跳转至主要内容
退出

欢迎访问戴尔

我的帐户
  • 快速、轻松地下订单
  • 查看订单并跟踪您的发货状态
  • 创建并访问您的产品列表
  • 使用“Company Administration”(公司管理),管理Dell EMC站点、产品和产品级联系人。
登录 创建帐户 登录Premier 合作伙伴计划登录
联系我们

您的 Dell.com 购物车

文章编号: 000197057

DSA-2022-053: Dell Client Platform Security Update for Multiple SMM Vulnerabilities

摘要: Dell Client Consumer and Commercial platform remediation is available for multiple SMM vulnerabilities that may potentially be exploited by malicious users to compromise the affected system. ...

文章内容

影响

High

详情

Proprietary Code CVEs Description CVSS Base Score CVSS Vector String
CVE-2022-24415 Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution during SMM.
8.2		 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
CVE-2022-24416 Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution during SMM.
8.2		 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
CVE-2022-24419 Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution during SMM.
8.2		 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
CVE-2022-24420 Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution during SMM.
8.2		 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
CVE-2022-24421 Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution during SMM.
8.2		 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

See the table below for Dell Client BIOS releases containing resolutions to these vulnerabilities. Dell recommends all customers update at the earliest opportunity.

Go to the Drivers and Downloads site for updates on the applicable products. To learn more, see Dell KB article 124211: Dell BIOS Updates, and download the update for your Dell computer.

Customers may use one of the Dell notification solutions to be notified and download driver, BIOS, and firmware updates automatically once available.
Proprietary Code CVEs Description CVSS Base Score CVSS Vector String
CVE-2022-24415 Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution during SMM.
8.2		 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
CVE-2022-24416 Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution during SMM.
8.2		 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
CVE-2022-24419 Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution during SMM.
8.2		 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
CVE-2022-24420 Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution during SMM.
8.2		 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
CVE-2022-24421 Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution during SMM.
8.2		 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

See the table below for Dell Client BIOS releases containing resolutions to these vulnerabilities. Dell recommends all customers update at the earliest opportunity.

Go to the Drivers and Downloads site for updates on the applicable products. To learn more, see Dell KB article 124211: Dell BIOS Updates, and download the update for your Dell computer.

Customers may use one of the Dell notification solutions to be notified and download driver, BIOS, and firmware updates automatically once available.
Dell Technologies 建议所有客户考虑 CVSS 基本分数以及任何相关的时间和环境分数,这可能会影响与特定安全漏洞相关的潜在严重程度。

