DSA-2022-015: Dell PowerEdge Improper SMM Communication Buffer Verification Vulnerability
Summary: Dell PowerEdge remediation is available for an Improper SMM communication buffer verification vulnerability that may be exploited by malicious users to compromise the affected system.
Acest articol se aplică pentru
Acest articol nu se aplică pentru
Acest articol nu este legat de un produs specific.
Acest articol nu acoperă toate versiunile de produs existente.
Impact
Medium
Details
| Proprietary Code CVE | Description | CVSS Base Score | CVSS Vector String |
| CVE-2022-22558 | Dell PowerEdge Server BIOS and Dell Precision Workstation 7910 and 7920 Rack BIOS contain an Improper SMM communication buffer verification vulnerability. A Local High Privileged attacker may potentially exploit this vulnerability leading to arbitrary writes or denial of service.. |
5.7 | CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H |
| Proprietary Code CVE | Description | CVSS Base Score | CVSS Vector String |
| CVE-2022-22558 | Dell PowerEdge Server BIOS and Dell Precision Workstation 7910 and 7920 Rack BIOS contain an Improper SMM communication buffer verification vulnerability. A Local High Privileged attacker may potentially exploit this vulnerability leading to arbitrary writes or denial of service.. |
5.7 | CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H |
Produse afectate și măsuri de remediere
| Product | Affected Versions | Updated Versions or later | Link to Update | |
| R6415 | Before 1.18.0 | 1.18.0 | R6415 Drivers & Downloads | |
| R7415 | Before 1.18.0 | 1.18.0 | R7415 Drivers & Downloads | |
| R7425 | Before 1.18.0 | 1.18.0 | R7425 Drivers & Downloads | |
| R730 | Before 2.15.0 | 2.15.0 | R730 Drivers & Downloads | |
| R730XD | Before 2.15.0 | 2.15.0 | R730XD Drivers & Downloads | |
| R630 | Before 2.15.0 | 2.15.0 | R630 Drivers & Downloads | |
| C4130 | Before 2.15.0 | 2.15.0 | C4130 Drivers & Downloads | |
| M630 | Before 2.15.0 | 2.15.0 | M630 Drivers & Downloads | |
| M630P | Before 2.15.0 | 2.15.0 | M630P Drivers & Downloads | |
| FC630 | Before 2.15.0 | 2.15.0 | FC630 Drivers & Downloads | |
| FC430 | Before 2.15.0 | 2.15.0 | FC430 Drivers & Downloads | |
| M830 | Before 2.15.0 | 2.15.0 | M830 Drivers & Downloads | |
| M830P | Before 2.15.0 | 2.15.0 | M830P Drivers & Downloads | |
| FC830 | Before 2.15.0 | 2.15.0 | FC830 Drivers & Downloads | |
| T630 | Before 2.15.0 | 2.15.0 | T630 Drivers & Downloads | |
| R530 | Before 2.15.0 | 2.15.0 | R530 Drivers & Downloads | |
| R430 | Before 2.15.0 | 2.15.0 | R430 Drivers & Downloads | |
| T430 | Before 2.15.0 | 2.15.0 | T430 Drivers & Downloads | |
| R830 | Before 1.15.0 | 1.15.0 | R830 Drivers & Downloads | |
| C6320 | Before 2.15.0 | 2.15.0 | C6320 Drivers & Downloads | |
| XE8545 | Before 2.6.6 | 2.6.6 | XE8545 Drivers & Downloads | |
| XE2420 | Before 2.15.0 | 2.15.0 |
|
Note: The table above may not be a comprehensive list of all affected supported versions and may be updated as more information becomes available.
