SB2022092804 - Multiple vulnerabilities in Dell PowerEdge Server

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2022092804

SB2022092804 - Multiple vulnerabilities in Dell PowerEdge Server

Published: September 28, 2022

Security Bulletin ID SB2022092804
Severity
Medium
Patch available
YES
Number of vulnerabilities 13
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

Medium 8% Low 92%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 13 secuirty vulnerabilities.


1) Resource management error (CVE-ID: CVE-2021-26348)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to failure to flush the Translation Lookaside Buffer (TLB) of the I/O memory management unit (IOMMU). A local user can force the IO device into writing data to memory it should not be able to access.


2) Resource management error (CVE-ID: CVE-2021-26342)

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to the CPU may fail to flush the Translation Lookaside Buffer (TLB) in SEV guest VMs. A local user can execute a particular sequence of operations that includes creation of a new virtual machine control block (VMCB) and disclose the SEV guest memory contents.


3) Time-of-check Time-of-use (TOCTOU) Race Condition (CVE-ID: CVE-2021-26350)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a race condition in the System Management Unit (SMU). A local user can obtain and manipulate the address of a message port register and perform a denial of service attack.

4) Out-of-bounds write (CVE-ID: CVE-2021-26312)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error caused by failure to flush the Translation Lookaside Buffer (TLB) of the I/O memory management unit (IOMMU). A local user can force an IO device to write to memory it should not be able to access and execute arbitrary code with elevated privileges.


5) Buffer overflow (CVE-ID: CVE-2021-26364)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error in an SMU mailbox register. A local user can force SMU to read outside of the SRAM address range and perform a denial of service attack.


6) Security features bypass (CVE-ID: CVE-2021-26349)

The vulnerability allows an attacker to compromise the guest OS.

The vulnerability exists due to failure to assign a new report ID to an imported guest. This can result in an SEV-SNP guest VM being tricked into trusting a dishonest Migration Agent (MA).


7) Out-of-bounds read (CVE-ID: CVE-2021-26388)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation in the BIOS directory that allows for searches to read beyond the directory table copy in RAM. A local user can perform a denial of service (DoS) attack.


8) Buffer overflow (CVE-ID: CVE-2021-26372)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error in System Management Unit (SMU). A local user can trigger memory corruption and perform a denial of service (DoS) attack.

9) Buffer overflow (CVE-ID: CVE-2021-26378)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error in System Management Unit (SMU). A local user can trigger memory corruption and perform a denial of service (DoS) attack.

10) Buffer overflow (CVE-ID: CVE-2021-26375)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error in System Management Unit (SMU). A local user can trigger memory corruption and perform a denial of service (DoS) attack.


11) Input validation error (CVE-ID: CVE-2021-26376)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input in System Management Unit (SMU) FeatureConfig. A local user can re-enable certain features, which can lead to denial of service.


12) Time-of-check Time-of-use (TOCTOU) Race Condition (CVE-ID: CVE-2021-26347)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a race condition in the System Management Unit (SMU). A local user can force the DMA (Direct Memory Access) to reference an invalid DRAM address and perform a denial of service attack.


13) Buffer overflow (CVE-ID: CVE-2021-26373)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error in the System Management Unit (SMU). A local user can trigger a system voltage malfunction and perform a denial of service (DoS) attack.


Remediation

Install update from vendor's website.

References