Article Number: 000201003

DSA-2022-174: Dell VxRail Security Update for Multiple Third-Party Component Vulnerabilities

Summary: Dell VxRail remediation is available for multiple security vulnerabilities that may be exploited by malicious users to compromise the affected system.

Article Content

Impact

Critical

Details

Third-party Component		CVEs	More Information
Spring Security		CVE-2022-22978
VMware vCenter Server		CVE-2022-22982	VMSA-2022-0018
VMware ESXi		CVE-2022-21123	See VMware article: VMSA-2022-0016 . See workaround and mitigation table below.
		CVE-2022-21125
		CVE-2022-21166
Dell PowerEdge	BIOS	CVE-2020-12966	See Dell article 194002, DSA-2021-255: Dell PowerEdge Security Update for an AMD Vulnerability for more details
	AMD	CVE-2021-26373	See Dell article 199269, DSA-2022-126: Dell PowerEdge Server Security Updates for AMD Server Vulnerabilities for more details
		CVE-2021-26347
		CVE-2021-26376
		CVE-2021-26375
		CVE-2021-26378
		CVE-2021-26372
		CVE-2021-26348
		CVE-2021-26342
		CVE-2021-26388
		CVE-2021-26349
		CVE-2021-26364
		CVE-2021-26312
		CVE-2021-26350
		CVE-2021-26339
	EDK2	CVE-2019-14584	See Dell article 198065, DSA-2022-088: Dell PowerEdge Server BIOS Security Update for Multiple Tianocore EDK2 Vulnerabilities for more details
		CVE-2021-28210
		CVE-2021-28211
	Intel	CVE-2021-0060	See Intel article Intel-SA-00470 for more details.
		CVE-2021-0147	See Intel article Intel-SA-00470 for more details.
		CVE-2021-0127	See Intel article Intel-SA-00532 for more details.
		CVE-2021-0092	Seen Intel article Intel-SA-00527 for more details
		CVE-2021-0093
		CVE-2021-0099
		CVE-2021-0107
		CVE-2021-0111
		CVE-2021-0114
		CVE-2021-0115
		CVE-2021-0116
		CVE-2021-0117
		CVE-2021-0118
		CVE-2021-0119
		CVE-2021-0124
		CVE-2021-0125
iDRAC8		CVE-2022-0778	See Dell article 200644, DSA-2022-154: Dell iDRAC8 and Dell iDRAC9 Security Update for an OpenSSL Vulnerability for more details
		CVE-2022-24423	See Dell article 198064, DSA-2022-069: Dell iDRAC8 Security Update for a Denial of Service Vulnerability for more details
		CVE-2021-36346	See Dell article 194038, DSA-2021-259: Dell iDRAC Security Update for Multiple Security Vulnerabilities for more details
SUSE		CVE-2017-16932
		CVE-2018-25032
		CVE-2018-7755
		CVE-2019-20811
		CVE-2020-25721
		CVE-2020-28097
		CVE-2020-29361
		CVE-2021-0561
		CVE-2021-20292
		CVE-2021-20316
		CVE-2021-20321
		CVE-2021-25220
		CVE-2021-28153
		CVE-2021-3448
		CVE-2021-3564
		CVE-2021-3800
		CVE-2021-38208
		CVE-2021-39648
		CVE-2021-39657
		CVE-2021-39713
		CVE-2021-3999
		CVE-2021-4083
		CVE-2021-4135
		CVE-2021-4149
		CVE-2021-4189
		CVE-2021-4197
		CVE-2021-4202
		CVE-2021-43389
		CVE-2021-43566
		CVE-2021-44141
		CVE-2021-44142
		CVE-2021-44733
		CVE-2021-44879
		CVE-2021-45095
		CVE-2021-45417
		CVE-2021-45868
		CVE-2022-0001
		CVE-2022-0002
		CVE-2022-0322
		CVE-2022-0330
		CVE-2022-0336
		CVE-2022-0391
		CVE-2022-0435
		CVE-2022-0487
		CVE-2022-0492
		CVE-2022-0617
		CVE-2022-0644
		CVE-2022-0778
		CVE-2022-0812
		CVE-2022-0847
		CVE-2022-0850
		CVE-2022-0934
		CVE-2022-1011
		CVE-2022-1016
		CVE-2022-1048
		CVE-2022-1097
		CVE-2022-1271
		CVE-2022-1280
		CVE-2022-1304
		CVE-2022-1353
		CVE-2022-1419
		CVE-2022-1516
		CVE-2022-1552
		CVE-2022-21248
CVE-2022-21277
CVE-2022-21282
CVE-2022-21283
CVE-2022-21291
CVE-2022-21293
CVE-2022-21294
CVE-2022-21296
CVE-2022-21299
CVE-2022-21305
CVE-2022-21340
CVE-2022-21341
CVE-2022-21349
CVE-2022-21360
CVE-2022-21365
CVE-2022-21366
CVE-2022-21426
CVE-2022-21434
CVE-2022-21443
CVE-2022-21476
CVE-2022-21496
CVE-2022-22576
CVE-2022-22942
CVE-2022-23036
CVE-2022-23037
CVE-2022-23038
CVE-2022-23039
CVE-2022-23040
CVE-2022-23041
CVE-2022-23042
CVE-2022-23181
CVE-2022-23218
CVE-2022-23219
CVE-2022-23302
CVE-2022-23305
CVE-2022-23307
CVE-2022-23308
CVE-2022-23960
CVE-2022-24407
CVE-2022-24448
CVE-2022-24959
CVE-2022-25308
CVE-2022-25309
CVE-2022-25310
CVE-2022-26490
CVE-2022-26966
CVE-2022-27666
CVE-2022-27776
CVE-2022-27781
CVE-2022-27782
CVE-2022-28356
CVE-2022-28388
CVE-2022-28389
CVE-2022-28390
CVE-2022-28748
CVE-2022-29155
CVE-2022-29824

