DSA-2022-175: Dell VxRail Security Update for Multiple Third-Party Component Vulnerabilities
Summary:Dell VxRail remediation is available for multiple security vulnerabilities that may be exploited by malicious users to compromise the affected system.
Please select a product to check article relevancy
This article applies to This article does not apply toThis article is not tied to any specific product.Not all product versions are identified in this article.
VMSA-2022-0016 See workaround and mitigation table below
CVE-2022-21125
CVE-2022-21166
SUSE
CVE-2017-17087
CVE-2021-3695
CVE-2021-3696
CVE-2021-3697
CVE-2021-3778
CVE-2021-3796
CVE-2021-3872
CVE-2021-3903
CVE-2021-3875
CVE-2021-3927
CVE-2021-3928
CVE-2021-3968
CVE-2021-3973
CVE-2021-3974
CVE-2021-3984
CVE-2021-4019
CVE-2021-4069
CVE-2021-4136
CVE-2021-4166
CVE-2021-4192
CVE-2021-4193
CVE-2021-43565
CVE-2021-46059
CVE-2022-0128
CVE-2022-0213
CVE-2022-0261
CVE-2022-0318
CVE-2022-0319
CVE-2022-0351
CVE-2022-0359
CVE-2022-0361
CVE-2022-0392
CVE-2022-0407
CVE-2022-0413
CVE-2022-0561
CVE-2022-0562
CVE-2022-0696
CVE-2022-0865
CVE-2022-0891
CVE-2022-0908
CVE-2022-0909
CVE-2022-0924
CVE-2022-1056
CVE-2022-1271
CVE-2022-1304
CVE-2022-1381
CVE-2022-1420
CVE-2022-1552
CVE-2022-1616
CVE-2022-1619
CVE-2022-1620
CVE-2022-1733
CVE-2022-1735
CVE-2022-1771
CVE-2022-1785
CVE-2022-1796
CVE-2022-1851
CVE-2022-1897
CVE-2022-1898
CVE-2022-1927
CVE-2022-23308
CVE-2022-23648
CVE-2022-24769
CVE-2022-24903
CVE-2022-27191
CVE-2022-27781
CVE-2022-27782
CVE-2022-28733
CVE-2022-28734
CVE-2022-28735
CVE-2022-28736
CVE-2022-29155
CVE-2022-29824
Dell Technologies recommends all customers consider both the CVSS base score and any relevant temporal and environmental scores that may impact the potential severity associated with a particular security vulnerability.
Affected Products & Remediation
Product
Affected Versions
Updated Versions
Dell VxRail Appliance
7.0.x versions before 7.0.372
7.0.372 (See NOTE in Workaround and Mitigation section.)
Product
Affected Versions
Updated Versions
Dell VxRail Appliance
7.0.x versions before 7.0.372
7.0.372 (See NOTE in Workaround and Mitigation section.)
Workarounds & Mitigations
NOTE: STIG hardening version 2.0.001 resolves the VMware issue described in VMware article 88055
, which blocked STIG hardening of VxRail 7.0.370 and later. Also, if STIG hardening version 2.0.000 or earlier was applied to a VxRail cluster version 7.0.360 or earlier, STIG hardening version 2.0.001 must be applied before upgrading to VxRail 7.0.370 and later.
CAUTION: If running a STIG hardened VxRail version 7.0.370 or later, view Dell article 23137, Dell VxRail: Security Technical Implementation Guide on VxRail. Follow the steps seen in the "Known issues" section of the VxRail STIG Hardening Guide. However, if you have already removed the VMware ESXi STIG VIB, you can disregard this caution.
VMware ESXi
CVE-2022-21123
See VMware notice VMSA-2022-0016 . See VMware article KB 88632 for mitigation instructions.
CVE-2022-21125
CVE-2022-21166
Revision History
Revision
Date
Description
1.0
2022-07-08
Initial Release
1.1
2202-07-27
Added NOTE regarding VMware issue
1.2
2022-08-16
Edited NOTE in Workaround and Mitigations section regarding STIG package