CVE-2022-34438 Dell PowerScale OneFS versions 8.2.x-9.4.0 contain a privilege context switching error. A local authenticated malicious user with high privileges could potentially exploit this vulnerability, leading to system compromise.

The issue is located in the privilege management code and is exposed in the cases where a cluster node has a high degree of privilege such as a system management node running on a high-privilege VMWare host.

In versions 8.2.x-9.4.0.x of Dell PowerScale OneFS, high privilege nodes can resync with high privilege nodes, potentially leading to privilege escalation.
In versions 8.2.x-9.4.0.x of Dell PowerScale OneFS, privilege activation can lead to privilege context switching which can be exploited by a local malicious user to escalate privileges and gain full system compromise.
This issue was identified and fixed as part of the resolved CVEs listed below. These security updates are now available for Dell PowerEdge R740xd, R720xd, R720nxd, R710, R710xd, R710nx, R710, R710s, R710sX, R710sD, R710sE, R710sF, R710sN, R710sP, R710sXC, R710sXD, R710sXF, R710sXN, R710sXV, R710sXVF, R710sXVN, R710sXVX, R710sXVXF, R710sXVXN, R710sXVXV, R710s

PowerEdge R740xd

, R720xd, R720nxd, R710, R710xd, R710nx, R710s
Dell PowerEdge R740xd, R720xd, and R720nxd: download the patches listed below.
Dell PowerEdge R710 and R710xd: download the patches listed below.
Dell PowerEdge R7000 and Dell PowerEdge T630: no patch is available.
Dell PowerEdge T630XC: no patch is available.
Dell PowerEdge T6300: no patch is available.

Dell PowerEdge R740xd

, R720xd, R720nxd, R710, R710xd, R710nx, R710s
Dell PowerEdge Servers that have the affected versions of Dell PowerScale OneFS are vulnerable to privilege escalation.

This issue was identified and fixed as part of the resolved CVEs listed below. These security updates are now available for Dell PowerEdge R740xd, R720xd, R720nxd, R710, R710xd, R710nx, R710s

Dell PowerEdge R720, R730, R740, R740xd, and R7415 Server Vulnerabilities

This issue is located in the privilege management code and is exposed in the cases where a cluster node has a high degree of privilege such as a system management node running on a high-privilege VMWare host.
In versions 8.2.x-9.4.0.x of Dell PowerScale OneFS, high privilege nodes can resync with high privilege nodes, potentially leading to privilege escalation.
In versions 8.2.x-9.4.0.x of Dell PowerScale OneFS, privilege activation can lead to privilege context switching which can be exploited by a local malicious user to escalate privileges and gain full system compromise.

Timeline

Published on: 10/21/2022 18:15:00 UTC
Last modified on: 10/24/2022 15:41:00 UTC

References

• https://www.dell.com/support/kbdoc/en-us/000204053/dsa-2022-245-dell-emc-powerscale-onefs-security-update-for-multiple-security-updates
• https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-34438