Third-party Component		CVEs	More Information
Spring Security		CVE-2022-22978
VMware vCenter Server		CVE-2022-22982	VMSA-2022-0018
VMware ESXi		CVE-2022-21123	See VMware article: VMSA-2022-0016 . See workaround and mitigation table below.
		CVE-2022-21125
		CVE-2022-21166
Dell PowerEdge	BIOS	CVE-2020-12966	See Dell article 194002, DSA-2021-255: Dell PowerEdge Security Update for an AMD Vulnerability for more details
	AMD	CVE-2021-26373	See Dell article 199269, DSA-2022-126: Dell PowerEdge Server Security Updates for AMD Server Vulnerabilities for more details
		CVE-2021-26347
		CVE-2021-26376
		CVE-2021-26375
		CVE-2021-26378
		CVE-2021-26372
		CVE-2021-26348
		CVE-2021-26342
		CVE-2021-26388
		CVE-2021-26349
		CVE-2021-26364
		CVE-2021-26312
		CVE-2021-26350
		CVE-2021-26339
	EDK2	CVE-2019-14584	See Dell article 198065, DSA-2022-088: Dell PowerEdge Server BIOS Security Update for Multiple Tianocore EDK2 Vulnerabilities for more details
		CVE-2021-28210
		CVE-2021-28211
	Intel	CVE-2021-0060	See Intel article Intel-SA-00470 for more details.
		CVE-2021-0147	See Intel article Intel-SA-00470 for more details.
		CVE-2021-0127	See Intel article Intel-SA-00532 for more details.
		CVE-2021-0092	Seen Intel article Intel-SA-00527 for more details
		CVE-2021-0093
		CVE-2021-0099
		CVE-2021-0107
		CVE-2021-0111
		CVE-2021-0114
		CVE-2021-0115
		CVE-2021-0116
		CVE-2021-0117
		CVE-2021-0118
		CVE-2021-0119
		CVE-2021-0124
		CVE-2021-0125
iDRAC8		CVE-2022-0778	See Dell article 200644, DSA-2022-154: Dell iDRAC8 and Dell iDRAC9 Security Update for an OpenSSL Vulnerability for more details
		CVE-2022-24423	See Dell article 198064, DSA-2022-069: Dell iDRAC8 Security Update for a Denial of Service Vulnerability for more details
		CVE-2021-36346	See Dell article 194038, DSA-2021-259: Dell iDRAC Security Update for Multiple Security Vulnerabilities for more details
SUSE		CVE-2017-16932
		CVE-2018-25032
		CVE-2018-7755
		CVE-2019-20811
		CVE-2020-25721
		CVE-2020-28097
		CVE-2020-29361
		CVE-2021-0561
		CVE-2021-20292
		CVE-2021-20316
		CVE-2021-20321
		CVE-2021-25220
		CVE-2021-28153
		CVE-2021-3448
		CVE-2021-3564
		CVE-2021-3800
		CVE-2021-38208
		CVE-2021-39648
		CVE-2021-39657
		CVE-2021-39713
		CVE-2021-3999
		CVE-2021-4083
		CVE-2021-4135
		CVE-2021-4149
		CVE-2021-4189
		CVE-2021-4197
		CVE-2021-4202
		CVE-2021-43389
		CVE-2021-43566
		CVE-2021-44141
		CVE-2021-44142
		CVE-2021-44733
		CVE-2021-44879
		CVE-2021-45095
		CVE-2021-45417
		CVE-2021-45868
		CVE-2022-0001
		CVE-2022-0002
		CVE-2022-0322
		CVE-2022-0330
		CVE-2022-0336
		CVE-2022-0391
		CVE-2022-0435
		CVE-2022-0487
		CVE-2022-0492
		CVE-2022-0617
		CVE-2022-0644
		CVE-2022-0778
		CVE-2022-0812
		CVE-2022-0847
		CVE-2022-0850
		CVE-2022-0934
		CVE-2022-1011
		CVE-2022-1016
		CVE-2022-1048
		CVE-2022-1097
		CVE-2022-1271
		CVE-2022-1280
		CVE-2022-1304
		CVE-2022-1353
		CVE-2022-1419
		CVE-2022-1516
		CVE-2022-1552
		CVE-2022-21248
CVE-2022-21277
CVE-2022-21282
CVE-2022-21283
CVE-2022-21291
CVE-2022-21293
CVE-2022-21294
CVE-2022-21296
CVE-2022-21299
CVE-2022-21305
CVE-2022-21340
CVE-2022-21341
CVE-2022-21349
CVE-2022-21360
CVE-2022-21365
CVE-2022-21366
CVE-2022-21426
CVE-2022-21434
CVE-2022-21443
CVE-2022-21476
CVE-2022-21496
CVE-2022-22576
CVE-2022-22942
CVE-2022-23036
CVE-2022-23037
CVE-2022-23038
CVE-2022-23039
CVE-2022-23040
CVE-2022-23041
CVE-2022-23042
CVE-2022-23181
CVE-2022-23218
CVE-2022-23219
CVE-2022-23302
CVE-2022-23305
CVE-2022-23307
CVE-2022-23308
CVE-2022-23960
CVE-2022-24407
CVE-2022-24448
CVE-2022-24959
CVE-2022-25308
CVE-2022-25309
CVE-2022-25310
CVE-2022-26490
CVE-2022-26966
CVE-2022-27666
CVE-2022-27776
CVE-2022-27781
CVE-2022-27782
CVE-2022-28356
CVE-2022-28388
CVE-2022-28389
CVE-2022-28390
CVE-2022-28748
CVE-2022-29155
CVE-2022-29824

