Improper SMM Communication Buffer Verification in Dell PowerEdge and Precision BIOS
CVE-2022-34413

7.5HIGH

Key Information:

Vendor: Dell
Status: Poweredge Platform
Vendor: CVE Published:; 16 March 2023

What is CVE-2022-34413?

Dell PowerEdge BIOS and Dell Precision BIOS feature a vulnerability that stems from inadequate verification of communication buffers in System Management Mode (SMM). A skilled local attacker with elevated privileges could leverage this flaw to execute arbitrary code or induce a denial of service, posing a serious risk to system integrity and availability. It is crucial for users to be aware of this vulnerability and apply any recommended patches or mitigations.

Affected Version(s)

PowerEdge Platform 14G,15G

References

https://www.dell.com/support/kbdoc/en-us/000206296/dsa-20...

vendor-advisory

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

High

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 16, 2023
Vulnerability Reserved
Jun 23, 2022