Main Vulnerability Database SB2023022350

SB2023022350 - Dell client platform security update Intel firmware

Published: February 23, 2023

Security Bulletin ID SB2023022350

CSH Severity

Low

Patch available

YES

Number of vulnerabilities 4

Exploitation vector Local access

Highest impact Data manipulation

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 4 vulnerabilities.

1) Improper Initialization (CVE-ID: CVE-2022-32231)

CWE-ID: CWE-665 - Improper Initialization

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to improper initialization in the BIOS firmware. A local user can run a specially crafted application to execute arbitrary code with escalated privileges on the system.

2) Improper Initialization (CVE-ID: CVE-2022-30704)

CWE-ID: CWE-665 - Improper Initialization

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to improper initialization in the Intel(R) TXT SINIT ACM. A local user can run a specially crafted application to execute arbitrary code with escalated privileges on the system.

3) Improper access control (CVE-ID: CVE-2022-26343)

CWE-ID: CWE-284 - Improper Access Control

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to improper access restrictions in the BIOS firmware. A local privileged user can execute arbitrary code with elevated privileges.

4) Improper isolation or compartmentalization (CVE-ID: CVE-2022-38090)

CWE-ID: CWE-653 - Improper isolation or compartmentalization

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to improper isolation of shared resources in some Intel processors when using Intel Software Guard Extensions. A local user can gain access to sensitive information.

Remediation

Install update from vendor's website.

References

https://www.dell.com/support/kbdoc/nl-nl/000208395/dsa-2023-049-dell-client-platform-security-update-for-multiple-intel-2023-1-ipu-vulnerabilities

