CVE-2022-24420 - OpenCVE

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution during SMM.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:L/AC:L/Au:N/C:C/I:C/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Dell	Alienware 13 R3 Alienware 13 R3 Firmware Alienware 15 R3 Alienware 15 R3 Firmware Alienware 15 R4 Alienware 15 R4 Firmware Alienware 17 R4 Alienware 17 R4 Firmware Alienware 17 R5 Alienware 17 R5 Firmware Alienware Area 51m R1 Alienware Area 51m R1 Firmware Alienware Area 51m R2 Alienware Area 51m R2 Firmware Alienware Aurora R8 Alienware Aurora R8 Firmware Alienware M15 R2 Alienware M15 R2 Firmware Alienware M15 R3 Alienware M15 R3 Firmware Alienware M15 R4 Alienware M15 R4 Firmware Alienware M17 R2 Alienware M17 R2 Firmware Alienware M17 R3 Alienware M17 R3 Firmware Alienware M17 R4 Alienware M17 R4 Firmware Alienware X15 R1 Alienware X15 R1 Firmware Alienware X17 R1 Alienware X17 R1 Firmware Edge Gateway 3000 Edge Gateway 3000 Firmware Edge Gateway 5000 Edge Gateway 5000 Firmware Edge Gateway 5100 Edge Gateway 5100 Firmware Embedded Box Pc 3000 Embedded Box Pc 3000 Firmware Embedded Box Pc 5000 Embedded Box Pc 5000 Firmware Inspiron 14 3473 Inspiron 14 3473 Firmware Inspiron 15 3573 Inspiron 15 3573 Firmware Inspiron 15 5566 Inspiron 15 5566 Firmware Inspiron 3277 Inspiron 3277 Firmware Inspiron 3465 Inspiron 3465 Firmware Inspiron 3477 Inspiron 3477 Firmware Inspiron 3482 Inspiron 3482 Firmware Inspiron 3502 Inspiron 3502 Firmware Inspiron 3510 Inspiron 3510 Firmware Inspiron 3565 Inspiron 3565 Firmware Inspiron 3582 Inspiron 3582 Firmware Inspiron 3782 Inspiron 3782 Firmware Latitude 3379 Latitude 3379 Firmware Vostro 14 5468 Vostro 14 5468 Firmware Vostro 15 5568 Vostro 15 5568 Firmware Vostro 3267 Vostro 3267 Firmware Vostro 3268 Vostro 3268 Firmware Vostro 3572 Vostro 3572 Firmware Vostro 3582 Vostro 3582 Firmware Vostro 3660 Vostro 3660 Firmware Vostro 3667 Vostro 3667 Firmware Vostro 3668 Vostro 3668 Firmware Vostro 3669 Vostro 3669 Firmware Wyse 7040 Thin Client Wyse 7040 Thin Client Firmware Xps 8930 Xps 8930 Firmware

Configuration 1 [-]

AND

cpe:2.3:o:dell:alienware_13_r3_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:alienware_13_r3:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:dell:alienware_15_r3_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:alienware_15_r3:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:dell:alienware_15_r4_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:alienware_15_r4:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:dell:alienware_17_r4_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:alienware_17_r4:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:dell:alienware_17_r5_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:alienware_17_r5:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND

cpe:2.3:o:dell:alienware_area_51m_r1_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:alienware_area_51m_r1:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND

cpe:2.3:o:dell:alienware_area_51m_r2_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:alienware_area_51m_r2:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND

cpe:2.3:o:dell:alienware_aurora_r8_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:alienware_aurora_r8:-:*:*:*:*:*:*:*

Configuration 9 [-]

AND

cpe:2.3:o:dell:alienware_m15_r2_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:alienware_m15_r2:-:*:*:*:*:*:*:*

Configuration 10 [-]

AND

cpe:2.3:o:dell:alienware_m15_r3_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:alienware_m15_r3:-:*:*:*:*:*:*:*

Configuration 11 [-]

AND

cpe:2.3:o:dell:alienware_m15_r4_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:alienware_m15_r4:-:*:*:*:*:*:*:*

Configuration 12 [-]

AND

cpe:2.3:o:dell:alienware_m17_r2_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:alienware_m17_r2:-:*:*:*:*:*:*:*

Configuration 13 [-]

AND

cpe:2.3:o:dell:alienware_m17_r3_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:alienware_m17_r3:-:*:*:*:*:*:*:*

Configuration 14 [-]

AND

cpe:2.3:o:dell:alienware_m17_r4_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:alienware_m17_r4:-:*:*:*:*:*:*:*

Configuration 15 [-]

AND

cpe:2.3:o:dell:alienware_x15_r1_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:alienware_x15_r1:-:*:*:*:*:*:*:*

Configuration 16 [-]

AND

cpe:2.3:o:dell:alienware_x17_r1_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:alienware_x17_r1:-:*:*:*:*:*:*:*

Configuration 17 [-]

AND

cpe:2.3:o:dell:edge_gateway_3000_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:edge_gateway_3000:-:*:*:*:*:*:*:*

