Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2022-34400: DSA-2022-327: Dell Client Security Update for Multiple Dell Client BIOS Vulnerabilities

Dell BIOS contains a heap buffer overflow vulnerability. A local attacker with admin privileges could potentially exploit this vulnerability to perform an arbitrary write to SMRAM during SMM.

CVE
#vulnerability#ios#amd#bios#buffer_overflow#auth#dell

Artikkelin numero: 000205716

DSA-2022-327: Dell Client Security Update for Multiple Dell Client BIOS Vulnerabilities****Yhteenveto: Dell Client Consumer platform remediation is available for multiple Dell BIOS vulnerabilities that may be exploited by malicious users to compromise the affected systems.

Artikkelin sisältö

Vaikutus

High

Tiedot

Proprietary Code CVEs

Description

CVSS Base Score

CVSS Vector String

CVE-2022-34403

Dell BIOS contains a Stack based buffer overflow vulnerability. A local authenticated attacker may potentially exploit this vulnerability by using an SMI to send larger than expected input to a parameter to gain arbitrary code execution in SMRAM.

7.5

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

CVE-2022-34400

Dell BIOS contains a heap buffer overflow vulnerability. A local attacker with admin privileges may potentially exploit this vulnerability to perform an arbitrary write to SMRAM during SMM.

7.1

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

See the table below for Dell Client BIOS releases containing resolutions to these vulnerabilities. Dell Technologies recommends all customers update at the earliest opportunity.

Go to the Drivers & Downloads site for updates on the applicable products. To learn more, see Dell KB article 124211: Dell BIOS Updates, and download the update for your Dell computer.

Customers may use one of the Dell notification solutions to be notified on download driver, BIOS, and firmware updates automatically once available.

Proprietary Code CVEs

Description

CVSS Base Score

CVSS Vector String

CVE-2022-34403

Dell BIOS contains a Stack based buffer overflow vulnerability. A local authenticated attacker may potentially exploit this vulnerability by using an SMI to send larger than expected input to a parameter to gain arbitrary code execution in SMRAM.

7.5

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

CVE-2022-34400

Dell BIOS contains a heap buffer overflow vulnerability. A local attacker with admin privileges may potentially exploit this vulnerability to perform an arbitrary write to SMRAM during SMM.

7.1

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

See the table below for Dell Client BIOS releases containing resolutions to these vulnerabilities. Dell Technologies recommends all customers update at the earliest opportunity.

Go to the Drivers & Downloads site for updates on the applicable products. To learn more, see Dell KB article 124211: Dell BIOS Updates, and download the update for your Dell computer.

Customers may use one of the Dell notification solutions to be notified on download driver, BIOS, and firmware updates automatically once available.

Dell Technologies suosittelee, että kaikki asiakkaat ottavat huomioon sekä CVSS-peruspistemäärän että kaikki asiaankuuluvat väliaikaiset ja ympäristöön liittyvät pisteet, jotka voivat vaikuttaa tietyn tietoturvahaavoittuvuuden mahdolliseen vakavuuteen.