Vulnerable Software

XPS 13 9305: before 1.11.0
Dell G3 15 (3590): before 1.20.0
Dell G5 15 (5500): before 1.22.2
XPS 13 (9380): before 1.23.1
XPS 8950: before 1.10.0
XPS 8940: before 2.11.0
XPS 8930: before 1.1.28
XPS 17 9720: before 1.14.0
XPS 17 9710: before 1.17.0
XPS 15 9575 2-in-1: before 1.25.0
XPS 15 9520: before 1.10.0
XPS 15 9510: before 1.17.0
XPS 15 9500: before 1.20.0
XPS 15 7590: before 1.20.0
XPS 13 9320: before 1.11.0
XPS 13 9315 2-in-1: before 1.5.0
XPS 13 9315: before 1.8.0
XPS 13 9310 2-in-1: before 2.15.0
XPS 13 9310: before 3.12.1
XPS 13 9300: before 1.16.0
XPS 13 7390 2-in-1: before 1.21.0
XPS 13 7390: before 1.19.0
Wyse 5470 All-In-One: before 1.18.0
Wyse 5470: before 1.17.1
Wyse 5070: before 1.21.0
Vostro 7620: before 1.9.0
Vostro 7590: before 1.17.0
Vostro 7510: before 1.14.0
Vostro 7500: before 1.20.0
Vostro 5890: before 1.14.1
Vostro 5880: before 1.17.1
Vostro 5620: before 1.11.0
Vostro 5591: before 1.25.1
Vostro 5590: before 1.22.0
Vostro 5510: before 2.16.0
Vostro 5502: before 1.20.1
Vostro 5501: before 1.19.0
Vostro 5491: before 1.25.1
Vostro 5490: before 1.22.0
Vostro 5410: before 2.16.0
Vostro 5402: before 1.20.1
Vostro 5401: before 1.19.0
Vostro 5391: before 1.21.0
Vostro 5320: before 1.8.0
Vostro 5310: before 2.17.0
Vostro 5301: before 1.23.1
Vostro 5300: before 1.19.0
Vostro 5090: before 1.17.0
Vostro 3910: before 1.9.0
Vostro 3890: before 1.14.0
Vostro 3888: before 2.17.1
Vostro 3881: before 2.17.1
Vostro 3710: before 1.9.0
Vostro 3690: before 1.14.0
Vostro 3681: before 2.17.1
Vostro 3671: before 1.13.0
Vostro 3670: before 2.26.0
Vostro 3590: before 1.22.1
Vostro 3584: before 1.21.0
Vostro 3583: before 1.22.1
Vostro 3582: before 1.17.0
Vostro 3581: before 1.21.0
Vostro 3580: before 1.22.1
Vostro 3520: before 1.10.0
Vostro 3510: before 1.19.0
Vostro 3501: before 1.22.0
Vostro 3500: before 1.22.0
Vostro 3490: before 1.22.1
Vostro 3481: before 1.21.0
Vostro 3480: before 1.22.1
Vostro 3471: before 1.13.0
Vostro 3470: before 2.26.0
Vostro 3420: before 1.10.0
Vostro 3401: before 1.22.0
Vostro 3400: before 1.22.0
Vostro 3070: before 2.26.0
Precision 7920 Tower: before 2.29.0
Precision 7920 Rack: before 2.17.1
Precision 7820 Tower: before 2.29.0
Precision 7770: before 1.9.1
Precision 7760: before 1.19.0
Precision 7740: before 1.24.0
Precision 7730: before 1.26.0
Precision 7720: before 1.29.0
Precision 7670: before 1.9.1
Precision 7560: before 1.19.0
Precision 7540: before 1.24.0
Precision 7530: before 1.26.0
Precision 7520: before 1.29.0
Precision 5770: before 1.14.0
Precision 5760: before 1.17.0
Precision 5720 All-In-One: before 2.18.0
Precision 5570: before 1.10.0
Precision 5560: before 1.17.0
Precision 5540: before 1.20.0
Precision 5530 2-in-1: before 1.23.8
Precision 5530: before 1.30.0
Precision 5470: before 1.10.0
Precision 3930 Rack: before 2.23.0
Precision 3660: before Pending
Precision 3650 Tower: before 1.18.0
Precision 3630 Tower: before 2.18.0
Precision 3571: before 1.11.0
Precision 3570: before 1.10.0
Precision 3561: before 1.19.0
Precision 3560: before 1.25.1
Precision 3541: before 1.24.0
Precision 3540: before 1.23.0
Precision 3530: before 1.25.0
Precision 3520: before 1.29.0
Precision 3470: before 1.10.1
Precision 3460 Small Form Factor: before 2.1.0
Precision 3450: before 1.14.1
Precision 3431 Tower: before 1.17.0
Precision 3430 Tower: before 1.22.0
OptiPlex XE3: before 1.24.0
OptiPlex 7770 All-In-One: before 1.19.0
OptiPlex 7760 All-In-One: before 1.24.0
OptiPlex 7490 All-in-One: before 1.17.0
OptiPlex 7470 All-In-One: before 1.19.0
OptiPlex 7460 All-In-One: before 1.24.0
OptiPlex 7450: before 1.25.0
OptiPlex 7400: before 1.1.22
Optiplex 7090 Ultra: before 1.17.0
OptiPlex 7090: before 1.14.1
OptiPlex 7071: before 1.17.0
