Dell BIOS Vulnerability Could Lead to Arbitrary Code Execution
CVE-2024-22429

6.7MEDIUM

Key Information:

Vendor: Dell
Status: Cpg BiOS
Vendor: CVE Published:; 17 May 2024

What is CVE-2024-22429?

The BIOS firmware provided by Dell is affected by an improper input validation vulnerability. This issue allows a local, authenticated attacker who possesses admin privileges to exploit the vulnerability, which may lead to arbitrary code execution. Such exploitation can pose significant risks to the integrity and availability of the system, allowing attackers to potentially manipulate the environment beyond intended security measures. Users are advised to review their BIOS versions and apply appropriate patches or mitigations provided by Dell.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

CPG BIOS < 2.36.0

CPG BIOS < 1.18.0

CPG BIOS < 1.46.0

References

https://www.dell.com/support/kbdoc/en-us/000221102/dsa-20...

vendor-advisory

CVSS V3.1

Score:

6.7

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 17, 2024

Credit

Dell would like to thank schur of BUPT, Dubhe Lab for reporting this issue.

JSON

Dell

What is CVE-2024-22429?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Credit

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.