The ISS/SPS vulnerability may occur if the Dell Client BIOS Versions prior to 1.0.0.15 contain an improper input validation. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMM. Dell has released updated versions of the BIOS for all server platforms, except the XC series. IMPORTANT: Due to the severity of the issue, Intel has released a new version of their Chipset Software. For the Intel X79, X99, and X299 platforms, the new version is 1.0.0.15. Dell has released updated BIOS versions for all server platforms, except the XC series. IMPORTANT: Due to the severity of the issue, Intel has released a new version of their Chipset Software. For the Intel X79, X99, and X299 platforms, the new version is 1.0.0.15. For details on the specific BIOS updates, see the Dell Support Knowledge Center and the Intel Knowledge Center. Intel has issued new versions of their Chipset Software for the X79, X99, and X299 server platforms. INTEL has released new versions of the Chipset Software for the X79, X99, and X299 server platforms.
Vulnerable Product Statement
Dell-Laptop and Desktop
Servers
XC Series
The Intel X79, X99, and X299 server platforms are impacted by this vulnerability. Dell has released updated BIOS versions for all server platforms except the XC series.
Vulnerable Platforms
While the vulnerability has been identified on Dell servers, there is a possibility that it could occur on other platforms as well. The vulnerability has been identified in Dell systems using Intel processors with Intel Chipset Software version 1.0.0.15 and earlier versions.
Affected Products
Some models of Dell Servers manufactured in or before November 2015 may be affected by this vulnerability. The following is a list of Dell Systems that may be affected:
Dell PowerEdge 1950, 2950, 3950, 1950 II, 2950 II, 3950 II
Dell PowerEdge R220, R330
Timeline
Published on: 10/12/2022 20:15:00 UTC
Last modified on: 10/13/2022 18:25:00 UTC