DSA-2023-076 Dell Precision 7910 and 7920 Rack Security Update for BIOS Vulnerabilities
Summary: Dell Precision 7910 and 7920 Rack BIOS remediations are available for multiple security vulnerabilities that could be exploited by malicious users to compromise the affected system.
Acest articol se aplică pentru
Acest articol nu se aplică pentru
Acest articol nu este legat de un produs specific.
Acest articol nu acoperă toate versiunile de produs existente.
Impact
High
Details
| Proprietary Code CVE(s) | Description | CVSS Base Score | CVSS Vector String |
| CVE-2022-34377 | Dell PowerEdge BIOS and Dell Precision BIOS contain an Improper SMM communication buffer verification vulnerability. A local malicious user with high Privileges may potentially exploit this vulnerability to perform arbitrary code execution or cause denial of service. | 1.9 | CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L |
| CVE-2022-34376 | Dell PowerEdge BIOS and Dell Precision BIOS contain an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by manipulating an SMI to cause a denial of service during SMM. | 3.9 | CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:L/A:L |
| CVE-2022-34406 | Dell PowerEdge BIOS and Dell Precision BIOS contain an Improper SMM communication buffer verification vulnerability. A local malicious user with high Privileges may potentially exploit this vulnerability to perform arbitrary code execution or cause denial of service. | 7.5 | CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H |
| CVE-2022-34407 | |||
| CVE-2022-34408 | |||
| CVE-2022-34409 | |||
| CVE-2022-34410 | |||
| CVE-2022-34411 | |||
| CVE-2022-34412 | |||
| CVE-2022-34413 | |||
| CVE-2022-34414 | |||
| CVE-2022-34415 | |||
| CVE-2022-34416 | |||
| CVE-2022-34417 | |||
| CVE-2022-34418 | |||
| CVE-2022-34419 | |||
| CVE-2022-34420 | |||
| CVE-2022-34421 | |||
| CVE-2022-34422 | |||
| CVE-2022-34423 |
| Proprietary Code CVE(s) | Description | CVSS Base Score | CVSS Vector String |
| CVE-2022-34377 | Dell PowerEdge BIOS and Dell Precision BIOS contain an Improper SMM communication buffer verification vulnerability. A local malicious user with high Privileges may potentially exploit this vulnerability to perform arbitrary code execution or cause denial of service. | 1.9 | CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L |
| CVE-2022-34376 | Dell PowerEdge BIOS and Dell Precision BIOS contain an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by manipulating an SMI to cause a denial of service during SMM. | 3.9 | CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:L/A:L |
| CVE-2022-34406 | Dell PowerEdge BIOS and Dell Precision BIOS contain an Improper SMM communication buffer verification vulnerability. A local malicious user with high Privileges may potentially exploit this vulnerability to perform arbitrary code execution or cause denial of service. | 7.5 | CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H |
| CVE-2022-34407 | |||
| CVE-2022-34408 | |||
| CVE-2022-34409 | |||
| CVE-2022-34410 | |||
| CVE-2022-34411 | |||
| CVE-2022-34412 | |||
| CVE-2022-34413 | |||
| CVE-2022-34414 | |||
| CVE-2022-34415 | |||
| CVE-2022-34416 | |||
| CVE-2022-34417 | |||
| CVE-2022-34418 | |||
| CVE-2022-34419 | |||
| CVE-2022-34420 | |||
| CVE-2022-34421 | |||
| CVE-2022-34422 | |||
| CVE-2022-34423 |
Produse afectate și măsuri de remediere
| CVE(s) Addressed | Product | Affected Version(s) | Updated Version(s) | Link to Update |
| CVE-2022-34377 | Precision Rack 7910 |
Versions prior to 2.16.0 |
2.16.0 | Precision Rack 7910 Drivers and Downloads |
| CVE-2022-34376 | ||||
| CVE-2022-34406 | ||||
| CVE-2022-34407 | ||||
| CVE-2022-34408 | ||||
| CVE-2022-34409 | ||||
| CVE-2022-34410 | ||||
| CVE-2022-34411 | ||||
| CVE-2022-34412 | ||||
| CVE-2022-34413 | ||||
| CVE-2022-34414 | ||||
| CVE-2022-34415 | ||||
| CVE-2022-34416 | ||||
| CVE-2022-34417 | ||||
| CVE-2022-34418 | ||||
| CVE-2022-34419 | ||||
| CVE-2022-34420 | ||||
| CVE-2022-34421 | ||||
| CVE-2022-34422 | ||||
| CVE-2022-34423 | ||||
| CVE-2022-34376 | Precision 7920 Rack |
Versions prior to 2.16.2 | 2.16.2 | Precision 7920 Rack Drivers and Downloads |
| CVE(s) Addressed | Product | Affected Version(s) | Updated Version(s) | Link to Update |
| CVE-2022-34377 | Precision Rack 7910 |
Versions prior to 2.16.0 |
2.16.0 | Precision Rack 7910 Drivers and Downloads |
| CVE-2022-34376 | ||||
| CVE-2022-34406 | ||||
| CVE-2022-34407 | ||||
| CVE-2022-34408 | ||||
| CVE-2022-34409 | ||||
| CVE-2022-34410 | ||||
| CVE-2022-34411 | ||||
| CVE-2022-34412 | ||||
| CVE-2022-34413 | ||||
| CVE-2022-34414 | ||||
| CVE-2022-34415 | ||||
| CVE-2022-34416 | ||||
| CVE-2022-34417 | ||||
| CVE-2022-34418 | ||||
| CVE-2022-34419 | ||||
| CVE-2022-34420 | ||||
| CVE-2022-34421 | ||||
| CVE-2022-34422 | ||||
| CVE-2022-34423 | ||||
| CVE-2022-34376 | Precision 7920 Rack |
Versions prior to 2.16.2 | 2.16.2 | Precision 7920 Rack Drivers and Downloads |
Soluții alternative și strategii de atenuare
None.
Revision History
| Revision | Date | Description |
| 1.0 | 2023-03-14 | Initial Release |
Acknowledgements
Dell Technologies would like to thank Yngwei for reporting CVE-2022-34377 and CVE-2022-34376.
Related Information
Exonerare de răspundere
Produse afectate
Precision 7920 Rack, Precision Rack 7910, Product Security InformationProprietăți articol
Article Number: 000209466
Article Type: Dell Security Advisory
Ultima modificare: 14 Mar 2023
Găsiți răspunsuri la întrebările dvs. de la alți utilizatori Dell
Servicii de asistență
Verificați dacă dispozitivul dvs. este acoperit de serviciile de asistență.