Tuotteet, joihin asia vaikuttaa ja tilanteen korjaaminen

Product

BIOS Update Version

BIOS Release Date

Alienware m15 R6

1.17.0

10-19-2022

Alienware m15 R7

1.4.3

09-29-2022

Alienware m15 Ryzen Edition R5

1.8.0

10-26-2022

Alienware m17 R5 AMD

1.4.3

09-29-2022

Dell G15 5510

1.16.0

10-11-2022

Dell G15 5511

1.18.0

10-11-2022

Dell G15 5515

1.8.0

10-26-2022

Dell G15 5525

1.4.3

09-29-2022

Dell G5 SE 5505

1.13.0

11-08-2022

Inspiron 14 5410 2-in-1

2.15.2

11-15-2022

Inspiron 15 3511

1.18.2

11-21-2022

Inspiron 3195 2-in-1

1.6.0

10-26-2022

Inspiron 3275

1.9.2

10-05-2022

Inspiron 3475

1.9.2

10-05-2022

Inspiron 3505

1.9.0

10-11-2022

Inspiron 3515

1.9.0

10-11-2022

Inspiron 3525

1.5.0

10-13-2022

Inspiron 3585

1.10.0

10-26-2022

Inspiron 3595

1.5.0

10-26-2022

Inspiron 3785

1.10.0

10-26-2022

Inspiron 3891

1.12.0

10-17-2022

Inspiron 5310

2.15.0

10-11-2022

Inspiron 5405

1.9.0

11-08-2022

Inspiron 5410

2.14.0

10-07-2022

Inspiron 5415

1.13.0

11-08-2022

Inspiron 5425

1.5.0

10-11-2022

Inspiron 5485

2.11.0

10-26-2022

Inspiron 5485 2-in-1

2.11.0

10-26-2022

Inspiron 5505

1.9.0

11-08-2022

Inspiron 5510

2.15.2

11-15-2022

Inspiron 5515

1.13.0

11-08-2022

Inspiron 5585

2.11.0

10-26-2022

Inspiron 7405 2-in-1

1.10.1

12-01-2022

Inspiron 7415

1.13.0

11-09-2022

Inspiron 7425

1.5.0

10-11-2022

Inspiron 7510

1.12.0

10-12-2022

Inspiron 7610

1.12.0

10-12-2022

Latitude 3320

1.18.2

11-15-2022

Latitude 3420

1.23.2

11-07-2022

Latitude 3520

1.23.2

11-07-2022

Latitude 5320

1.24.3

11-16-2022

Latitude 5420

1.22.0

10-17-2022

Latitude 5520

1.24.3

11-16-2022

Latitude 5521

1.17.3

11-16-2022

Latitude 7320

1.20.0

10-17-2022

Latitude 7320 Detachable

1.17.2

11-22-2022

Latitude 7420

1.20.0

10-17-2022

Latitude 7520

1.20.0

10-17-2022

Latitude 9420

1.16.2

11-22-2022

Latitude 9520

1.17.0

10-17-2022

Latitude Rugged 5430

1.12.0

10-11-2022

Latitude Rugged 7330

1.12.0

10-11-2022

Latitude 5421

1.15.0

10-17-2022

OptiPlex 3090 Ultra

1.15.0

10-12-2022

OptiPlex 5090

1.12.0

10-17-2022

OptiPlex 5490 All-In-One

1.15.0

10-11-2022

OptiPlex 7090 Tower

1.12.0

10-11-2022

OptiPlex 7090 Ultra

1.15.0

10-12-2022

OptiPlex 7490 AIO

1.15.0

10-11-2022

Precision 3450

1.12.0

10-11-2022

Precision 3560

1.24.3

11-16-2022

Precision 3561

1.17.3

11-16-2022

Precision 3650 Tower

1.16.0

10-11-2022

Precision 5560

1.15.2

11-21-2022

Precision 5760

1.15.2

11-16-2022

Precision 7560

1.16.0

10-14-2022

Precision 7760

1.16.0

10-14-2022

Vostro 3405

1.9.0

10-11-2022

Vostro 3425

1.5.0

10-13-2022

Vostro 3510

1.18.2

11-21-2022

Vostro 3515

1.9.0

10-11-2022

Vostro 3525

1.5.0

10-13-2022

Vostro 3690

1.12.0

10-17-2022

Vostro 3890

1.12.0

10-17-2022

Vostro 5310

2.15.0

10-11-2022

Vostro 5410

2.15.2

11-15-2022

Vostro 5415

1.13.0

11-08-2022

Vostro 5510

2.15.2

11-15-2022

Vostro 5515

1.13.0

11-08-2022

Vostro 5625

1.5.0

10-11-2022

Vostro 5890

1.12.0

10-11-2022

Vostro 7510

1.12.0

10-12-2022

XPS 15 9510

1.15.2

11-21-2022

XPS 17 9710

1.15.2

11-14-2022

Product

BIOS Update Version

BIOS Release Date

Alienware m15 R6

1.17.0

10-19-2022

Alienware m15 R7

1.4.3

09-29-2022

Alienware m15 Ryzen Edition R5

1.8.0

10-26-2022

Alienware m17 R5 AMD

1.4.3

09-29-2022

Dell G15 5510

1.16.0

10-11-2022

Dell G15 5511

1.18.0

10-11-2022

Dell G15 5515

1.8.0

10-26-2022

Dell G15 5525

1.4.3

09-29-2022

Dell G5 SE 5505

1.13.0

11-08-2022

Inspiron 14 5410 2-in-1

2.15.2

11-15-2022

Inspiron 15 3511

1.18.2

11-21-2022

Inspiron 3195 2-in-1

1.6.0

10-26-2022

Inspiron 3275

1.9.2

10-05-2022

Inspiron 3475

1.9.2

10-05-2022

Inspiron 3505

1.9.0

10-11-2022

Inspiron 3515

1.9.0

10-11-2022

Inspiron 3525

1.5.0

10-13-2022

Inspiron 3585

1.10.0

10-26-2022

Inspiron 3595

1.5.0

10-26-2022

Inspiron 3785

1.10.0

10-26-2022

Inspiron 3891

1.12.0

10-17-2022

Inspiron 5310

2.15.0

10-11-2022

Inspiron 5405

1.9.0

11-08-2022

Inspiron 5410

2.14.0

10-07-2022

