CVE-2022-34411

EUVD-2022-37366
Dell PowerEdge BIOS and Dell Precision BIOS contain an Improper SMM communication buffer verification vulnerability. A local malicious user with high Privileges may potentially exploit this vulnerability to perform arbitrary code execution or cause denial of service.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 HIGH
LOCAL
HIGH
HIGH
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
dellCNA
7.5 HIGH
LOCAL
HIGH
HIGH
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 15%
Affected Products (NVD)
VendorProductVersion
dellr6515_firmware
𝑥
< 2.9.3
dellr7515_firmware
𝑥
< 2.9.3
dellr6525_firmware
𝑥
< 2.9.3
dellr7525_firmware
𝑥
< 2.9.3
dellxe8545_firmware
𝑥
< 2.9.4
dellc6525_firmware
*
dellr6415_firmware
𝑥
< 1.19.0
dellr7415_firmware
𝑥
< 1.19.0
dellr7425_firmware
𝑥
< 1.19.0
dellr750_firmware
𝑥
< 1.8.2
dellr750xa_firmware
𝑥
< 1.8.2
dellr650_firmware
𝑥
< 1.8.2
dellc6520_firmware
𝑥
< 1.8.2
dellmx750c_firmware
𝑥
< 1.8.2
dellr450_firmware
𝑥
< 1.8.2
dellr550_firmware
𝑥
< 1.8.2
dellr650xs_firmware
𝑥
< 1.8.2
dellr750xs_firmware
𝑥
< 1.8.2
dellt550_firmware
𝑥
< 1.8.2
dellxr11_firmware
𝑥
< 1.8.2
dellxr12_firmware
𝑥
< 1.8.2
dellr250_firmware
𝑥
< 1.4.2
dellr350_firmware
𝑥
< 1.4.2
dellt150_firmware
𝑥
< 1.4.2
dellt350_firmware
𝑥
< 1.4.2
dellr740_firmware
𝑥
< 2.16.1
dellr740xd_firmware
𝑥
< 2.16.1
dellr640_firmware
𝑥
< 2.16.1
dellr940_firmware
𝑥
< 2.16.1
dellr540_firmware
𝑥
< 2.16.1
dellr440_firmware
𝑥
< 2.16.1
dellt440_firmware
𝑥
< 2.16.1
dellxr2_firmware
𝑥
< 2.16.1
dellr740xd2_firmware
𝑥
< 2.16.1
dellr840_firmware
𝑥
< 2.16.1
dellr940xa_firmware
𝑥
< 2.16.1
dellt640_firmware
𝑥
< 2.16.1
dellc6420_firmware
𝑥
< 2.16.1
dellfc640_firmware
𝑥
< 2.16.1
dellm640_firmware
𝑥
< 2.16.1
dellm640p_firmware
𝑥
< 2.16.1
dellmx740c_firmware
𝑥
< 2.16.1
dellmx840c_firmware
𝑥
< 2.16.1
dellc4140_firmware
𝑥
< 2.16.1
delldss8440_firmware
𝑥
< 2.16.1
dellt140_firmware
𝑥
< 2.11.1
dellt340_firmware
𝑥
< 2.11.1
dellr240_firmware
𝑥
< 2.11.1
dellr340_firmware
𝑥
< 2.11.1
dellxe2420_firmware
𝑥
< 2.16.0
dellxe7420_firmware
𝑥
< 2.16.1
dellxe7440_firmware
𝑥
< 2.16.1
dellr730_firmware
𝑥
< 2.16.0
dellr730xd_firmware
𝑥
< 2.16.0
dellr630_firmware
𝑥
< 2.16.0
dellc4130_firmware
𝑥
< 2.16.0
dellr930_firmware
𝑥
< 2.16.0
dellm630_firmware
𝑥
< 2.16.0
dellm630p_firmware
𝑥
< 2.16.0
dellfc630_firmware
𝑥
< 2.16.0
dellfc430_firmware
𝑥
< 2.16.0
dellm830_firmware
𝑥
< 2.16.0
dellm830p_firmware
𝑥
< 2.16.0
dellfc830_firmware
𝑥
< 2.16.0
dellt630_firmware
𝑥
< 2.16.0
dellr530_firmware
𝑥
< 2.16.0
dellr430_firmware
𝑥
< 2.16.0
dellt430_firmware
𝑥
< 2.16.0
dellr830_firmware
𝑥
< 1.16.0
dellc6320_firmware
𝑥
< 2.16.0
dellt130_firmware
𝑥
< 2.16.0
dellr230_firmware
𝑥
< 2.16.0
dellt330_firmware
𝑥
< 2.16.0
dellr330_firmware
𝑥
< 2.16.0
dellnx430_firmware
𝑥
< 2.16.0
dellnx3230_firmware
𝑥
< 2.16.0
dellnx3330_firmware
𝑥
< 2.16.0
dellnx440_firmware
𝑥
< 2.11.1
dellnx3240_firmware
𝑥
< 2.16.1
dellnx3340_firmware
𝑥
< 2.16.1
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.dell.com/support/kbdoc/en-us/000206296/dsa-2022-204-dell-poweredge-improper-smm-communication-buffer-verification-vulnerability
https://www.dell.com/support/kbdoc/en-us/000206296/dsa-2022-204-dell-poweredge-improper-smm-communication-buffer-verification-vulnerability