Configuration 18 [-]

AND

cpe:2.3:o:dell:edge_gateway_5000_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:edge_gateway_5000:-:*:*:*:*:*:*:*

Configuration 19 [-]

AND

cpe:2.3:o:dell:edge_gateway_5100_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:edge_gateway_5100:-:*:*:*:*:*:*:*

Configuration 20 [-]

AND

cpe:2.3:o:dell:embedded_box_pc_3000_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:embedded_box_pc_3000:-:*:*:*:*:*:*:*

Configuration 21 [-]

AND

cpe:2.3:o:dell:embedded_box_pc_5000_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:embedded_box_pc_5000:-:*:*:*:*:*:*:*

Configuration 22 [-]

AND

cpe:2.3:o:dell:inspiron_14_3473_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:inspiron_14_3473:-:*:*:*:*:*:*:*

Configuration 23 [-]

AND

cpe:2.3:o:dell:inspiron_15_3573_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:inspiron_15_3573:-:*:*:*:*:*:*:*

Configuration 24 [-]

AND

cpe:2.3:o:dell:inspiron_15_5566_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:inspiron_15_5566:-:*:*:*:*:*:*:*

Configuration 25 [-]

AND

cpe:2.3:o:dell:inspiron_3277_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:inspiron_3277:-:*:*:*:*:*:*:*

Configuration 26 [-]

AND

cpe:2.3:o:dell:inspiron_3465_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:inspiron_3465:-:*:*:*:*:*:*:*

Configuration 27 [-]

AND

cpe:2.3:o:dell:inspiron_3477_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:inspiron_3477:-:*:*:*:*:*:*:*

Configuration 28 [-]

AND

cpe:2.3:o:dell:inspiron_3482_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:inspiron_3482:-:*:*:*:*:*:*:*

Configuration 29 [-]

AND

cpe:2.3:o:dell:inspiron_3502_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:inspiron_3502:-:*:*:*:*:*:*:*

Configuration 30 [-]

AND

cpe:2.3:o:dell:inspiron_3510_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:inspiron_3510:-:*:*:*:*:*:*:*

Configuration 31 [-]

AND

cpe:2.3:o:dell:inspiron_3565_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:inspiron_3565:-:*:*:*:*:*:*:*

Configuration 32 [-]

AND

cpe:2.3:o:dell:inspiron_3582_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:inspiron_3582:-:*:*:*:*:*:*:*

Configuration 33 [-]

AND

cpe:2.3:o:dell:inspiron_3782_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:inspiron_3782:-:*:*:*:*:*:*:*

Configuration 34 [-]

AND

cpe:2.3:o:dell:latitude_3379_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:latitude_3379:-:*:*:*:*:*:*:*

Configuration 35 [-]

AND

cpe:2.3:o:dell:vostro_14_5468_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:vostro_14_5468:-:*:*:*:*:*:*:*

Configuration 36 [-]

AND

cpe:2.3:o:dell:vostro_15_5568_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:vostro_15_5568:-:*:*:*:*:*:*:*

Configuration 37 [-]

AND

cpe:2.3:o:dell:vostro_3267_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:vostro_3267:-:*:*:*:*:*:*:*

Configuration 38 [-]

AND

cpe:2.3:o:dell:vostro_3268_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:vostro_3268:-:*:*:*:*:*:*:*

Configuration 39 [-]

AND

cpe:2.3:o:dell:vostro_3572_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:vostro_3572:-:*:*:*:*:*:*:*

Configuration 40 [-]

AND

cpe:2.3:o:dell:vostro_3582_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:vostro_3582:-:*:*:*:*:*:*:*

Configuration 41 [-]

AND

cpe:2.3:o:dell:vostro_3660_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:vostro_3660:-:*:*:*:*:*:*:*

Configuration 42 [-]

AND

cpe:2.3:o:dell:vostro_3667_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:vostro_3667:-:*:*:*:*:*:*:*

Configuration 43 [-]

AND

cpe:2.3:o:dell:vostro_3668_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:vostro_3668:-:*:*:*:*:*:*:*

Configuration 44 [-]

AND

cpe:2.3:o:dell:vostro_3669_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:vostro_3669:-:*:*:*:*:*:*:*

Configuration 45 [-]

AND

cpe:2.3:o:dell:wyse_7040_thin_client_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:wyse_7040_thin_client:-:*:*:*:*:*:*:*

Configuration 46 [-]

AND

cpe:2.3:o:dell:xps_8930_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:xps_8930:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://www.dell.com/support/kbdoc/en-us/000197057/dsa-2022-053

History

No history.

MITRE

Status: PUBLISHED

Assigner: dell

Published: 2022-03-11T21:45:19.523909Z

Updated: 2024-09-17T00:30:49.605Z

Reserved: 2022-02-04T00:00:00

Link: CVE-2022-24420

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2022-03-11T22:15:13.547

Modified: 2023-06-30T18:41:12.827

Link: CVE-2022-24420

Redhat

No data.

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

Affected Vendors & Products

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object