DSA-2023-076 Dell Precision 7910 and 7920 Rack Security Update for BIOS Vulnerabilities
摘要: Dell Precision 7910 and 7920 Rack BIOS remediations are available for multiple security vulnerabilities that could be exploited by malicious users to compromise the affected system.
本文章適用於
本文章不適用於
本文無關於任何特定產品。
本文未識別所有產品版本。
影響
High
詳細資料
| Proprietary Code CVE(s) | Description | CVSS Base Score | CVSS Vector String |
| CVE-2022-34377 | Dell PowerEdge BIOS and Dell Precision BIOS contain an Improper SMM communication buffer verification vulnerability. A local malicious user with high Privileges may potentially exploit this vulnerability to perform arbitrary code execution or cause denial of service. | 1.9 | CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L |
| CVE-2022-34376 | Dell PowerEdge BIOS and Dell Precision BIOS contain an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by manipulating an SMI to cause a denial of service during SMM. | 3.9 | CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:L/A:L |
| CVE-2022-34406 | Dell PowerEdge BIOS and Dell Precision BIOS contain an Improper SMM communication buffer verification vulnerability. A local malicious user with high Privileges may potentially exploit this vulnerability to perform arbitrary code execution or cause denial of service. | 7.5 | CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H |
| CVE-2022-34407 | |||
| CVE-2022-34408 | |||
| CVE-2022-34409 | |||
| CVE-2022-34410 | |||
| CVE-2022-34411 | |||
| CVE-2022-34412 | |||
| CVE-2022-34413 | |||
| CVE-2022-34414 | |||
| CVE-2022-34415 | |||
| CVE-2022-34416 | |||
| CVE-2022-34417 | |||
| CVE-2022-34418 | |||
| CVE-2022-34419 | |||
| CVE-2022-34420 | |||
| CVE-2022-34421 | |||
| CVE-2022-34422 | |||
| CVE-2022-34423 |
| Proprietary Code CVE(s) | Description | CVSS Base Score | CVSS Vector String |
| CVE-2022-34377 | Dell PowerEdge BIOS and Dell Precision BIOS contain an Improper SMM communication buffer verification vulnerability. A local malicious user with high Privileges may potentially exploit this vulnerability to perform arbitrary code execution or cause denial of service. | 1.9 | CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L |
| CVE-2022-34376 | Dell PowerEdge BIOS and Dell Precision BIOS contain an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by manipulating an SMI to cause a denial of service during SMM. | 3.9 | CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:L/A:L |
| CVE-2022-34406 | Dell PowerEdge BIOS and Dell Precision BIOS contain an Improper SMM communication buffer verification vulnerability. A local malicious user with high Privileges may potentially exploit this vulnerability to perform arbitrary code execution or cause denial of service. | 7.5 | CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H |
| CVE-2022-34407 | |||
| CVE-2022-34408 | |||
| CVE-2022-34409 | |||
| CVE-2022-34410 | |||
| CVE-2022-34411 | |||
| CVE-2022-34412 | |||
| CVE-2022-34413 | |||
| CVE-2022-34414 | |||
| CVE-2022-34415 | |||
| CVE-2022-34416 | |||
| CVE-2022-34417 | |||
| CVE-2022-34418 | |||
| CVE-2022-34419 | |||
| CVE-2022-34420 | |||
| CVE-2022-34421 | |||
| CVE-2022-34422 | |||
| CVE-2022-34423 |
受影響的產品與補救措施
| CVE(s) Addressed | Product | Affected Version(s) | Updated Version(s) | Link to Update |
| CVE-2022-34377 | Precision Rack 7910 |
Versions prior to 2.16.0 |
2.16.0 | Precision Rack 7910 Drivers and Downloads |
| CVE-2022-34376 | ||||
| CVE-2022-34406 | ||||
| CVE-2022-34407 | ||||
| CVE-2022-34408 | ||||
| CVE-2022-34409 | ||||
| CVE-2022-34410 | ||||
| CVE-2022-34411 | ||||
| CVE-2022-34412 | ||||
| CVE-2022-34413 | ||||
| CVE-2022-34414 | ||||
| CVE-2022-34415 | ||||
| CVE-2022-34416 | ||||
| CVE-2022-34417 | ||||
| CVE-2022-34418 | ||||
| CVE-2022-34419 | ||||
| CVE-2022-34420 | ||||
| CVE-2022-34421 | ||||
| CVE-2022-34422 | ||||
| CVE-2022-34423 | ||||
| CVE-2022-34376 | Precision 7920 Rack |
Versions prior to 2.16.2 | 2.16.2 | Precision 7920 Rack Drivers and Downloads |
| CVE(s) Addressed | Product | Affected Version(s) | Updated Version(s) | Link to Update |
| CVE-2022-34377 | Precision Rack 7910 |
Versions prior to 2.16.0 |
2.16.0 | Precision Rack 7910 Drivers and Downloads |
| CVE-2022-34376 | ||||
| CVE-2022-34406 | ||||
| CVE-2022-34407 | ||||
| CVE-2022-34408 | ||||
| CVE-2022-34409 | ||||
| CVE-2022-34410 | ||||
| CVE-2022-34411 | ||||
| CVE-2022-34412 | ||||
| CVE-2022-34413 | ||||
| CVE-2022-34414 | ||||
| CVE-2022-34415 | ||||
| CVE-2022-34416 | ||||
| CVE-2022-34417 | ||||
| CVE-2022-34418 | ||||
| CVE-2022-34419 | ||||
| CVE-2022-34420 | ||||
| CVE-2022-34421 | ||||
| CVE-2022-34422 | ||||
| CVE-2022-34423 | ||||
| CVE-2022-34376 | Precision 7920 Rack |
Versions prior to 2.16.2 | 2.16.2 | Precision 7920 Rack Drivers and Downloads |
因應措施與緩解措施
None.
修訂歷史記錄
| Revision | Date | Description |
| 1.0 | 2023-03-14 | Initial Release |
感謝
Dell Technologies would like to thank Yngwei for reporting CVE-2022-34377 and CVE-2022-34376.
相關資訊
法律免責聲明
受影響的產品
Precision 7920 Rack, Precision Rack 7910, Product Security Information文章屬性
文章編號: 000209466
文章類型: Dell Security Advisory
上次修改時間: 14 3月 2023
向其他 Dell 使用者尋求您問題的答案
支援服務
檢查您的裝置是否在支援服務的涵蓋範圍內。