CVE-2022-34377: DSA-2022-204: Dell PowerEdge Improper SMM Communication Buffer Verification Vulnerability

Artikkelin sisältö

Vaikutus

High

Tiedot

Proprietary Code CVEs

Description

CVSSBase Score

CVSS Vector String

CVE-2022-34377

Dell PowerEdge BIOS contains an Improper SMM communication buffer verification vulnerability. A local malicious user with high Privileges may potentially exploit this vulnerability to perform arbitrary code execution or cause denial of service.

1.9

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L

CVE-2022-34376

Dell PowerEdge BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by manipulating an SMI to cause a denial of service during SMM.

3.9

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:L/A:L

CVE-2022-34406

Dell PowerEdge BIOS contains an Improper SMM communication buffer verification vulnerability. A local malicious user with high Privileges may potentially exploit this vulnerability to perform arbitrary code execution or cause denial of service.

7.5

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

CVE-2022-34407

CVE-2022-34408

CVE-2022-34409

CVE-2022-34410

CVE-2022-34411

CVE-2022-34412

CVE-2022-34413

CVE-2022-34414

CVE-2022-34415

CVE-2022-34416

CVE-2022-34417

CVE-2022-34418

CVE-2022-34419

CVE-2022-34420

CVE-2022-34421

CVE-2022-34422

CVE-2022-34423

Proprietary Code CVEs

Description

CVSSBase Score

CVSS Vector String

CVE-2022-34377

Dell PowerEdge BIOS contains an Improper SMM communication buffer verification vulnerability. A local malicious user with high Privileges may potentially exploit this vulnerability to perform arbitrary code execution or cause denial of service.

1.9

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L

CVE-2022-34376

Dell PowerEdge BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by manipulating an SMI to cause a denial of service during SMM.

3.9

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:L/A:L

CVE-2022-34406

Dell PowerEdge BIOS contains an Improper SMM communication buffer verification vulnerability. A local malicious user with high Privileges may potentially exploit this vulnerability to perform arbitrary code execution or cause denial of service.

7.5

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

CVE-2022-34407

CVE-2022-34408

CVE-2022-34409

CVE-2022-34410

CVE-2022-34411

CVE-2022-34412

CVE-2022-34413

CVE-2022-34414

CVE-2022-34415

CVE-2022-34416

CVE-2022-34417

CVE-2022-34418

CVE-2022-34419

CVE-2022-34420

CVE-2022-34421

CVE-2022-34422

CVE-2022-34423

Dell Technologies suosittelee, että kaikki asiakkaat ottavat huomioon sekä CVSS-peruspistemäärän että kaikki asiaankuuluvat väliaikaiset ja ympäristöön liittyvät pisteet, jotka voivat vaikuttaa tietyn tietoturvahaavoittuvuuden mahdolliseen vakavuuteen.

