Improper SMM Communication Buffer Verification in Dell PowerEdge and Precision BIOS
CVE-2022-34421

7.5HIGH

Key Information:

Vendor: Dell
Status: Poweredge Platform
Vendor: CVE Published:; 16 March 2023

Summary

Dell PowerEdge and Precision BIOS suffer from a vulnerability related to improper communication buffer verification within the System Management Mode (SMM). This flaw can be exploited by a local user with high privileges, enabling them to execute arbitrary code or trigger a denial of service. As a result, it poses significant security risks for systems relying on these BIOS versions, making it critical for users to ensure they keep their systems updated and apply relevant security patches.

Affected Version(s)

PowerEdge Platform 14G,15G

References

https://www.dell.com/support/kbdoc/en-us/000206296/dsa-20...

vendor-advisory

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

High

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Mar 16, 2023
Vulnerability Reserved
Jun 23, 2022