Inspiron 5415

1.13.0

11-08-2022

Inspiron 5425

1.5.0

10-11-2022

Inspiron 5485

2.11.0

10-26-2022

Inspiron 5485 2-in-1

2.11.0

10-26-2022

Inspiron 5505

1.9.0

11-08-2022

Inspiron 5510

2.15.2

11-15-2022

Inspiron 5515

1.13.0

11-08-2022

Inspiron 5585

2.11.0

10-26-2022

Inspiron 7405 2-in-1

1.10.1

12-01-2022

Inspiron 7415

1.13.0

11-09-2022

Inspiron 7425

1.5.0

10-11-2022

Inspiron 7510

1.12.0

10-12-2022

Inspiron 7610

1.12.0

10-12-2022

Latitude 3320

1.18.2

11-15-2022

Latitude 3420

1.23.2

11-07-2022

Latitude 3520

1.23.2

11-07-2022

Latitude 5320

1.24.3

11-16-2022

Latitude 5420

1.22.0

10-17-2022

Latitude 5520

1.24.3

11-16-2022

Latitude 5521

1.17.3

11-16-2022

Latitude 7320

1.20.0

10-17-2022

Latitude 7320 Detachable

1.17.2

11-22-2022

Latitude 7420

1.20.0

10-17-2022

Latitude 7520

1.20.0

10-17-2022

Latitude 9420

1.16.2

11-22-2022

Latitude 9520

1.17.0

10-17-2022

Latitude Rugged 5430

1.12.0

10-11-2022

Latitude Rugged 7330

1.12.0

10-11-2022

Latitude 5421

1.15.0

10-17-2022

OptiPlex 3090 Ultra

1.15.0

10-12-2022

OptiPlex 5090

1.12.0

10-17-2022

OptiPlex 5490 All-In-One

1.15.0

10-11-2022

OptiPlex 7090 Tower

1.12.0

10-11-2022

OptiPlex 7090 Ultra

1.15.0

10-12-2022

OptiPlex 7490 AIO

1.15.0

10-11-2022

Precision 3450

1.12.0

10-11-2022

Precision 3560

1.24.3

11-16-2022

Precision 3561

1.17.3

11-16-2022

Precision 3650 Tower

1.16.0

10-11-2022

Precision 5560

1.15.2

11-21-2022

Precision 5760

1.15.2

11-16-2022

Precision 7560

1.16.0

10-14-2022

Precision 7760

1.16.0

10-14-2022

Vostro 3405

1.9.0

10-11-2022

Vostro 3425

1.5.0

10-13-2022

Vostro 3510

1.18.2

11-21-2022

Vostro 3515

1.9.0

10-11-2022

Vostro 3525

1.5.0

10-13-2022

Vostro 3690

1.12.0

10-17-2022

Vostro 3890

1.12.0

10-17-2022

Vostro 5310

2.15.0

10-11-2022

Vostro 5410

2.15.2

11-15-2022

Vostro 5415

1.13.0

11-08-2022

Vostro 5510

2.15.2

11-15-2022

Vostro 5515

1.13.0

11-08-2022

Vostro 5625

1.5.0

10-11-2022

Vostro 5890

1.12.0

10-11-2022

Vostro 7510

1.12.0

10-12-2022

XPS 15 9510

1.15.2

11-21-2022

XPS 17 9710

1.15.2

11-14-2022

Kiitokset

CVE-2022-34400, CVE-2022-34403: Dell Technologies would like to thank Cederic Laumen (@ling_sec) for reporting this issue.

Versiohistoria

Revision

Date

Description

1.0

2022-12-15

Initial Release

Asiaan liittyvät tiedot

Dell Security Advisories and Notices
Dell Vulnerability Response Policy
CVSS Scoring Guide

Artikkelin ominaisuudet

Tuote, johon asia vaikuttaa

Dell G15 5510, Dell G15 5511, Dell G15 5515 Ryzen Edition, Dell G15 5525, Inspiron 3195 2-in-1, Inspiron 5405, Inspiron 14 5410 2-in-1, Inspiron 5415, Inspiron 7405 2-in-1, Inspiron 3505, Inspiron 15 3511, Inspiron 3585, Inspiron 3595, Inspiron 5505 , Inspiron 5515, Inspiron 3785, Inspiron 3275, Inspiron 3475, Inspiron 3891, Inspiron 531s, Inspiron 5425 (End of Life), Latitude 3320, Latitude 5320, Latitude 7320, Latitude 7320 Detachable, Latitude 7330 Rugged Extreme, Latitude 3420, Latitude 5421, Latitude 5430 Rugged, Latitude 7420, Latitude 7424 Rugged Extreme, Latitude 9420, Latitude 3520, Latitude 5520, Latitude 5521, Latitude 9520, Latitude 5420, OptiPlex 3090 Ultra, OptiPlex 5090, OptiPlex 5490 All-In-One, OptiPlex 7090 Ultra, OptiPlex 7490 All-In-One, Precision 3540, Precision 3560, Precision 3561, Precision 5560, Precision 7560, Precision 5760, Precision 7760, Precision 3650 Tower, Product Security Information, Vostro 3405, Vostro 3425, Vostro 3525, Vostro 5625, Vostro 3690, Vostro 5890, XPS 15 9510 …

Edellinen julkaisupäivä

16 jouluk. 2022

Versio

1

Artikkelin tyyppi

Dell Security Advisory

Related news

CVE-2022-34403: DSA-2022-327: Dell Client Security Update for Multiple Dell Client BIOS Vulnerabilities

Dell BIOS contains a Stack based buffer overflow vulnerability. A local authenticated attacker could potentially exploit this vulnerability by using an SMI to send larger than expected input to a parameter to gain arbitrary code execution in SMRAM.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907