OptiPlex 7070 Ultra: before 1.17.1
OptiPlex 7070: before 1.20.0
OptiPlex 7060: before 1.24.0
OptiPlex 7050: before 1.24.0
OptiPlex 7000 OEM: before 1.9.0
OptiPlex 7000: before 1.9.0
OptiPlex 5490 All-In-One: before 1.17.0
OptiPlex 5400: before 1.1.22
OptiPlex 5270 All-In-One: before 1.19.0
OptiPlex 5260 All-In-One: before 1.24.0
OptiPlex 5250: before 1.25.0
OptiPlex 5090: before 1.14.1
OptiPlex 5070: before 1.20.0
OptiPlex 5060: before 1.24.0
OptiPlex 5050: before 1.24.0
OptiPlex 5000: before 1.9.0
OptiPlex 3280 All-in-One: before 1.18.1
OptiPlex 3090 Ultra: before 1.17.0
OptiPlex 3080: before 2.17.1
OptiPlex 3070: before 1.20.0
OptiPlex 3060: before 1.24.0
OptiPlex 3050 All-In-One: before 1.25.0
OptiPlex 3050: before 1.24.0
OptiPlex 3000: before 1.9.0
Latitude 5421: before 1.18.0
Latitude Rugged 7330: before 1.15.0
Latitude Rugged 5430: before 1.15.0
Latitude 9520: before 1.19.1
Latitude 9430: before 1.11.0
Latitude 9420: before 1.18.0
Latitude 9330: before 1.8.0
Latitude 7530: before 1.11.0
Latitude 7520: before 1.23.1
Latitude 7490: before 1.31.1
Latitude 7480: before 1.30.0
Latitude 7430: before 1.11.0
Latitude 7424 Rugged Extreme: before 1.23.0
Latitude 7420: before 1.23.1
Latitude 7400 2-in-1: before 1.20.0
Latitude 7400: before 1.24.0
Latitude 7390 2-in-1: before 1.29.1
Latitude 7390: before 1.31.1
Latitude 7389: before 1.32.0
Latitude 7380: before 1.30.0
Latitude 7330: before 1.11.0
Latitude 7320 Detachable: before 1.19.0
Latitude 7320: before 1.23.1
Latitude 7300: before 1.24.0
Latitude 7290: before 1.31.1
Latitude 7280: before 1.30.0
Latitude 7230 Rugged Extreme Tablet: before 1.3.1
Latitude 7220EX Rugged Extreme Tablet: before 1.27.1
Latitude 7220 Rugged Extreme Tablet: before 1.27.1
Latitude 7212 Rugged Extreme Tablet: before 1.43.0
Latitude 7200 2-in-1: before 1.21.0
Latitude 5591: before 1.25.0
Latitude 5590: before 1.27.1
Latitude 5580: before 1.29.0
Latitude 5531: before 1.11.0
Latitude 5530: before 1.10.0
Latitude 5521: before 1.19.0
Latitude 5520: before 1.25.1
Latitude 5501: before 1.24.0
Latitude 5500: before 1.23.0
Latitude 5491: before 1.25.0
Latitude 5490: before 1.27.1
Latitude 5488: before 1.29.0
Latitude 5480: before 1.29.0
Latitude 5431: before 1.10.1
Latitude 5430: before 1.10.0
Latitude 5424 Rugged: before 1.23.0
Latitude 5420 Rugged: before 1.23.0
Latitude 5420: before 1.25.0
Latitude 5401: before 1.24.0
Latitude 5400: before 1.23.0
Latitude 5330: before 1.10.0
Latitude 5320: before 1.25.1
Latitude 5300 2-IN-1: before 1.25.0
Latitude 5300: before 1.25.0
Latitude 5290 2-in-1: before 1.25.0
Latitude 5290: before 1.27.1
Latitude 5289: before 1.32.0
Latitude 5288: before 1.29.0
Latitude 5280: before 1.29.0
Latitude 3590: before 1.24.0
Latitude 3530: before 1.7.0
Latitude 3520: before 1.25.1
Latitude 3510: before 1.21.0
Latitude 3500: before 1.27.1
Latitude 3490: before 1.24.0
Latitude 3430: before 1.7.0
Latitude 3420: before 1.25.1
Latitude 3410: before 1.21.0
Latitude 3400: before 1.27.1
Latitude 3390 2-in-1: before 1.24.0
Latitude 3330: before 1.9.0
Latitude 3320: before 1.19.0
Latitude 3310 2-in-1: before 1.18.0
Latitude 3310: before 1.19.0
Latitude 3301: before 1.25.1
Latitude 3300: before 1.20.0
Latitude 3190 2-In-1: before 1.24.0
Latitude 3190: before 1.24.0
Inspiron5491 All-in-One: before 1.19.1
Inspiron 7791: before 1.19.0
Inspiron 7790: before 1.19.1
Inspiron 7710: before 1.9.0
Inspiron 7706 2-in-1: before 1.20.3
Inspiron 7700 All-In-One: before 1.16.0
Inspiron 7620: before 1.9.0
Inspiron 7610: before 1.14.0
Inspiron 7591: before 1.17.0
Inspiron 7590: before 1.17.0
Inspiron 7510: before 1.14.0
Inspiron 7506 2-in-1: before 1.20.3
Inspiron 7501: before 1.20.0
Inspiron 7500 2-in-1 Silver: before 1.19.0