受影响的产品和补救措施

Product BIOS Update Version BIOS Release Date
 (MM/DD/YYYY)
Alienware 13 R3 1.16.1 02/22/2022
Alienware 15 R3 1.16.1 02/22/2022
Alienware 15 R4 1.17.0 02/17/2022
Alienware 17 R4 1.16.1 02/22/2022
Alienware 17 R5 1.17.0 02/17/2022
Alienware Area 51m R1 1.18.0 02/17/2022
Alienware Area 51m R2 1.13.0 02/17/2022
Alienware Aurora R8 1.0.20 02/21/2022
Alienware m15 R2 1.12.0 02/17/2022
Alienware m15 R3 1.14.0 02/17/2022
Alienware m15 R4 1.8.0 02/17/2022
Alienware m17 R2 1.12.0 02/17/2022
Alienware m17 R3 1.14.0 02/17/2022
Alienware m17 R4 1.8.0 02/17/2022
Alienware x15 R1 1.7.0 02/21/2022
Alienware x17 R1 1.7.0 02/21/2022
Dell Edge Gateway 3000 Series 1.7.0 02/17/2022
Dell Edge Gateway 5000/5100 1.17.0 02/17/2022
Dell Embedded Box PC 3000 1.13.0 02/22/2022
Dell Embedded Box PC 5000 1.14.0 02/14/2022
Inspiron 14 3473 1.14.0 02/17/2022
Inspiron 15 3573 1.14.0 02/17/2022
Inspiron 15 5566 1.18.0 02/21/2022
Inspiron 3277 1.19.0 02/21/2022
Inspiron 3465 1.12.0 02/25/2022
Inspiron 3477 1.19.0 02/21/2022
Inspiron 3482 1.13.0 02/17/2022
Inspiron 3502 1.7.0 02/17/2022
Inspiron 3510 1.6.0 02/17/2022
Inspiron 3565 1.12.0 02/25/2022
Inspiron 3582 1.13.0 02/17/2022
Inspiron 3782 1.13.0 02/17/2022
Latitude 3379 1.0.34 02/22/2022
Vostro 14 5468 1.19.0 02/22/2022
Vostro 15 5568 1.19.0 02/22/2022
Vostro 3267 1.20.0 02/15/2022
Vostro 3268 1.20.0 02/15/2022
Vostro 3572 1.14.0 02/17/2022
Vostro 3582 1.13.0 02/17/2022
Vostro 3660 1.20.0 02/15/2022
Vostro 3667 1.20.0 02/15/2022
Vostro 3668 1.20.0 02/15/2022
Vostro 3669 1.20.0 02/15/2022
Wyse 7040 Thin Client 1.15.0 02/16/2022
XPS 8930 1.1.21 02/21/2022
Product BIOS Update Version BIOS Release Date
 (MM/DD/YYYY)
Alienware 13 R3 1.16.1 02/22/2022
Alienware 15 R3 1.16.1 02/22/2022
Alienware 15 R4 1.17.0 02/17/2022
Alienware 17 R4 1.16.1 02/22/2022
Alienware 17 R5 1.17.0 02/17/2022
Alienware Area 51m R1 1.18.0 02/17/2022
Alienware Area 51m R2 1.13.0 02/17/2022
Alienware Aurora R8 1.0.20 02/21/2022
Alienware m15 R2 1.12.0 02/17/2022
Alienware m15 R3 1.14.0 02/17/2022
Alienware m15 R4 1.8.0 02/17/2022
Alienware m17 R2 1.12.0 02/17/2022
Alienware m17 R3 1.14.0 02/17/2022
Alienware m17 R4 1.8.0 02/17/2022
Alienware x15 R1 1.7.0 02/21/2022
Alienware x17 R1 1.7.0 02/21/2022
Dell Edge Gateway 3000 Series 1.7.0 02/17/2022
Dell Edge Gateway 5000/5100 1.17.0 02/17/2022
Dell Embedded Box PC 3000 1.13.0 02/22/2022
Dell Embedded Box PC 5000 1.14.0 02/14/2022
Inspiron 14 3473 1.14.0 02/17/2022
Inspiron 15 3573 1.14.0 02/17/2022
Inspiron 15 5566 1.18.0 02/21/2022
Inspiron 3277 1.19.0 02/21/2022
Inspiron 3465 1.12.0 02/25/2022
Inspiron 3477 1.19.0 02/21/2022
Inspiron 3482 1.13.0 02/17/2022
Inspiron 3502 1.7.0 02/17/2022
Inspiron 3510 1.6.0 02/17/2022
Inspiron 3565 1.12.0 02/25/2022
Inspiron 3582 1.13.0 02/17/2022
Inspiron 3782 1.13.0 02/17/2022
Latitude 3379 1.0.34 02/22/2022
Vostro 14 5468 1.19.0 02/22/2022
Vostro 15 5568 1.19.0 02/22/2022
Vostro 3267 1.20.0 02/15/2022
Vostro 3268 1.20.0 02/15/2022
Vostro 3572 1.14.0 02/17/2022
Vostro 3582 1.13.0 02/17/2022
Vostro 3660 1.20.0 02/15/2022
Vostro 3667 1.20.0 02/15/2022
Vostro 3668 1.20.0 02/15/2022
Vostro 3669 1.20.0 02/15/2022
Wyse 7040 Thin Client 1.15.0 02/16/2022
XPS 8930 1.1.21 02/21/2022

确认

Dell would like to thank JiaWei Yin (yngweijw) for reporting CVE-2022-24415 and CVE-2022-24416 and Binarly efiXplorer Team for reporting CVE-2022-24419, CVE-2022-24420, and CVE-2022-24421.

修订历史记录

RevisionDateDescription
1.02022/03/10Initial Release

相关信息

Dell Security Advisories and Notices
Dell Vulnerability Response Policy
CVSS Scoring Guide

法律信息

文章属性

受影响的产品

Product Security Information

上次发布日期

10 3月 2022

版本

1

文章类型

Dell Security Advisory

返回页首