Tuotteet, joihin asia vaikuttaa ja tilanteen korjaaminen

Product

Affected Versions

Updated Versions or later

Link to Update

R6515

Before 2.9.3

2.9.3

R6515 Drivers & Downloads

R7515

Before 2.9.3

2.9.3

R7515 Drivers & Downloads

R6525

Before 2.9.3

2.9.3

R6525 Drivers & Downloads

R7525

Before 2.9.3

2.9.3

R7525 Drivers & Downloads

XE8545

Before 2.9.4

2.9.4

XE8545 Drivers & Downloads

C6525

Before 2.9.4

2.9.4

C6525 Drivers & Downloads

R6415

Before 1.19.0

1.19.0

R6415 Drivers & Downloads

R7415

Before 1.19.0

1.19.0

R7415 Drivers & Downloads

R7425

Before 1.19.0

1.19.0

R7425 Drivers & Downloads

R750

Before 1.8.2

1.8.2

R750 Drivers & Downloads

R750XA

Before 1.8.2

1.8.2

R750XA Drivers & Downloads

R650

Before 1.8.2

1.8.2

R650 Drivers & Downloads

C6520

Before 1.8.2

1.8.2

C6520 Drivers & Downloads

MX750c

Before 1.8.2

1.8.2

MX750c Drivers & Downloads

R450

Before 1.8.2

1.8.2

R450 Drivers & Downloads

R550

Before 1.8.2

1.8.2

R550 Drivers & Downloads

R650xs

Before 1.8.2

1.8.2

R650xs Drivers & Downloads

R750xs

Before 1.8.2

1.8.2

R750xs Drivers & Downloads

T550

Before 1.8.2

1.8.2

T550 Drivers & Downloads

XR11

Before 1.8.2

1.8.2

XR11 Drivers & Downloads

XR12

Before 1.8.2

1.8.2

XR12 Drivers & Downloads

R250

Before 1.4.2

1.4.2

R250 Drivers & Downloads

R350

Before 1.4.2

1.4.2

R350 Drivers & Downloads

T150

Before 1.4.2

1.4.2

T150 Drivers & Downloads

T350

Before 1.4.2

1.4.2

T350 Drivers & Downloads

R740

Before 2.16.1

2.16.1

R740 Drivers & Downloads

R740XD

Before 2.16.1

2.16.1

R740XD Drivers & Downloads

R640

Before 2.16.1

2.16.1

R640 Drivers & Downloads

R940

Before 2.16.1

2.16.1

R940 Drivers & Downloads

R540

Before 2.16.1

2.16.1

R540 Drivers & Downloads

R440

Before 2.16.1

2.16.1

R440 Drivers & Downloads

T440

Before 2.16.1

2.16.1

T440 Drivers & Downloads

XR2

Before 2.16.1

2.16.1

XR2 Drivers & Downloads

R740XD2

Before 2.16.1

2.16.1

R740XD2 Drivers & Downloads

R840

Before 2.16.1

2.16.1

R840 Drivers & Downloads

R940XA

Before 2.16.1

2.16.1

R940XA Drivers & Downloads

T640

Before 2.16.1

2.16.1

T640 Drivers & Downloads

C6420

Before 2.16.1

2.16.1

C6420 Drivers & Downloads

FC640

Before 2.16.1

2.16.1

FC640 Drivers & Downloads

M640

Before 2.16.1

2.16.1

M640 Drivers & Downloads

M640P

Before 2.16.1

2.16.1

M640P Drivers & Downloads

MX740C

Before 2.16.1

2.16.1

MX740C Drivers & Downloads

MX840C

Before 2.16.1

2.16.1

MX840C Drivers & Downloads

C4140

Before 2.16.1

2.16.1

C4140 Drivers & Downloads

DSS8440

Before 2.16.1

2.16.1

DSS8440 Drivers & Downloads

T140