Inspiron 7500 2-in-1 Black: before 1.15.0
Inspiron 7500: before 1.20.0
Inspiron 7490: before 1.18.0
Inspiron 7420: before 1.9.0
Inspiron 7400: before 1.23.1
Inspiron 7390: before 1.19.0
Inspiron 7306 2-in-1: before 1.20.3
Inspiron 7300 2-in-1: before 1.15.0
Inspiron 7300: before 1.23.1
Inspiron 7000: before 1.21.0
Inspiron 5770: before 1.13.0
Inspiron 5620: before 1.11.0
Inspiron 5598: before 1.22.0
Inspiron 5594: before 1.22.1
Inspiron 5593: before 1.25.1
Inspiron 5591 2-in-1: before 1.18.0
Inspiron 5590: before 1.22.0
Inspiron 5584: before 1.22.1
Inspiron 5583: before 1.22.1
Inspiron 5570: before 1.13.0
Inspiron 5510: before 2.16.0
Inspiron 5509: before 1.20.1
Inspiron 5508: before 1.19.0
Inspiron 5502: before 1.20.1
Inspiron 5501: before 1.19.0
Inspiron 5498: before 1.22.0
Inspiron 5494: before 1.22.1
Inspiron 5493: before 1.25.1
Inspiron 5491 2-in-1: before 1.18.0
Inspiron 5490 All-in-One: before 1.19.1
Inspiron 5490: before 1.22.0
Inspiron 5481 2-in-1: before 2.19.0
Inspiron 5420: before 1.11.0
Inspiron 5410 All-In-One: before 1.9.0
Inspiron 5409: before 1.20.1
Inspiron 5408: before 1.19.0
Inspiron 5406 2-in-1: before 1.20.3
Inspiron 5402: before 1.20.1
Inspiron 5401 All-in-One: before 1.16.0
Inspiron 5401: before 1.19.0
Inspiron 5400 2-in-1: before 1.19.0
Inspiron 5400: before 1.16.0
Inspiron 5391: before 1.21.0
Inspiron 5320: before 1.8.0
Inspiron 5310: before 2.17.0
Inspiron 5301: before 1.23.1
Inspiron 5300: before 1.19.0
Inspiron 3910: before 1.9.0
Inspiron 3891: before 1.14.0
Inspiron 3881: before 1.17.1
Inspiron 3880: before 1.17.2
Inspiron 3793: before 1.25.1
Inspiron 3790: before 1.22.1
Inspiron 3782: before 1.17.0
Inspiron 3781: before 1.21.0
Inspiron 3780: before 1.22.1
Inspiron 3671: before 1.13.0
Inspiron 3670: before 2.26.0
Inspiron 3593: before 1.25.1
Inspiron 3590: before 1.22.1
Inspiron 3583: before 1.22.1
Inspiron 3582: before 1.17.0
Inspiron 3581: before 1.21.0
Inspiron 3580: before 1.22.1
Inspiron 3521: before 1.7.0
Inspiron 3520: before 1.10.0
Inspiron 3511: before 1.19.0
Inspiron 3510: before 1.12.0
Inspiron 3502: before 1.11.0
Inspiron 3501: before 1.22.0
Inspiron 3493: before 1.25.1
Inspiron 3490: before 1.22.1
Inspiron 3482: before 1.17.0
Inspiron 3481: before 1.21.0
Inspiron 3480: before 1.22.1
Inspiron 3471: before 1.13.0
Inspiron 3470: before 2.26.0
Inspiron 3280: before 1.17.3
Inspiron 16 Plus 7620: before 1.9.0
Inspiron 15 3511: before 1.20.0
Inspiron 14 Plus 7420: before 1.9.0
Inspiron 14 5410 2-in-1: before 2.16.0
Dell G7 17 7790: before 1.22.0
Dell G7 17 7700: before 1.21.0
Dell G7 15 7590: before 1.22.0
Dell G7 15 7500: before 1.21.0
Dell G5 5090: before 1.17.0
Dell G5 5000: before 1.12.0
Dell G3 3779: before 1.24.0
Dell G3 3579: before 1.24.0
Dell G3 3500: before 1.22.2
Dell G16 7620: before 1.14.0
Dell G15 5520: before 1.14.0
Dell G15 5511: before 1.20.0
Dell G15 5510: before 1.18.1
ChengMing 3991: before 1.17.1
ChengMing 3990: before 1.17.1
ChengMing 3988: before 1.13.0
ChengMing 3980: before 2.26.0
ChengMing 3900: before 1.9.0
Alienware x17 R2: before 1.11.0
Alienware x17 R1: before 1.16.0
Alienware x15 R2: before 1.11.0
Alienware x15 R1: before 1.16.0
Alienware x14: before 1.10.0
Alienware m17 R2: before 1.19.0
Alienware m17 R1: before 2.16.0
Alienware m15 R7: before 1.14.0
Alienware m15 R6: before 1.19.0
Alienware m15 R2: before 1.19.0
Alienware m15 R1: before 2.16.0
Alienware Aurora R9: before 1.0.23
Alienware Aurora R8: before 1.0.26
Alienware Aurora R13: before 1.10.0
Alienware Aurora R12: before 1.1.18
Alienware Aurora R11: before 1.0.19
Alienware Area 51m R1: before 1.23.0

SB2023022350 - Dell client platform security update Intel firmware

Breakdown by Severity

Description

Remediation

References

Please verify you're human