Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2022-24415

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution during SMM.

Security Impact Summary

This vulnerability carries a HIGH severity rating with a CVSS v3.1 score of 8.2, requiring local system access to exploit with relatively low complexity without requiring user interaction . The vulnerability impacts confidentiality (data exposure), integrity (unauthorized modifications), and availability (service disruption) for affected systems. Impacting 92 products from dell, from dell, from dell and 89 others, organizations running these solutions should prioritize assessment and patching.

Historical Context

Reported in 2022, this vulnerability emerged during an era marked by increased sophistication in supply chain attacks, cloud infrastructure vulnerabilities, and software-as-a-service (SaaS) security challenges. Security practices during this period emphasized zero-trust architectures, container security, and API protection.

Published

2022-03-11T22:15:12.017

Last Modified

2024-11-21T06:50:22.547

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 8.2 (HIGH)

CVSSv2 Vector

AV:L/AC:L/Au:N/C:C/I:C/A:C

Access Vector: LOCAL
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: COMPLETE
Integrity Impact: COMPLETE
Availability Impact: COMPLETE

Exploitability Score

3.9

Impact Score

10.0

Weaknesses

Type: Secondary
CWE-119
Type: Primary
CWE-119

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	dell	alienware_13_r3_firmware	< 1.16.1	Yes
Hardware	dell	alienware_13_r3	-	No
Operating System	dell	alienware_15_r3_firmware	< 1.16.1	Yes
Hardware	dell	alienware_15_r3	-	No
Operating System	dell	alienware_15_r4_firmware	< 1.17.0	Yes
Hardware	dell	alienware_15_r4	-	No
Operating System	dell	alienware_17_r4_firmware	< 1.16.1	Yes
Hardware	dell	alienware_17_r4	-	No
Operating System	dell	alienware_17_r5_firmware	< 1.17.0	Yes
Hardware	dell	alienware_17_r5	-	No
Operating System	dell	alienware_area_51m_r1_firmware	< 1.18.0	Yes
Hardware	dell	alienware_area_51m_r1	-	No
Operating System	dell	alienware_area_51m_r2_firmware	< 1.13.0	Yes
Hardware	dell	alienware_area_51m_r2	-	No
Operating System	dell	alienware_aurora_r8_firmware	< 1.0.20	Yes
Hardware	dell	alienware_aurora_r8	-	No
Operating System	dell	alienware_m15_r2_firmware	< 1.12.0	Yes
Hardware	dell	alienware_m15_r2	-	No
Operating System	dell	alienware_m15_r3_firmware	< 1.14.0	Yes
Hardware	dell	alienware_m15_r3	-	No
Operating System	dell	alienware_m15_r4_firmware	< 1.8.0	Yes
Hardware	dell	alienware_m15_r4	-	No
Operating System	dell	alienware_m17_r2_firmware	< 1.12.0	Yes
Hardware	dell	alienware_m17_r2	-	No
Operating System	dell	alienware_m17_r3_firmware	< 1.14.0	Yes
Hardware	dell	alienware_m17_r3	-	No
Operating System	dell	alienware_m17_r4_firmware	< 1.8.0	Yes
Hardware	dell	alienware_m17_r4	-	No
Operating System	dell	alienware_x15_r1_firmware	< 1.7.0	Yes
Hardware	dell	alienware_x15_r1	-	No
Operating System	dell	alienware_x17_r1_firmware	< 1.7.0	Yes
Hardware	dell	alienware_x17_r1	-	No
Operating System	dell	edge_gateway_3000_firmware	< 1.7.0	Yes
Hardware	dell	edge_gateway_3000	-	No
Operating System	dell	edge_gateway_5000_firmware	< 1.17.0	Yes
Hardware	dell	edge_gateway_5000	-	No
Operating System	dell	edge_gateway_5100_firmware	< 1.17.0	Yes
Hardware	dell	edge_gateway_5100	-	No
Operating System	dell	embedded_box_pc_3000_firmware	< 1.13.0	Yes
