Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2022-24416

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution during SMM.

Published

2022-03-11T22:15:12.747

Last Modified

2024-11-21T06:50:22.707

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 8.2 (HIGH)

CVSSv2 Vector

AV:L/AC:L/Au:N/C:C/I:C/A:C

Access Vector: LOCAL
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: COMPLETE
Integrity Impact: COMPLETE
Availability Impact: COMPLETE

Exploitability Score

3.9

Impact Score

10.0

Weaknesses

Type: Secondary
CWE-119
Type: Primary
CWE-119

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	dell	alienware_13_r3_firmware	< 1.16.1	Yes
Hardware	dell	alienware_13_r3	-	No
Operating System	dell	alienware_15_r3_firmware	< 1.16.1	Yes
Hardware	dell	alienware_15_r3	-	No
Operating System	dell	alienware_15_r4_firmware	< 1.17.0	Yes
Hardware	dell	alienware_15_r4	-	No
Operating System	dell	alienware_17_r4_firmware	< 1.16.1	Yes
Hardware	dell	alienware_17_r4	-	No
Operating System	dell	alienware_17_r5_firmware	< 1.17.0	Yes
Hardware	dell	alienware_17_r5	-	No
Operating System	dell	alienware_area_51m_r1_firmware	< 1.18.0	Yes
Hardware	dell	alienware_area_51m_r1	-	No
Operating System	dell	alienware_area_51m_r2_firmware	< 1.13.0	Yes
Hardware	dell	alienware_area_51m_r2	-	No
Operating System	dell	alienware_aurora_r8_firmware	< 1.0.20	Yes
Hardware	dell	alienware_aurora_r8	-	No
Operating System	dell	alienware_m15_r2_firmware	< 1.12.0	Yes
Hardware	dell	alienware_m15_r2	-	No
Operating System	dell	alienware_m15_r3_firmware	< 1.14.0	Yes
Hardware	dell	alienware_m15_r3	-	No
Operating System	dell	alienware_m15_r4_firmware	< 1.8.0	Yes
Hardware	dell	alienware_m15_r4	-	No
Operating System	dell	alienware_m17_r2_firmware	< 1.12.0	Yes
Hardware	dell	alienware_m17_r2	-	No
Operating System	dell	alienware_m17_r3_firmware	< 1.14.0	Yes
Hardware	dell	alienware_m17_r3	-	No
Operating System	dell	alienware_m17_r4_firmware	< 1.8.0	Yes
Hardware	dell	alienware_m17_r4	-	No
Operating System	dell	alienware_x15_r1_firmware	< 1.7.0	Yes
Hardware	dell	alienware_x15_r1	-	No
Operating System	dell	alienware_x17_r1_firmware	< 1.7.0	Yes
Hardware	dell	alienware_x17_r1	-	No
Operating System	dell	edge_gateway_3000_firmware	< 1.7.0	Yes
Hardware	dell	edge_gateway_3000	-	No
Operating System	dell	edge_gateway_5000_firmware	< 1.17.0	Yes
Hardware	dell	edge_gateway_5000	-	No
Operating System	dell	edge_gateway_5100_firmware	< 1.17.0	Yes
Hardware	dell	edge_gateway_5100	-	No
Operating System	dell	embedded_box_pc_3000_firmware	< 1.13.0	Yes
Hardware	dell	embedded_box_pc_3000	-	No
Operating System	dell	embedded_box_pc_5000_firmware	< 1.14.0	Yes
Hardware	dell	embedded_box_pc_5000	-	No
Operating System	dell	inspiron_14_3473_firmware	< 1.14.0	Yes
Hardware	dell	inspiron_14_3473	-	No
Operating System	dell	inspiron_15_3573_firmware	< 1.14.0	Yes
Hardware	dell	inspiron_15_3573	-	No
Operating System	dell	inspiron_15_5566_firmware	< 1.18.0	Yes
Hardware	dell	inspiron_15_5566	-	No
Operating System	dell	inspiron_3277_firmware	< 1.19.0	Yes
Hardware	dell	inspiron_3277	-	No
Operating System	dell	inspiron_3465_firmware	< 1.12.0	Yes
Hardware	dell	inspiron_3465	-	No
Operating System	dell	inspiron_3477_firmware	< 1.19.0	Yes
Hardware	dell	inspiron_3477	-	No
Operating System	dell	inspiron_3482_firmware	< 1.13.0	Yes
Hardware	dell	inspiron_3482	-	No
Operating System	dell	inspiron_3502_firmware	< 1.7.0	Yes
Hardware	dell	inspiron_3502	-	No
Operating System	dell	inspiron_3510_firmware	< 1.6.0	Yes
Hardware	dell	inspiron_3510	-	No
Operating System	dell	inspiron_3565_firmware	< 1.12.0	Yes
Hardware	dell	inspiron_3565	-	No
Operating System	dell	inspiron_3582_firmware	< 1.13.0	Yes
Hardware	dell	inspiron_3582	-	No
Operating System	dell	inspiron_3782_firmware	< 1.13.0	Yes
Hardware	dell	inspiron_3782	-	No
Operating System	dell	latitude_3379_firmware	< 1.0.34	Yes
Hardware	dell	latitude_3379	-	No
Operating System	dell	vostro_14_5468_firmware	< 1.19.0	Yes
Hardware	dell	vostro_14_5468	-	No
Operating System	dell	vostro_15_5568_firmware	< 1.19.0	Yes
Hardware	dell	vostro_15_5568	-	No
Operating System	dell	vostro_3267_firmware	< 1.20.0	Yes
Hardware	dell	vostro_3267	-	No
Operating System	dell	vostro_3268_firmware	< 1.20.0	Yes
Hardware	dell	vostro_3268	-	No
Operating System	dell	vostro_3572_firmware	< 1.14.0	Yes
Hardware	dell	vostro_3572	-	No
Operating System	dell	vostro_3582_firmware	< 1.13.0	Yes
Hardware	dell	vostro_3582	-	No
Operating System	dell	vostro_3660_firmware	< 1.20.0	Yes
Hardware	dell	vostro_3660	-	No
Operating System	dell	vostro_3667_firmware	< 1.20.0	Yes
Hardware	dell	vostro_3667	-	No
Operating System	dell	vostro_3668_firmware	< 1.20.0	Yes
Hardware	dell	vostro_3668	-	No
Operating System	dell	vostro_3669_firmware	< 1.20.0	Yes
Hardware	dell	vostro_3669	-	No
Operating System	dell	wyse_7040_thin_client_firmware	< 1.15.0	Yes
Hardware	dell	wyse_7040_thin_client	-	No
Operating System	dell	xps_8930_firmware	< 1.1.21	Yes
Hardware	dell	xps_8930	-	No

References

https://www.dell.com/support/kbdoc/en-us/000197057/dsa-2022-053 Vendor Advisory ([email protected])
https://www.dell.com/support/kbdoc/en-us/000197057/dsa-2022-053 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)