Advisory for Dell Security Updates

  • NIC-CERT/2022-01/039
  • Date: 2022-02-01
  • CVE ID: Multiple
  • Severity: High

A. Description:
A vulnerability has been reported in Dell product which may be exploited by malicious users to compromise the affected systems

B. Security Issues Fixed:
Dell has announced updates for Dell EMC Cloud Disaster Recovery Security Update for NVIDIA GPU Display Driver Vulnerabilities, Alps Alpine Touchpad Driver Vulnerability, Apache Log4j Remote Code Execution Vulnerability etc.

Third-party Component

CVEs

NVIDIA® GPU Display Driver

CVEâ??2021â??1074

CVEâ??2021â??1075

CVEâ??2021â??1076

CVEâ??2021â??1077

CVEâ??2021â??1078

CVE-2021-1089

CVE-2021-1090

CVE-2021-1091

CVE-2021-1092

CVE-2021-1093

CVE-2021-1094

CVE-2021-1095

CVE-2021-1096

NVIDIA® GPU Display Driver

CVEâ??2021â??1115

CVEâ??2021â??1116

CVEâ??2021â??1117

Apache ant

CVE-2020-11979

Apache thrift

CVE-2020-13949

Apache Log4j

CVE-2021-44228

CVE-2021-45046

Apache2

CVE-2020-35452

CVE-2021-26690

CVE-2021-26691

CVE-2021-30641

CVE-2021-31618

Bind

CVE-2020-8625

CVE-2021-25214

CVE-2021-25215

Cpio

CVE-2021-38185

Curl

CVE-2020-8231

CVE-2020-8284

CVE-2020-8285

CVE-2020-8286

CVE-2021-22876

CVE-2021-22898

CVE-2021-22922

CVE-2021-22923

CVE-2021-22924

CVE-2021-22925

cyrus-sasl

CVE-2019-19906

dbus-1

CVE-2020-12049

CVE-2020-35512

dhcp

CVE-2021-25217

file

CVE-2019-18218

FLAC

CVE-2020-0499

glib2

CVE-2021-27218

CVE-2021-27219

libesmtp

CVE-2019-19977

libsndfile

CVE-2018-13139

CVE-2018-19432

CVE-2018-19758

CVE-2021-3246

libsolv

CVE-2019-20387

CVE-2021-3200

libxml2

CVE-2021-3516

CVE-2021-3517

CVE-2021-3518

CVE-2021-3537

openldap2

CVE-2020-25692

CVE-2020-36221

CVE-2020-36222

CVE-2020-36223

CVE-2020-36224

CVE-2020-36225

CVE-2020-36226

CVE-2020-36227

CVE-2020-36228

CVE-2020-36229

CVE-2020-36230

CVE-2020-8023

CVE-2021-27212

sqlite3

CVE-2015-3414

CVE-2015-3415

CVE-2016-6153

CVE-2017-10989

CVE-2017-2518

CVE-2018-20346

CVE-2018-8740

CVE-2019-16168

CVE-2019-19244

CVE-2019-19317

CVE-2019-19603

CVE-2019-19645

CVE-2019-19646

CVE-2019-19880

CVE-2019-19923

CVE-2019-19924

CVE-2019-19925

CVE-2019-19926

CVE-2019-19959

CVE-2019-20218

CVE-2019-8457

CVE-2020-13434

CVE-2020-13435

CVE-2020-13630

CVE-2020-13631

CVE-2020-13632

CVE-2020-15358

CVE-2020-9327

python-cryptography

CVE-2020-36242

Permissions

CVE-2020-8025

openssl-1_0_0

CVE-2021-23840

CVE-2021-23841

CVE-2021-3712

Alps Alpine Touchpad Driver

CVE-2021-27971

Apache Log4J

CVE-2021-44228

CVE-2021-45046

AMD Chipset Driver

CVE202126333

Affected Products and Solution

Product

Affected Versions

Link to Update

Dell EMC Elastic Cloud Storage

Versions before ECS 3.6.2.1

https://www.dell.com/support/home/en-us/product-support/product/ecs-appliance-/overview