Hardware	dell	embedded_box_pc_3000	-	No
Operating System	dell	embedded_box_pc_5000_firmware	< 1.14.0	Yes
Hardware	dell	embedded_box_pc_5000	-	No
Operating System	dell	inspiron_14_3473_firmware	< 1.14.0	Yes
Hardware	dell	inspiron_14_3473	-	No
Operating System	dell	inspiron_15_3573_firmware	< 1.14.0	Yes
Hardware	dell	inspiron_15_3573	-	No
Operating System	dell	inspiron_15_5566_firmware	< 1.18.0	Yes
Hardware	dell	inspiron_15_5566	-	No
Operating System	dell	inspiron_3277_firmware	< 1.19.0	Yes
Hardware	dell	inspiron_3277	-	No
Operating System	dell	inspiron_3465_firmware	< 1.12.0	Yes
Hardware	dell	inspiron_3465	-	No
Operating System	dell	inspiron_3477_firmware	< 1.19.0	Yes
Hardware	dell	inspiron_3477	-	No
Operating System	dell	inspiron_3482_firmware	< 1.13.0	Yes
Hardware	dell	inspiron_3482	-	No
Operating System	dell	inspiron_3502_firmware	< 1.7.0	Yes
Hardware	dell	inspiron_3502	-	No
Operating System	dell	inspiron_3510_firmware	< 1.6.0	Yes
Hardware	dell	inspiron_3510	-	No
Operating System	dell	inspiron_3565_firmware	< 1.12.0	Yes
Hardware	dell	inspiron_3565	-	No
Operating System	dell	inspiron_3582_firmware	< 1.13.0	Yes
Hardware	dell	inspiron_3582	-	No
Operating System	dell	inspiron_3782_firmware	< 1.13.0	Yes
Hardware	dell	inspiron_3782	-	No
Operating System	dell	latitude_3379_firmware	< 1.0.34	Yes
Hardware	dell	latitude_3379	-	No
Operating System	dell	vostro_14_5468_firmware	< 1.19.0	Yes
Hardware	dell	vostro_14_5468	-	No
Operating System	dell	vostro_15_5568_firmware	< 1.19.0	Yes
Hardware	dell	vostro_15_5568	-	No
Operating System	dell	vostro_3267_firmware	< 1.20.0	Yes
Hardware	dell	vostro_3267	-	No
Operating System	dell	vostro_3268_firmware	< 1.20.0	Yes
Hardware	dell	vostro_3268	-	No
Operating System	dell	vostro_3572_firmware	< 1.14.0	Yes
Hardware	dell	vostro_3572	-	No
Operating System	dell	vostro_3582_firmware	< 1.13.0	Yes
Hardware	dell	vostro_3582	-	No
Operating System	dell	vostro_3660_firmware	< 1.20.0	Yes
Hardware	dell	vostro_3660	-	No
Operating System	dell	vostro_3667_firmware	< 1.20.0	Yes
Hardware	dell	vostro_3667	-	No
Operating System	dell	vostro_3668_firmware	< 1.20.0	Yes
Hardware	dell	vostro_3668	-	No
Operating System	dell	vostro_3669_firmware	< 1.20.0	Yes
Hardware	dell	vostro_3669	-	No
Operating System	dell	wyse_7040_thin_client_firmware	< 1.15.0	Yes
Hardware	dell	wyse_7040_thin_client	-	No
Operating System	dell	xps_8930_firmware	< 1.1.21	Yes
Hardware	dell	xps_8930	-	No

References

https://www.dell.com/support/kbdoc/en-us/000197057/dsa-2022-053 Vendor Advisory ([email protected])
https://www.dell.com/support/kbdoc/en-us/000197057/dsa-2022-053 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)

How SecUtils Interprets This CVE

SecUtils normalizes and enriches National Vulnerability Database (NVD) records by standardizing vendor and product identifiers, aggregating vulnerability metadata from both NVD and MITRE sources, and providing structured context for security teams. For dell's affected products, we extract Common Platform Enumeration (CPE) data, Common Weakness Enumeration (CWE) classifications, CVSS severity metrics, and reference data to enable rapid vulnerability prioritization and asset correlation. This record contains no exploit code, proof-of-concept instructions, or attack methodologies—only defensive intelligence necessary for patch management, risk assessment, and security operations.