CVE-2022-34421

Dell PowerEdge BIOS and Dell Precision BIOS contain an Improper SMM communication buffer verification vulnerability. A local malicious user with high Privileges may potentially exploit this vulnerability to perform arbitrary code execution or cause denial of service.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 HIGH
LOCAL
HIGH
HIGH
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
dellCNA
7.5 HIGH
LOCAL
HIGH
HIGH
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
CVEADP
---
---
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 8%
VendorProductVersion
dellr6515_firmware
𝑥
< 2.9.3
dellr7515_firmware
𝑥
< 2.9.3
dellr6525_firmware
𝑥
< 2.9.3
dellr7525_firmware
𝑥
< 2.9.3
dellxe8545_firmware
𝑥
< 2.9.4
dellc6525_firmware
*
dellr6415_firmware
𝑥
< 1.19.0
dellr7415_firmware
𝑥
< 1.19.0
dellr7425_firmware
𝑥
< 1.19.0
dellr750_firmware
𝑥
< 1.8.2
dellr750xa_firmware
𝑥
< 1.8.2
dellr650_firmware
𝑥
< 1.8.2
dellc6520_firmware
𝑥
< 1.8.2
dellmx750c_firmware
𝑥
< 1.8.2
dellr450_firmware
𝑥
< 1.8.2
dellr550_firmware
𝑥
< 1.8.2
dellr650xs_firmware
𝑥
< 1.8.2
dellr750xs_firmware
𝑥
< 1.8.2
dellt550_firmware
𝑥
< 1.8.2
dellxr11_firmware
𝑥
< 1.8.2
dellxr12_firmware
𝑥
< 1.8.2
dellr250_firmware
𝑥
< 1.4.2
dellr350_firmware
𝑥
< 1.4.2
dellt150_firmware
𝑥
< 1.4.2
dellt350_firmware
𝑥
< 1.4.2
dellr740_firmware
𝑥
< 2.16.1
dellr740xd_firmware
𝑥
< 2.16.1
dellr640_firmware
𝑥
< 2.16.1
dellr940_firmware
𝑥
< 2.16.1
dellr540_firmware
𝑥
< 2.16.1
dellr440_firmware
𝑥
< 2.16.1
dellt440_firmware
𝑥
< 2.16.1
dellxr2_firmware
𝑥
< 2.16.1
dellr740xd2_firmware
𝑥
< 2.16.1
dellr840_firmware
𝑥
< 2.16.1
dellr940xa_firmware
𝑥
< 2.16.1
dellt640_firmware
𝑥
< 2.16.1
dellc6420_firmware
𝑥
< 2.16.1
dellfc640_firmware
𝑥
< 2.16.1
dellm640_firmware
𝑥
< 2.16.1
dellm640p_firmware
𝑥
< 2.16.1
dellmx740c_firmware
𝑥
< 2.16.1
dellmx840c_firmware
𝑥
< 2.16.1
dellc4140_firmware
𝑥
< 2.16.1
delldss8440_firmware
𝑥
< 2.16.1
dellt140_firmware
𝑥
< 2.11.1
dellt340_firmware
𝑥
< 2.11.1
dellr240_firmware
𝑥
< 2.11.1
dellr340_firmware
𝑥
< 2.11.1
dellxe2420_firmware
𝑥
< 2.16.0
dellxe7420_firmware
𝑥
< 2.16.1
dellxe7440_firmware
𝑥
< 2.16.1
dellr730_firmware
𝑥
< 2.16.0
dellr730xd_firmware
𝑥
< 2.16.0
dellr630_firmware
𝑥
< 2.16.0
dellc4130_firmware
𝑥
< 2.16.0
dellr930_firmware
𝑥
< 2.16.0
dellm630_firmware
𝑥
< 2.16.0
dellm630p_firmware
𝑥
< 2.16.0
dellfc630_firmware
𝑥
< 2.16.0
dellfc430_firmware
𝑥
< 2.16.0
dellm830_firmware
𝑥
< 2.16.0
dellm830p_firmware
𝑥
< 2.16.0
dellfc830_firmware
𝑥
< 2.16.0
dellt630_firmware
𝑥
< 2.16.0
dellr530_firmware
𝑥
< 2.16.0
dellr430_firmware
𝑥
< 2.16.0
dellt430_firmware
𝑥
< 2.16.0
dellr830_firmware
𝑥
< 1.16.0
dellc6320_firmware
𝑥
< 2.16.0
dellt130_firmware
𝑥
< 2.16.0
dellr230_firmware
𝑥
< 2.16.0
dellt330_firmware
𝑥
< 2.16.0
dellr330_firmware
𝑥
< 2.16.0
dellnx430_firmware
𝑥
< 2.16.0
dellnx3230_firmware
𝑥
< 2.16.0
dellnx3330_firmware
𝑥
< 2.16.0
dellnx440_firmware
𝑥
< 2.11.1
dellnx3240_firmware
𝑥
< 2.16.1
dellnx3340_firmware
𝑥
< 2.16.1
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.dell.com/support/kbdoc/en-us/000206296/dsa-2022-204-dell-poweredge-improper-smm-communication-buffer-verification-vulnerability
https://www.dell.com/support/kbdoc/en-us/000206296/dsa-2022-204-dell-poweredge-improper-smm-communication-buffer-verification-vulnerability