Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2022-34412

Dell PowerEdge BIOS and Dell Precision BIOS contain an Improper SMM communication buffer verification vulnerability. A local malicious user with high Privileges may potentially exploit this vulnerability to perform arbitrary code execution or cause denial of service.

Security Impact Summary

This vulnerability carries a HIGH severity rating with a CVSS v3.1 score of 7.5, requiring local system access to exploit but requires specific conditions to be met without requiring user interaction . The vulnerability impacts confidentiality (data exposure), integrity (unauthorized modifications), and availability (service disruption) for affected systems. Impacting 160 products from dell, from dell, from dell and 157 others, organizations running these solutions should prioritize assessment and patching.

Historical Context

Reported in 2023, this vulnerability emerged during an era marked by increased sophistication in supply chain attacks, cloud infrastructure vulnerabilities, and software-as-a-service (SaaS) security challenges. Security practices during this period emphasized zero-trust architectures, container security, and API protection.

Published

2023-03-16T12:15:10.353

Last Modified

2025-02-26T19:15:13.390

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 7.5 (HIGH)

Weaknesses

Type: Secondary
CWE-119
Type: Secondary
CWE-119
Type: Secondary
CWE-119

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	dell	r6515_firmware	< 2.9.3	Yes
Hardware	dell	r6515	-	No
Operating System	dell	r7515_firmware	< 2.9.3	Yes
Hardware	dell	r7515	-	No
Operating System	dell	r6525_firmware	< 2.9.3	Yes
Hardware	dell	r6525	-	No
Operating System	dell	r7525_firmware	< 2.9.3	Yes
Hardware	dell	r7525	-	No
Operating System	dell	xe8545_firmware	< 2.9.4	Yes
Hardware	dell	xe8545	-	No
Operating System	dell	c6525_firmware	*	Yes
Hardware	dell	c6525	-	No
Operating System	dell	r6415_firmware	< 1.19.0	Yes
Hardware	dell	r6415	-	No
Operating System	dell	r7415_firmware	< 1.19.0	Yes
Hardware	dell	r7415	-	No
Operating System	dell	r7425_firmware	< 1.19.0	Yes
Hardware	dell	r7425	-	No
Operating System	dell	r750_firmware	< 1.8.2	Yes
Hardware	dell	r750	-	No
Operating System	dell	r750xa_firmware	< 1.8.2	Yes
Hardware	dell	r750xa	-	No
Operating System	dell	r650_firmware	< 1.8.2	Yes
Hardware	dell	r650	-	No
Operating System	dell	c6520_firmware	< 1.8.2	Yes
Hardware	dell	c6520	-	No
Operating System	dell	mx750c_firmware	< 1.8.2	Yes
Hardware	dell	mx750c	-	No
Operating System	dell	r450_firmware	< 1.8.2	Yes
Hardware	dell	r450	-	No
Operating System	dell	r550_firmware	< 1.8.2	Yes
Hardware	dell	r550	-	No
Operating System	dell	r650xs_firmware	< 1.8.2	Yes
Hardware	dell	r650xs	-	No
Operating System	dell	r750xs_firmware	< 1.8.2	Yes
Hardware	dell	r750xs	-	No
Operating System	dell	t550_firmware	< 1.8.2	Yes
Hardware	dell	t550	-	No
Operating System	dell	xr11_firmware	< 1.8.2	Yes
Hardware	dell	xr11	-	No
Operating System	dell	xr12_firmware	< 1.8.2	Yes
Hardware	dell	xr12	-	No
Operating System	dell	r250_firmware	< 1.4.2	Yes
Hardware	dell	r250	-	No
Operating System	dell	r350_firmware	< 1.4.2	Yes
Hardware	dell	r350	-	No
Operating System	dell	t150_firmware	< 1.4.2	Yes
Hardware	dell	t150	-	No
Operating System	dell	t350_firmware	< 1.4.2	Yes
Hardware	dell	t350	-	No
Operating System	dell	r740_firmware	< 2.16.1	Yes
Hardware	dell	r740	-	No
Operating System	dell	r740xd_firmware	< 2.16.1	Yes
Hardware	dell	r740xd	-	No
Operating System	dell	r640_firmware	< 2.16.1	Yes
Hardware	dell	r640	-	No
Operating System	dell	r940_firmware	< 2.16.1	Yes
Hardware	dell	r940	-	No
Operating System	dell	r540_firmware	< 2.16.1	Yes
Hardware	dell	r540	-	No
Operating System	dell	r440_firmware	< 2.16.1	Yes
Hardware	dell	r440	-	No
Operating System	dell	t440_firmware	< 2.16.1	Yes
Hardware	dell	t440	-	No
Operating System	dell	xr2_firmware	< 2.16.1	Yes
Hardware	dell	xr2	-	No
Operating System	dell	r740xd2_firmware	< 2.16.1	Yes
Hardware	dell	r740xd2	-	No
Operating System	dell	r840_firmware	< 2.16.1	Yes
Hardware	dell	r840	-	No
Operating System	dell	r940xa_firmware	< 2.16.1	Yes
Hardware	dell	r940xa	-	No
Operating System	dell	t640_firmware	< 2.16.1	Yes
Hardware	dell	t640	-	No
Operating System	dell	c6420_firmware	< 2.16.1	Yes
