CVE-2022-22558

Dell PowerEdge Server BIOS and Dell Precision Workstation 7910 and 7920 Rack BIOS contain an Improper SMM communication buffer verification vulnerability. A Local High Privileged attacker could potentially exploit this vulnerability leading to arbitrary writes or denial of service.

CVSS v3.0 6.0 MEDIUM
CVSS v2.0 3.6 LOW

6.0^/10

CVSS v3.0 : MEDIUM

V3 Legend

Vector :

Exploitability : 0.8 / Impact : 5.2

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

3.6^/10

CVSS v2.0 : LOW

V2 Legend

Vector : AV:L/AC:L/Au:N/C:N/I:P/A:P

Exploitability : 3.9 / Impact : 4.9

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
https://www.dell.com/support/kbdoc/000197971	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:dell:r6415_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:r6415:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:dell:r7415_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:r7415:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:dell:r7425_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:r7425:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

cpe:2.3:o:dell:r730_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:r730:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

cpe:2.3:o:dell:r730xd_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:r730xd:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND

cpe:2.3:o:dell:r630_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:r630:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND

cpe:2.3:o:dell:c4130_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:c4130:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND

cpe:2.3:o:dell:m630_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:m630:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND

cpe:2.3:o:dell:m630p_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:m630p:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND

cpe:2.3:o:dell:fc630_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:fc630:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND

cpe:2.3:o:dell:fc430_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:fc430:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND

cpe:2.3:o:dell:m830_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:m830:-:*:*:*:*:*:*:*

Configuration 13 (hide)

AND

cpe:2.3:o:dell:m830p_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:m830p:-:*:*:*:*:*:*:*

Configuration 14 (hide)

AND

cpe:2.3:o:dell:fc830_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:fc830:-:*:*:*:*:*:*:*

Configuration 15 (hide)

AND

cpe:2.3:o:dell:t630_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:t630:-:*:*:*:*:*:*:*

Configuration 16 (hide)

AND

cpe:2.3:o:dell:r530_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:r530:-:*:*:*:*:*:*:*

Configuration 17 (hide)

AND

cpe:2.3:o:dell:r430_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:r430:-:*:*:*:*:*:*:*

Configuration 18 (hide)

AND

cpe:2.3:o:dell:t430_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:t430:-:*:*:*:*:*:*:*

Configuration 19 (hide)

AND

cpe:2.3:o:dell:r830_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:r830:-:*:*:*:*:*:*:*

Configuration 20 (hide)

AND

cpe:2.3:o:dell:c6320_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:c6320:-:*:*:*:*:*:*:*

Information

Published : 2022-04-21 14:15

Updated : 2022-09-01 12:15

NVD link : CVE-2022-22558

Mitre link : CVE-2022-22558

JSON object : View

CWE

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

Products Affected

dell

r530_firmware
r430
m830
fc830_firmware
r530
c6320_firmware
r7425_firmware
c4130_firmware
m830p
r730xd_firmware
r6415_firmware
fc630_firmware
t430
r430_firmware
m630p_firmware
c4130
t630
fc430
r7415_firmware
m630
r6415
t630_firmware
r730xd
m830_firmware
r630
m630p
c6320
fc830
fc630
r730_firmware
r830_firmware
r730
fc430_firmware
r630_firmware
r830
r7425
r7415
m630_firmware
m830p_firmware
t430_firmware

6.0 /10

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

3.6 /10

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact PARTIAL

JSON object

Attach tags to CVE-2022-22558

6.0^/10

3.6^/10

Attach tags to `CVE-2022-22558`