*Out of an abundance of caution, version 2.14.x and 1.14.x was removed while Dell investigates issues reported by small number of customers with the BIOS release. Once the issue is resolved, Dell will release an updated BIOS if needed.
| Product | Affected Versions | Updated Versions or later | Link to Update | |
| R6415 | Before 1.18.0 | 1.18.0 | R6415 Drivers & Downloads | |
| R7415 | Before 1.18.0 | 1.18.0 | R7415 Drivers & Downloads | |
| R7425 | Before 1.18.0 | 1.18.0 | R7425 Drivers & Downloads | |
| R730 | Before 2.15.0 | 2.15.0 | R730 Drivers & Downloads | |
| R730XD | Before 2.15.0 | 2.15.0 | R730XD Drivers & Downloads | |
| R630 | Before 2.15.0 | 2.15.0 | R630 Drivers & Downloads | |
| C4130 | Before 2.15.0 | 2.15.0 | C4130 Drivers & Downloads | |
| M630 | Before 2.15.0 | 2.15.0 | M630 Drivers & Downloads | |
| M630P | Before 2.15.0 | 2.15.0 | M630P Drivers & Downloads | |
| FC630 | Before 2.15.0 | 2.15.0 | FC630 Drivers & Downloads | |
| FC430 | Before 2.15.0 | 2.15.0 | FC430 Drivers & Downloads | |
| M830 | Before 2.15.0 | 2.15.0 | M830 Drivers & Downloads | |
| M830P | Before 2.15.0 | 2.15.0 | M830P Drivers & Downloads | |
| FC830 | Before 2.15.0 | 2.15.0 | FC830 Drivers & Downloads | |
| T630 | Before 2.15.0 | 2.15.0 | T630 Drivers & Downloads | |
| R530 | Before 2.15.0 | 2.15.0 | R530 Drivers & Downloads | |
| R430 | Before 2.15.0 | 2.15.0 | R430 Drivers & Downloads | |
| T430 | Before 2.15.0 | 2.15.0 | T430 Drivers & Downloads | |
| R830 | Before 1.15.0 | 1.15.0 | R830 Drivers & Downloads | |
| C6320 | Before 2.15.0 | 2.15.0 | C6320 Drivers & Downloads | |
| XE8545 | Before 2.6.6 | 2.6.6 | XE8545 Drivers & Downloads | |
| XE2420 | Before 2.15.0 | 2.15.0 |
|
Note: The table above may not be a comprehensive list of all affected supported versions and may be updated as more information becomes available.
*Out of an abundance of caution, version 2.14.x and 1.14.x was removed while Dell investigates issues reported by small number of customers with the BIOS release. Once the issue is resolved, Dell will release an updated BIOS if needed.
Revision History
| Revision | Date | Description | |
| 1.0 | 2022-03-31 | Initial release | |
| 1.1 | 2022-05-31 | Updated "Affected Products and Remediation" section | |
| 1.2 | 2022-06-20 | Updated Target Release Dates | |
| 1.3 | 2022-07-27 |
| |
| 1.4 | 2022-08-04 | Updated CVE Description. | |
| 1.5 | 2022-08-22 | Added PowerEdge XE8545 to "Affected Products and Remediation" section. | |
| 1.6 | 2022-009-28 |
|
Acknowledgements
Dell would like to thank yngweijw for reporting this issue.
Related Information
Exonerare de răspundere
Produse afectate
PowerEdge, PowerEdge C4130, PowerEdge c6320, Poweredge FC430, Poweredge FC630, Poweredge FC830, PowerEdge M630, PowerEdge M630 (for PE VRTX), PowerEdge M830, PowerEdge M830 (for PE VRTX), PowerEdge R430, PowerEdge R530, PowerEdge R630
, PowerEdge R6415, PowerEdge R730, PowerEdge R730xd, PowerEdge R7415, PowerEdge R7425, PowerEdge R830, PowerEdge T430, PowerEdge T630, PowerEdge XE2420, PowerEdge XE8545, Product Security Information
...
Proprietăți articol
Article Number: 000197971
Article Type: Dell Security Advisory
Ultima modificare: 28 Sep 2022
Găsiți răspunsuri la întrebările dvs. de la alți utilizatori Dell
Servicii de asistență
Verificați dacă dispozitivul dvs. este acoperit de serviciile de asistență.