downloads
FC830 Before 2.15.0 2.15.0 FC830 Drivers & Downloads
T630 Before 2.15.0 2.15.0 T630 Drivers & Downloads
R530 Before 2.15.0 2.15.0 R530 Drivers & Downloads
R430 Before 2.15.0 2.15.0 R430 Drivers & Downloads
T430 Before 2.15.0 2.15.0 T430 Drivers & Downloads
R830 Before 1.15.0 1.15.0 R830 Drivers & Downloads
C6320 Before 2.15.0 2.15.0 C6320 Drivers & Downloads
XE8545 Before 2.6.6 2.6.6 XE8545 Drivers & Downloads
XE2420  Before 2.15.0 2.15.0
XE2420 Drivers & Downloads

Note: The table above may not be a comprehensive list of all affected supported versions and may be updated as more information becomes available.

*Out of an abundance of caution, version 2.14.x and 1.14.x was removed while Dell investigates issues reported by small number of customers with the BIOS release. Once the issue is resolved, Dell will release an updated BIOS if needed.

Bevestigingen

Dell would like to thank yngweijw for reporting this issue.

Revisiegeschiedenis

RevisionDateDescription
1.02022-03-31Initial release
1.12022-05-31Updated "Affected Products and Remediation" section
1.22022-06-20Updated Target Release Dates
1.32022-07-27
Updated "Affected Products and Remediation" section
1.42022-08-04Updated CVE Description. 
1.52022-08-22Added PowerEdge XE8545 to "Affected Products and Remediation" section.
1.62022-009-28
Updated "Affected Products and Remediation" section

Verwante informatie

Dell Security Advisories and Notices
Dell Vulnerability Response Policy
CVSS Scoring Guide


Artikeleigenschappen


Getroffen product
PowerEdge, PowerEdge C4130, PowerEdge c6320, Poweredge FC430, Poweredge FC630, Poweredge FC830, PowerEdge M630, PowerEdge M630 (for PE VRTX), PowerEdge M830, PowerEdge M830 (for PE VRTX), PowerEdge R430, PowerEdge R530, PowerEdge R630 , PowerEdge R6415, PowerEdge R730, PowerEdge R730xd, PowerEdge R7415, PowerEdge R7425, PowerEdge R830, PowerEdge T430, PowerEdge T630, PowerEdge XE2420, PowerEdge XE8545, Product Security Information ...
Datum laatst gepubliceerd

28 sep 2022

Versie

7

Artikeltype

Dell Security Advisory