Latitude 7370

Precision 3510

Precision 7510

Precision 7710

Latitude 5280

Latitude 5288

Latitude 5289 2-in-1

Latitude 5290

Latitude 5480

Latitude 5488

Latitude 5490

Latitude 5491

Latitude 5495

Latitude 5580

Latitude 5590

Latitude 5591

Latitude 7280

Latitude 7290

Latitude 7380

Latitude 7389 2-in-1

Latitude 7390

Latitude 7390 2-in-1

Latitude 7480

Latitude 7490

Precision 3520

Precision 3530

Precision 7520

Precision 7530

Precision 7720

Precision 7730

10.3201.101.216, A09

10.3201.101.216, A09

10.3201.101.216, A09

10.3201.101.216, A09

10.3201.101.216, A10

10.3201.101.216, A10

10.3201.101.216, A10

10.3201.101.216, A10

10.3201.101.216, A10

10.3201.101.216, A10

10.3201.101.216, A10

10.3201.101.216, A10

10.3201.101.216, A10

10.3201.101.216, A10

10.3201.101.216, A10

10.3201.101.216, A10

10.3201.101.216, A10

10.3201.101.216, A10

10.3201.101.216, A10

10.3201.101.216, A10

10.3201.101.216, A10

10.3201.101.216, A10

10.3201.101.216, A10

10.3201.101.216, A10

10.3201.101.216, A10

10.3201.101.216, A10

10.3201.101.216, A10

10.3201.101.216, A10

10.3201.101.216, A10

10.3201.101.216, A10

https://www.dell.com/support/security/en-us

Data Domain (PowerProtect DD)

Versions from 7.3.0.5 to 7.7.0.6

Note:All 6.x,7.0.x,7.1.x,7.2.x. 7.7.0.7 and later, 7.6.0.30 and later are not impacted.

Versions from 7.3.0.5 to 7.7.0.6.

Note:All 6.x,7.0.x,7.1.x,7.2.x. 7.7.0.7 and later, 7.6.0.30 and later are not impacted.

DDOS 7.7.1.0 and above includes log4j 2.17.1
For more details about DDOS versions available for download, see theâ?¯links below (requires log in to Dell Support to view articles):
https://www.dell.com/support/kbdoc/334649

https://www.dell.com/support/kbdoc/525902

Alienware Aurora Ryzen Edition

Alienware Aurora Ryzen edition R14

Alienware m15 Ryzen Edition R5

Dell G15 SE 5515

Inspiron 14 5485 2n1

Inspiron 14 7415 2-in-1

Inspiron 15 3505/6

Inspiron 15 3515

Inspiron 22 3275

Inspiron 24 3475

Inspiron 3180

Inspiron 3185

Inspiron 3195 2-in-1

Inspiron 3585

Inspiron 3595

Inspiron 3785

Inspiron 5405

Inspiron 5415

Inspiron 5485

Inspiron 5505

Inspiron 5515

Inspiron 5575

Inspiron 5585

Inspiron 5676

Inspiron 5775

Inspiron 7375

Inspiron 7405 2 in 1

Inspiron G5 5505

Latitude 5495

OptiPlex 5055 A-Series

OptiPlex 5055 Ryzen APU

OptiPlex 5055 Ryzen CPU

Vostro 14 3405

Vostro 3515

Vostro 5415

Vostro 5515

3.11.5.159

3.11.5.159

3.10.21.2037

3.10.21.2037

19.400.0

3.10.21.2122

20.100.0

3.10.6.358

17.400.1026

17.400.1026

18.500.0

18.500.0

19.400.0

20.100.0

20.100.0

20.100.0

19.400.0

3.11.1.544

19.400.0

19.400.0

3.11.1.544

17.400.0

19.400.0

18.100.0

17.400.0

17.400.0

19.400.0

19.400.30

18.400.24

18.100.0