CVE-2022-22558

Published: Apr 21, 2022Modified: Nov 21, 2024

6.0

Vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H

Exploitability: 0.8 / Impact: 5.2

Source: NVD

Description

Dell PowerEdge Server BIOS and Dell Precision Workstation 7910 and 7920 Rack BIOS contain an Improper SMM communication buffer verification vulnerability. A Local High Privileged attacker could potentially exploit this vulnerability leading to arbitrary writes or denial of service.

Affected (20)

Products: Dell: R6415 Firmware, R7415 Firmware, R7425 Firmware, R730 Firmware, R730xd Firmware, R630 Firmware, C4130 Firmware, M630 Firmware, M630p Firmware, Fc630 Firmware, Fc430 Firmware, M830 Firmware, M830p Firmware, Fc830 Firmware, T630 Firmware, R530 Firmware, R430 Firmware, T430 Firmware, R830 Firmware, C6320 Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dell R6415 Firmware	Before 1.18.0

Running on/with	Platform Versions
Dell R6415	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dell R7415 Firmware	Before 1.18.0

Running on/with	Platform Versions
Dell R7415	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dell R7425 Firmware	Before 1.18.0

Running on/with	Platform Versions
Dell R7425	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dell R730 Firmware	Before 2.14.0

Running on/with	Platform Versions
Dell R730	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dell R730xd Firmware	Before 2.14.0

Running on/with	Platform Versions
Dell R730xd	All versions

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dell R630 Firmware	Before 2.14.0

Running on/with	Platform Versions
Dell R630	All versions

Configuration G

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dell C4130 Firmware	Before 2.14.0

Running on/with	Platform Versions
Dell C4130	All versions

Configuration H

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dell M630 Firmware	Before 2.14.0

Running on/with	Platform Versions
Dell M630	All versions

Configuration I

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dell M630p Firmware	Before 2.14.0

Running on/with	Platform Versions
Dell M630p	All versions

Configuration J

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dell Fc630 Firmware	Before 2.14.0

Running on/with	Platform Versions
Dell Fc630	All versions

Configuration K

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dell Fc430 Firmware	Before 2.14.0

Running on/with	Platform Versions
Dell Fc430	All versions

Configuration L

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dell M830 Firmware	Before 2.14.0

Running on/with	Platform Versions
Dell M830	All versions

Configuration M

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dell M830p Firmware	Before 2.14.0

Running on/with	Platform Versions
Dell M830p	All versions

Configuration N

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dell Fc830 Firmware	Before 2.14.0

Running on/with	Platform Versions
Dell Fc830	All versions

Configuration O

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dell T630 Firmware	Before 2.14.0

Running on/with	Platform Versions
Dell T630	All versions

Configuration P

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dell R530 Firmware	Before 2.14.0

Running on/with	Platform Versions
Dell R530	All versions

Configuration Q

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dell R430 Firmware	Before 2.14.0

Running on/with	Platform Versions
Dell R430	All versions

Configuration R

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dell T430 Firmware	Before 2.14.0

Running on/with	Platform Versions
Dell T430	All versions

Configuration S

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dell R830 Firmware	Before 1.14.0

Running on/with	Platform Versions
Dell R830	All versions

Configuration T

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dell C6320 Firmware	Before 2.14.1

Running on/with	Platform Versions
Dell C6320	All versions

Related CWEs

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

References (2)

https://www.dell.com/support/kbdoc/000197971

Source: security_alert@emc.com

Vendor Advisory

https://www.dell.com/support/kbdoc/000197971

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.