Before 2.11.1

2.11.1

T140 Drivers & Downloads

T340

Before 2.11.1

2.11.1

T340 Drivers & Downloads

R240

Before 2.11.1

2.11.1

R240 Drivers & Downloads

R340

Before 2.11.1

2.11.1

R340 Drivers & Downloads

XE2420

Before 2.16.0

2.16.0

XE2420 Drivers & Downloads

XE7420

Before 2.16.1

2.16.1

XE7420 Drivers & Downloads

XE7440

Before 2.16.1

2.16.1

XE7440 Drivers & Downloads

R730

Before 2.16.0

2.16.0

R730 Drivers & Downloads

R730xd

Before 2.16.0

2.16.0

R730XD Drivers & Downloads

R630

Before 2.16.0

2.16.0

R630 Drivers & Downloads

C4130

Before 2.16.0

2.16.0

C4130 Drivers & Downloads

R930

Before 2.16.0

2.11.0

R930 Drivers & Downloads

M630

Before 2.16.0

2.16.0

M630 Drivers & Downloads

M630p

Before 2.16.0

2.16.0

M630P Drivers & Downloads

FC630

Before 2.16.0

2.16.0

FC630 Drivers & Downloads

FC430

Before 2.16.0

2.16.0

FC430 Drivers & Downloads

M830

Before 2.16.0

2.16.0

M830 Drivers & Downloads

M830p

Before 2.16.0

2.16.0

M830P Drivers & Downloads

FC830

Before 2.16.0

2.16.0

FC830 Drivers & Downloads

T630

Before 2.16.0

2.16.0

T630 Drivers & Downloads

R530

Before 2.16.0

2.16.0

R530 Drivers & Downloads

R430

Before 2.16.0

2.16.0

R430 Drivers & Downloads

T430

Before 2.16.0

2.16.0

T430 Drivers & Downloads

R830

Before 1.16.0

1.16.0

R830 Drivers & Downloads

C6320

Before 2.16.0

2.16.0

C6320 Drivers & Downloads

T130

Before 2.16.0

2.16.0

T130 Drivers & Downloads

R230

Before 2.16.0

2.16.0

R230 Drivers & Downloads

T330

Before 2.16.0

2.16.0

T330 Drivers & Downloads

R330

Before 2.16.0

2.16.0

R330 Drivers & Downloads

NX430

Before 2.16.0

2.16.0

NX430 Drivers & Downloads

NX3230

Before 2.16.0

2.16.0

NX3230 Drivers & Downloads

NX3330

Before 2.16.0

2.16.0

NX3330 Drivers & Downloads

NX440

Before 2.11.1

2.11.1

NX440 Drivers & Downloads

NX3240

Before 2.16.1

2.16.1

NX3240 Drivers & Downloads

NX3340

Before 2.16.1

2.16.1

NX3340 Drivers & Downloads

Note:
For those customers that enable SGX function on R750, R750XA, R650, C6520, MX750c, R450, R550, R650xs, R750xs, T550, XR11, or XR12, do not roll back the BIOS to older versions. An issue that is discovered within Intel microcode may cause TCB recovery failure and result in a system to stop responding. By default, SGX function is disabled. To determine if SGX function is enabled:

• From the BIOS - Systems Utilities screen, select System Configuration > BIOS/Platform Configuration (RBSI) > System Options > Processor Options > Intel Software Guard Extensions (SGX) and press Enter.
• If it is set to Enabled or software controlled, then the SGX function is enabled.