Dell Technologies recommends all customers consider both the CVSS base score and any relevant temporal and environmental scores that may impact the potential severity associated with a particular security vulnerability.

Affected Products and Remediation

Product	Affected Versions	Updated Versions
Dell VxRail Appliance	4.7.x versions before 4.7.550	4.7.550

Product	Affected Versions	Updated Versions
Dell VxRail Appliance	4.7.x versions before 4.7.550	4.7.550

Workarounds and Mitigations

VMware ESXi	CVE-2022-21123	See VMware article VMSA-2022-0016 . See VMware article KB 88632 for mitigation instructions.
	CVE-2022-21125
	CVE-2022-21166

Revision History

Revision	Date	Description
1.0	2022-06-28	Initial Release
1.1	2022-07-12	Added CVE-2021-36346
1.2	2022-07-14	Added CVE-2022-22982

Related Information

Legal Information

Article Properties

Affected Product

VxRail, CloudArray Virtual Edition for VxRail Appliance, Product Security Information, VMWare Cloud on Dell EMC VxRail E560F, VMWare Cloud on Dell EMC VxRail E560N, VxRail 460 and 470 Nodes, VxRail Appliance Family, VxRail Appliance Series , VxRail G410, VxRail G Series Nodes, VxRail D Series Nodes, VxRail D560, VxRail D560F, VxRail E Series Nodes, VxRail E460, VxRail E560, VxRail E560 VCF, VxRail E560F, VxRail E560F VCF, VxRail E560N, VxRail E560N VCF, VxRail E660, VxRail E660F, VxRail E660N, VxRail E665F, VxRail E665N, VxRail G560, VxRail G560 VCF, VxRail G560F, VxRail G560F VCF, VxRail Gen2 Hardware, VxRail P Series Nodes, VxRail P470, VxRail P570, VxRail P570 VCF, VxRail P570F, VxRail P570F VCF, VxRail P580N, VxRail P580N VCF, VXRAIL P670F, VxRail P670N, VxRail P675F, VxRail P675N, VxRail S Series Nodes, VxRail S470, VxRail S570, VxRail S570 VCF, VxRail S670, VxRail Software, VxRail V Series Nodes, VxRail V470, VxRail V570, VxRail V570 VCF, VxRail V570F, VxRail V570F VCF, VXRAIL V670F ...

Last Published Date

20 Jun 2023

Article Type

Dell Security Advisory

Welcome

Welcome to Dell