DSA-2022-204: Dell PowerEdge Improper SMM Communication Buffer Verification Vulnerability
Samenvatting:Dell PowerEdge remediation is available for an Improper SMM communication buffer verification vulnerability that may be exploited by malicious users to compromise the affected system.
Selecteer een product om de relevantie van het artikel te controleren
Dit artikel is van toepassing op Dit artikel is niet van toepassing op
Dell PowerEdge BIOS and Dell Precision BIOS contain an Improper SMM communication buffer verification vulnerability. A local malicious user with high Privileges may potentially exploit this vulnerability to perform arbitrary code execution or cause denial of service.
1.9
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L
CVE-2022-34376
Dell PowerEdge BIOS and Dell Precision BIOS contain an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by manipulating an SMI to cause a denial of service during SMM.
3.9
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:L/A:L
CVE-2022-34406
Dell PowerEdge BIOS and Dell Precision BIOS contain an Improper SMM communication buffer verification vulnerability. A local malicious user with high Privileges may potentially exploit this vulnerability to perform arbitrary code execution or cause denial of service.
7.5
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
CVE-2022-34407
CVE-2022-34408
CVE-2022-34409
CVE-2022-34410
CVE-2022-34411
CVE-2022-34412
CVE-2022-34413
CVE-2022-34414
CVE-2022-34415
CVE-2022-34416
CVE-2022-34417
CVE-2022-34418
CVE-2022-34419
CVE-2022-34420
CVE-2022-34421
CVE-2022-34422
CVE-2022-34423
Proprietary Code CVEs
Description
CVSS Base Score
CVSS Vector String
CVE-2022-34377
Dell PowerEdge BIOS and Dell Precision BIOS contain an Improper SMM communication buffer verification vulnerability. A local malicious user with high Privileges may potentially exploit this vulnerability to perform arbitrary code execution or cause denial of service.
1.9
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L
CVE-2022-34376
Dell PowerEdge BIOS and Dell Precision BIOS contain an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by manipulating an SMI to cause a denial of service during SMM.
3.9
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:L/A:L
CVE-2022-34406
Dell PowerEdge BIOS and Dell Precision BIOS contain an Improper SMM communication buffer verification vulnerability. A local malicious user with high Privileges may potentially exploit this vulnerability to perform arbitrary code execution or cause denial of service.
7.5
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
CVE-2022-34407
CVE-2022-34408
CVE-2022-34409
CVE-2022-34410
CVE-2022-34411
CVE-2022-34412
CVE-2022-34413
CVE-2022-34414
CVE-2022-34415
CVE-2022-34416
CVE-2022-34417
CVE-2022-34418
CVE-2022-34419
CVE-2022-34420
CVE-2022-34421
CVE-2022-34422
CVE-2022-34423
Dell Technologies raadt aan dat alle klanten rekening houden met zowel de basisscore van CVSS als alle relevante tijdelijke en omgevingsscores die gevolgen kunnen hebben voor de mogelijke ernst van de specifieke beveiligingsproblemen.
Note: For those customers that enable SGX function on R750, R750XA, R650, C6520, MX750c, R450, R550, R650xs, R750xs, T550, XR11, or XR12, do not roll back the BIOS to older versions. An issue that is discovered within Intel microcode may cause TCB recovery failure and result in a system to stop responding. By default, SGX function is disabled. To determine if SGX function is enabled:
From the BIOS - Systems Utilities screen, select System Configuration > BIOS/Platform Configuration (RBSI) > System Options > Processor Options > Intel Software Guard Extensions (SGX) and press Enter.
If it is set to Enabled or software controlled, then the SGX function is enabled.
Note: For those customers that enable SGX function on R750, R750XA, R650, C6520, MX750c, R450, R550, R650xs, R750xs, T550, XR11, or XR12, do not roll back the BIOS to older versions. An issue that is discovered within Intel microcode may cause TCB recovery failure and result in a system to stop responding. By default, SGX function is disabled. To determine if SGX function is enabled:
From the BIOS - Systems Utilities screen, select System Configuration > BIOS/Platform Configuration (RBSI) > System Options > Processor Options > Intel Software Guard Extensions (SGX) and press Enter.
If it is set to Enabled or software controlled, then the SGX function is enabled.
Revisiegeschiedenis
Revision
Date
Description
1.0
2022-12-15
Initial release
1.1
2023-02-10
Add PowerVault NX models.
1.2
2023-03-14
Updated CVE Descriptions
Bevestigingen
CVE-2022-34377,CVE-2022-34376: Dell would like to thank Yngwei for reporting this issue.