Hardware	dell	c6420	-	No
Operating System	dell	fc640_firmware	< 2.16.1	Yes
Hardware	dell	fc640	-	No
Operating System	dell	m640_firmware	< 2.16.1	Yes
Hardware	dell	m640	-	No
Operating System	dell	m640p_firmware	< 2.16.1	Yes
Hardware	dell	m640p	-	No
Operating System	dell	mx740c_firmware	< 2.16.1	Yes
Hardware	dell	mx740c	-	No
Operating System	dell	mx840c_firmware	< 2.16.1	Yes
Hardware	dell	mx840c	-	No
Operating System	dell	c4140_firmware	< 2.16.1	Yes
Hardware	dell	c4140	-	No
Operating System	dell	dss8440_firmware	< 2.16.1	Yes
Hardware	dell	dss8440	-	No
Operating System	dell	t140_firmware	< 2.11.1	Yes
Hardware	dell	t140	-	No
Operating System	dell	t340_firmware	< 2.11.1	Yes
Hardware	dell	t340	-	No
Operating System	dell	r240_firmware	< 2.11.1	Yes
Hardware	dell	r240	-	No
Operating System	dell	r340_firmware	< 2.11.1	Yes
Hardware	dell	r340	-	No
Operating System	dell	xe2420_firmware	< 2.16.0	Yes
Hardware	dell	xe2420	-	No
Operating System	dell	xe7420_firmware	< 2.16.1	Yes
Hardware	dell	xe7420	-	No
Operating System	dell	xe7440_firmware	< 2.16.1	Yes
Hardware	dell	xe7440	-	No
Operating System	dell	r730_firmware	< 2.16.0	Yes
Hardware	dell	r730	-	No
Operating System	dell	r730xd_firmware	< 2.16.0	Yes
Hardware	dell	r730xd	-	No
Operating System	dell	r630_firmware	< 2.16.0	Yes
Hardware	dell	r630	-	No
Operating System	dell	c4130_firmware	< 2.16.0	Yes
Hardware	dell	c4130	-	No
Operating System	dell	r930_firmware	< 2.16.0	Yes
Hardware	dell	r930	-	No
Operating System	dell	m630_firmware	< 2.16.0	Yes
Hardware	dell	m630	-	No
Operating System	dell	m630p_firmware	< 2.16.0	Yes
Hardware	dell	m630p	-	No
Operating System	dell	fc630_firmware	< 2.16.0	Yes
Hardware	dell	fc630	-	No
Operating System	dell	fc430_firmware	< 2.16.0	Yes
Hardware	dell	fc430	-	No
Operating System	dell	m830_firmware	< 2.16.0	Yes
Hardware	dell	m830	-	No
Operating System	dell	m830p_firmware	< 2.16.0	Yes
Hardware	dell	m830p	-	No
Operating System	dell	fc830_firmware	< 2.16.0	Yes
Hardware	dell	fc830	-	No
Operating System	dell	t630_firmware	< 2.16.0	Yes
Hardware	dell	t630	-	No
Operating System	dell	r530_firmware	< 2.16.0	Yes
Hardware	dell	r530	-	No
Operating System	dell	r430_firmware	< 2.16.0	Yes
Hardware	dell	r430	-	No
Operating System	dell	t430_firmware	< 2.16.0	Yes
Hardware	dell	t430	-	No
Operating System	dell	r830_firmware	< 1.16.0	Yes
Hardware	dell	r830	-	No
Operating System	dell	c6320_firmware	< 2.16.0	Yes
Hardware	dell	c6320	-	No
Operating System	dell	t130_firmware	< 2.16.0	Yes
Hardware	dell	t130	-	No
Operating System	dell	r230_firmware	< 2.16.0	Yes
Hardware	dell	r230	-	No
Operating System	dell	t330_firmware	< 2.16.0	Yes
Hardware	dell	t330	-	No
Operating System	dell	r330_firmware	< 2.16.0	Yes
Hardware	dell	r330	-	No
Operating System	dell	nx430_firmware	< 2.16.0	Yes
Hardware	dell	nx430	-	No
Operating System	dell	nx3230_firmware	< 2.16.0	Yes
Hardware	dell	nx3230	-	No
Operating System	dell	nx3330_firmware	< 2.16.0	Yes
Hardware	dell	nx3330	-	No
Operating System	dell	nx440_firmware	< 2.11.1	Yes
Hardware	dell	nx440	-	No
Operating System	dell	nx3240_firmware	< 2.16.1	Yes
Hardware	dell	nx3240	-	No
Operating System	dell	nx3340_firmware	< 2.16.1	Yes
Hardware	dell	nx3340	-	No

References

https://www.dell.com/support/kbdoc/en-us/000206296/dsa-2022-204-dell-poweredge-improper-smm-communication-buffer-verification-vulnerability Patch, Vendor Advisory ([email protected])
https://www.dell.com/support/kbdoc/en-us/000206296/dsa-2022-204-dell-poweredge-improper-smm-communication-buffer-verification-vulnerability Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)

How SecUtils Interprets This CVE

SecUtils normalizes and enriches National Vulnerability Database (NVD) records by standardizing vendor and product identifiers, aggregating vulnerability metadata from both NVD and MITRE sources, and providing structured context for security teams. For dell's affected products, we extract Common Platform Enumeration (CPE) data, Common Weakness Enumeration (CWE) classifications, CVSS severity metrics, and reference data to enable rapid vulnerability prioritization and asset correlation. This record contains no exploit code, proof-of-concept instructions, or attack methodologies—only defensive intelligence necessary for patch management, risk assessment, and security operations.