Improper SMM Communication Buffer Verification in Dell PowerEdge and Precision BIOS
CVE-2022-34418

7.5HIGH

Key Information:

Vendor: Dell
Status: Poweredge Platform
Vendor: CVE Published:; 16 March 2023

What is CVE-2022-34418?

Dell PowerEdge and Precision BIOS are impacted by a vulnerability related to improper verification of the SMM communication buffer. A local malicious user with elevated privileges could exploit this flaw to execute arbitrary code or trigger a denial of service, posing significant security risks for affected systems. It is essential for users to apply the necessary updates and patches to mitigate potential threats.

Affected Version(s)

PowerEdge Platform 14G,15G

References

https://www.dell.com/support/kbdoc/en-us/000206296/dsa-20...

vendor-advisory

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

High

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 16, 2023
Vulnerability Reserved
Jun 23, 2022