CVE-2022-34376



Dell PowerEdge BIOS and Dell Precision BIOS contain an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by manipulating an SMI to cause a denial of service during SMM.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
3.9 LOW
LOCAL
HIGH
HIGH
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:L/A:L
dellCNA
3.9 LOW
LOCAL
HIGH
HIGH
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:L/A:L
CVEADP
---
---
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 2%
VendorProductVersion
dellr6515_firmware
𝑥
< 2.9.3
dellr7515_firmware
𝑥
< 2.9.3
dellr6525_firmware
𝑥
< 2.9.3
dellr7525_firmware
𝑥
< 2.9.3
dellxe8545_firmware
𝑥
< 2.9.4
dellc6525_firmware
*
dellr6415_firmware
𝑥
< 1.19.0
dellr7415_firmware
𝑥
< 1.19.0
dellr7425_firmware
𝑥
< 1.19.0
dellr750_firmware
𝑥
< 1.8.2
dellr750xa_firmware
𝑥
< 1.8.2
dellr650_firmware
𝑥
< 1.8.2
dellc6520_firmware
𝑥
< 1.8.2
dellmx750c_firmware
𝑥
< 1.8.2
dellr450_firmware
𝑥
< 1.8.2
dellr550_firmware
𝑥
< 1.8.2
dellr650xs_firmware
𝑥
< 1.8.2
dellr750xs_firmware
𝑥
< 1.8.2
dellt550_firmware
𝑥
< 1.8.2
dellxr11_firmware
𝑥
< 1.8.2
dellxr12_firmware
𝑥
< 1.8.2
dellr250_firmware
𝑥
< 1.4.2
dellr350_firmware
𝑥
< 1.4.2
dellt150_firmware
𝑥
< 1.4.2
dellt350_firmware
𝑥
< 1.4.2
dellr740_firmware
𝑥
< 2.16.1
dellr740xd_firmware
𝑥
< 2.16.1
dellr640_firmware
𝑥
< 2.16.1
dellr940_firmware
𝑥
< 2.16.1
dellr540_firmware
𝑥
< 2.16.1
dellr440_firmware
𝑥
< 2.16.1
dellt440_firmware
𝑥
< 2.16.1
dellxr2_firmware
𝑥
< 2.16.1
dellr740xd2_firmware
𝑥
< 2.16.1
dellr840_firmware
𝑥
< 2.16.1
dellr940xa_firmware
𝑥
< 2.16.1
dellt640_firmware
𝑥
< 2.16.1
dellc6420_firmware
𝑥
< 2.16.1
dellfc640_firmware
𝑥
< 2.16.1
dellm640_firmware
𝑥
< 2.16.1
dellm640p_firmware
𝑥
< 2.16.1
dellmx740c_firmware
𝑥
< 2.16.1
dellmx840c_firmware
𝑥
< 2.16.1
dellc4140_firmware
𝑥
< 2.16.1
delldss8440_firmware
𝑥
< 2.16.1
dellt140_firmware
𝑥
< 2.11.1
dellt340_firmware
𝑥
< 2.11.1
dellr240_firmware
𝑥
< 2.11.1
dellr340_firmware
𝑥
< 2.11.1
dellxe2420_firmware
𝑥
< 2.16.0
dellxe7420_firmware
𝑥
< 2.16.1
dellxe7440_firmware
𝑥
< 2.16.1
dellr730_firmware
𝑥
< 2.16.0
dellr730xd_firmware
𝑥
< 2.16.0
dellr630_firmware
𝑥
< 2.16.0
dellc4130_firmware
𝑥
< 2.16.0
dellr930_firmware
𝑥
< 2.16.0
dellm630_firmware
𝑥
< 2.16.0
dellm630p_firmware
𝑥
< 2.16.0
dellfc630_firmware
𝑥
< 2.16.0
dellfc430_firmware
𝑥
< 2.16.0
dellm830_firmware
𝑥
< 2.16.0
dellm830p_firmware
𝑥
< 2.16.0
dellfc830_firmware
𝑥
< 2.16.0
dellt630_firmware
𝑥
< 2.16.0
dellr530_firmware
𝑥
< 2.16.0
dellr430_firmware
𝑥
< 2.16.0
dellt430_firmware
𝑥
< 2.16.0
dellr830_firmware
𝑥
< 1.16.0
dellc6320_firmware
𝑥
< 2.16.0
dellt130_firmware
𝑥
< 2.16.0
dellr230_firmware
𝑥
< 2.16.0
dellt330_firmware
𝑥
< 2.16.0
dellr330_firmware
𝑥
< 2.16.0
dellnx430_firmware
𝑥
< 2.16.0
dellnx3230_firmware
𝑥
< 2.16.0
dellnx3330_firmware
𝑥
< 2.16.0
dellnx440_firmware
𝑥
< 2.11.1
dellnx3240_firmware
𝑥
< 2.16.1
dellnx3340_firmware
𝑥
< 2.16.1
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.dell.com/support/kbdoc/en-us/000206296/dsa-2022-204-dell-poweredge-improper-smm-communication-buffer-verification-vulnerability
https://www.dell.com/support/kbdoc/en-us/000206296/dsa-2022-204-dell-poweredge-improper-smm-communication-buffer-verification-vulnerability