Product

Affected Versions

Updated Versions or later

Link to Update

R6515

Before 2.9.3

2.9.3

R6515 Drivers & Downloads

R7515

Before 2.9.3

2.9.3

R7515 Drivers & Downloads

R6525

Before 2.9.3

2.9.3

R6525 Drivers & Downloads

R7525

Before 2.9.3

2.9.3

R7525 Drivers & Downloads

XE8545

Before 2.9.4

2.9.4

XE8545 Drivers & Downloads

C6525

Before 2.9.4

2.9.4

C6525 Drivers & Downloads

R6415

Before 1.19.0

1.19.0

R6415 Drivers & Downloads

R7415

Before 1.19.0

1.19.0

R7415 Drivers & Downloads

R7425

Before 1.19.0

1.19.0

R7425 Drivers & Downloads

R750

Before 1.8.2

1.8.2

R750 Drivers & Downloads

R750XA

Before 1.8.2

1.8.2

R750XA Drivers & Downloads

R650

Before 1.8.2

1.8.2

R650 Drivers & Downloads

C6520

Before 1.8.2

1.8.2

C6520 Drivers & Downloads

MX750c

Before 1.8.2

1.8.2

MX750c Drivers & Downloads

R450

Before 1.8.2

1.8.2

R450 Drivers & Downloads

R550

Before 1.8.2

1.8.2

R550 Drivers & Downloads

R650xs

Before 1.8.2

1.8.2

R650xs Drivers & Downloads

R750xs

Before 1.8.2

1.8.2

R750xs Drivers & Downloads

T550

Before 1.8.2

1.8.2

T550 Drivers & Downloads

XR11

Before 1.8.2

1.8.2

XR11 Drivers & Downloads

XR12

Before 1.8.2

1.8.2

XR12 Drivers & Downloads

R250

Before 1.4.2

1.4.2

R250 Drivers & Downloads

R350

Before 1.4.2

1.4.2

R350 Drivers & Downloads

T150

Before 1.4.2

1.4.2

T150 Drivers & Downloads

T350

Before 1.4.2

1.4.2

T350 Drivers & Downloads

R740

Before 2.16.1

2.16.1

R740 Drivers & Downloads

R740XD

Before 2.16.1

2.16.1

R740XD Drivers & Downloads

R640

Before 2.16.1

2.16.1

R640 Drivers & Downloads

R940

Before 2.16.1

2.16.1

R940 Drivers & Downloads

R540

Before 2.16.1

2.16.1

R540 Drivers & Downloads

R440

Before 2.16.1

2.16.1

R440 Drivers & Downloads

T440

Before 2.16.1

2.16.1

T440 Drivers & Downloads

XR2

Before 2.16.1

2.16.1

XR2 Drivers & Downloads

R740XD2

Before 2.16.1

2.16.1

R740XD2 Drivers & Downloads

R840

Before 2.16.1

2.16.1

R840 Drivers & Downloads

R940XA

Before 2.16.1

2.16.1

R940XA Drivers & Downloads

T640

Before 2.16.1

2.16.1

T640 Drivers & Downloads

C6420

Before 2.16.1

2.16.1

C6420 Drivers & Downloads

FC640

Before 2.16.1

2.16.1

FC640 Drivers & Downloads

M640

Before 2.16.1

2.16.1

M640 Drivers & Downloads

M640P

Before 2.16.1

2.16.1

M640P Drivers & Downloads

MX740C

Before 2.16.1

2.16.1

MX740C Drivers & Downloads

MX840C

Before 2.16.1

2.16.1

MX840C Drivers & Downloads

C4140

Before 2.16.1

2.16.1

C4140 Drivers & Downloads

DSS8440

Before 2.16.1

2.16.1

DSS8440 Drivers & Downloads

T140

Before 2.11.1

2.11.1

T140 Drivers & Downloads

T340

Before 2.11.1

2.11.1

T340 Drivers & Downloads

R240

Before 2.11.1

2.11.1

R240 Drivers & Downloads

R340

Before 2.11.1

2.11.1

R340 Drivers & Downloads

XE2420

Before 2.16.0

2.16.0

XE2420 Drivers & Downloads

XE7420

Before 2.16.1

2.16.1

XE7420 Drivers & Downloads

XE7440

Before 2.16.1

2.16.1

XE7440 Drivers & Downloads

R730

Before 2.16.0

2.16.0

R730 Drivers & Downloads

R730xd

Before 2.16.0

2.16.0

R730XD Drivers & Downloads

R630

Before 2.16.0

2.16.0

R630 Drivers & Downloads

C4130

Before 2.16.0

2.16.0

C4130 Drivers & Downloads

R930

Before 2.16.0

2.11.0

R930 Drivers & Downloads

M630

Before 2.16.0

2.16.0

M630 Drivers & Downloads

M630p

Before 2.16.0

2.16.0

M630P Drivers & Downloads

FC630

Before 2.16.0

2.16.0

FC630 Drivers & Downloads

FC430

Before 2.16.0

2.16.0

FC430 Drivers & Downloads

M830

Before 2.16.0

2.16.0

M830 Drivers & Downloads

M830p

Before 2.16.0

