Improper Buffer Verification Vulnerability in Dell PowerEdge and Precision BIOS
CVE-2022-34422

7.5HIGH

Key Information:

Vendor: Dell
Status: Poweredge Platform
Vendor: CVE Published:; 16 March 2023

Summary

A vulnerability exists within Dell PowerEdge BIOS and Dell Precision BIOS due to improper verification of the SMM communication buffer. This flaw can be exploited by a local user with elevated privileges, potentially allowing for arbitrary code execution or leading to denial of service. Proper assessment and mitigation strategies are crucial to safeguard systems against potential exploitation.

Affected Version(s)

PowerEdge Platform 14G,15G

References

https://www.dell.com/support/kbdoc/en-us/000206296/dsa-20...

vendor-advisory

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

High

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Mar 16, 2023
Vulnerability Reserved
Jun 23, 2022