2.16.0

M830P Drivers & Downloads

FC830

Before 2.16.0

2.16.0

FC830 Drivers & Downloads

T630

Before 2.16.0

2.16.0

T630 Drivers & Downloads

R530

Before 2.16.0

2.16.0

R530 Drivers & Downloads

R430

Before 2.16.0

2.16.0

R430 Drivers & Downloads

T430

Before 2.16.0

2.16.0

T430 Drivers & Downloads

R830

Before 1.16.0

1.16.0

R830 Drivers & Downloads

C6320

Before 2.16.0

2.16.0

C6320 Drivers & Downloads

T130

Before 2.16.0

2.16.0

T130 Drivers & Downloads

R230

Before 2.16.0

2.16.0

R230 Drivers & Downloads

T330

Before 2.16.0

2.16.0

T330 Drivers & Downloads

R330

Before 2.16.0

2.16.0

R330 Drivers & Downloads

NX430

Before 2.16.0

2.16.0

NX430 Drivers & Downloads

NX3230

Before 2.16.0

2.16.0

NX3230 Drivers & Downloads

NX3330

Before 2.16.0

2.16.0

NX3330 Drivers & Downloads

NX440

Before 2.11.1

2.11.1

NX440 Drivers & Downloads

NX3240

Before 2.16.1

2.16.1

NX3240 Drivers & Downloads

NX3340

Before 2.16.1

2.16.1

NX3340 Drivers & Downloads

Note:
For those customers that enable SGX function on R750, R750XA, R650, C6520, MX750c, R450, R550, R650xs, R750xs, T550, XR11, or XR12, do not roll back the BIOS to older versions. An issue that is discovered within Intel microcode may cause TCB recovery failure and result in a system to stop responding. By default, SGX function is disabled. To determine if SGX function is enabled:

• From the BIOS - Systems Utilities screen, select System Configuration > BIOS/Platform Configuration (RBSI) > System Options > Processor Options > Intel Software Guard Extensions (SGX) and press Enter.
• If it is set to Enabled or software controlled, then the SGX function is enabled.

Kiitokset

CVE-2022-34377,CVE-2022-34376: Dell would like to thank Yngwei for reporting this issue.

Versiohistoria

Revision

Date

Description

1.0

2022-12-15

Initial release

1.1

2023-02-10

Add PowerVault NX models.

Asiaan liittyvät tiedot

Dell Security Advisories and Notices
Dell Vulnerability Response Policy
CVSS Scoring Guide

Artikkelin ominaisuudet

Tuote, johon asia vaikuttaa

DSS 8440, PowerEdge XR2, PowerEdge C4130, PowerEdge C4140, PowerEdge C6320, PowerEdge C6420, PowerEdge C6520, PowerEdge C6525, PowerEdge FC430, PowerEdge FC630, PowerEdge FC640, PowerEdge FC830, PowerEdge M630, PowerEdge M630 (for PE VRTX) , PowerEdge M640, PowerEdge M640 (for PE VRTX), PowerEdge M830, PowerEdge M830 (for PE VRTX), PowerEdge MX740c, PowerEdge MX750c, PowerEdge MX840c, PowerEdge R230, PowerEdge R250, PowerEdge R330, PowerEdge R350, PowerEdge R430, PowerEdge R440, PowerEdge R450, PowerEdge R530, PowerEdge R540, PowerEdge R550, PowerEdge R630, PowerEdge R640, PowerEdge R6415, PowerEdge R650, PowerEdge R650xs, PowerEdge R6515, PowerEdge R6525, PowerEdge R730, PowerEdge R730xd, PowerEdge R740, PowerEdge R740xd, PowerEdge R740xd2, PowerEdge R7415, PowerEdge R7425, PowerEdge R750, PowerEdge R750xa, PowerEdge R750xs, PowerEdge R7515, PowerEdge R830, PowerEdge R840, PowerEdge R930, PowerEdge R940, PowerEdge R940xa, PowerEdge T130, PowerEdge T140, PowerEdge T150, PowerEdge T330, PowerEdge T340, PowerEdge T350, PowerEdge T430, PowerEdge T440, PowerEdge T550, PowerEdge T630, PowerEdge T640, PowerEdge XE2420, PowerEdge XE7420, PowerEdge XE7440, PowerEdge XE8545, PowerEdge XR11, PowerEdge XR12, PowerVault NX3000, PowerVault NX3100, PowerVault NX3200, PowerVault NX3300, PowerVault NX3500, PowerVault NX3600, PowerVault NX3610, Powervault NX400, Product Security Information …

Edellinen julkaisupäivä

10 helmik. 2023

Versio

2

Artikkelin tyyppi

Dell Security Advisory