CVE-2022-34423 - Vulnerability Details

Dell PowerEdge BIOS and Dell Precision BIOS contain an Improper SMM communication buffer verification vulnerability. A local malicious user with high Privileges may potentially exploit this vulnerability to perform arbitrary code execution or cause denial of service.

No CVSS v4.0

Attack Vector Local

Attack Complexity High

Privileges Required High

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00048.

Exploitation none

Automatable no

Technical Impact total

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Dell

PowerEdge Platform

unaffected

Version	Status	Constraints
`14G,15G`	affected	—

Configuration 1 [-]

AND

cpe:2.3:o:dell:r6515_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:r6515:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:dell:r7515_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:r7515:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:dell:r6525_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:r6525:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:dell:r7525_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:r7525:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:dell:xe8545_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:xe8545:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND

cpe:2.3:o:dell:c6525_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:c6525:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND

cpe:2.3:o:dell:r6415_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:r6415:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND

cpe:2.3:o:dell:r7415_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:r7415:-:*:*:*:*:*:*:*

Configuration 9 [-]

AND

cpe:2.3:o:dell:r7425_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:r7425:-:*:*:*:*:*:*:*

Configuration 10 [-]

AND

cpe:2.3:o:dell:r750_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:r750:-:*:*:*:*:*:*:*

Configuration 11 [-]

AND

cpe:2.3:o:dell:r750xa_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:r750xa:-:*:*:*:*:*:*:*

Configuration 12 [-]

AND

cpe:2.3:o:dell:r650_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:r650:-:*:*:*:*:*:*:*

Configuration 13 [-]

AND

cpe:2.3:o:dell:c6520_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:c6520:-:*:*:*:*:*:*:*

Configuration 14 [-]

AND

cpe:2.3:o:dell:mx750c_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:mx750c:-:*:*:*:*:*:*:*

Configuration 15 [-]

AND

cpe:2.3:o:dell:r450_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:r450:-:*:*:*:*:*:*:*

Configuration 16 [-]

AND

cpe:2.3:o:dell:r550_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:r550:-:*:*:*:*:*:*:*

Configuration 17 [-]

AND

cpe:2.3:o:dell:r650xs_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:r650xs:-:*:*:*:*:*:*:*

Configuration 18 [-]

AND

cpe:2.3:o:dell:r750xs_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:r750xs:-:*:*:*:*:*:*:*

Configuration 19 [-]

AND

cpe:2.3:o:dell:t550_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:t550:-:*:*:*:*:*:*:*

Configuration 20 [-]

AND

cpe:2.3:o:dell:xr11_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:xr11:-:*:*:*:*:*:*:*

Configuration 21 [-]

AND

cpe:2.3:o:dell:xr12_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:xr12:-:*:*:*:*:*:*:*

Configuration 22 [-]

AND

cpe:2.3:o:dell:r250_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:r250:-:*:*:*:*:*:*:*

Configuration 23 [-]

AND

cpe:2.3:o:dell:r350_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:r350:-:*:*:*:*:*:*:*

Configuration 24 [-]

AND

cpe:2.3:o:dell:t150_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:t150:-:*:*:*:*:*:*:*

Configuration 25 [-]

AND

cpe:2.3:o:dell:t350_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:t350:-:*:*:*:*:*:*:*

Configuration 26 [-]

AND

cpe:2.3:o:dell:r740_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:r740:-:*:*:*:*:*:*:*

Configuration 27 [-]

AND

cpe:2.3:o:dell:r740xd_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:r740xd:-:*:*:*:*:*:*:*

Configuration 28 [-]

AND

cpe:2.3:o:dell:r640_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:r640:-:*:*:*:*:*:*:*

Configuration 29 [-]

AND

cpe:2.3:o:dell:r940_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:r940:-:*:*:*:*:*:*:*

Configuration 30 [-]

AND

cpe:2.3:o:dell:r540_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:r540:-:*:*:*:*:*:*:*

Configuration 31 [-]

AND

cpe:2.3:o:dell:r440_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:r440:-:*:*:*:*:*:*:*

Configuration 32 [-]

AND

cpe:2.3:o:dell:t440_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:t440:-:*:*:*:*:*:*:*

Configuration 33 [-]

AND

cpe:2.3:o:dell:xr2_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:xr2:-:*:*:*:*:*:*:*

Configuration 34 [-]

AND

cpe:2.3:o:dell:r740xd2_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:r740xd2:-:*:*:*:*:*:*:*

Configuration 35 [-]

AND

cpe:2.3:o:dell:r840_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:r840:-:*:*:*:*:*:*:*

Configuration 36 [-]

AND

cpe:2.3:o:dell:r940xa_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:r940xa:-:*:*:*:*:*:*:*

Configuration 37 [-]

AND

cpe:2.3:o:dell:t640_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:t640:-:*:*:*:*:*:*:*

Configuration 38 [-]

AND

cpe:2.3:o:dell:c6420_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:c6420:-:*:*:*:*:*:*:*

Configuration 39 [-]

AND

cpe:2.3:o:dell:fc640_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:fc640:-:*:*:*:*:*:*:*

Configuration 40 [-]

AND

cpe:2.3:o:dell:m640_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:m640:-:*:*:*:*:*:*:*

Configuration 41 [-]

AND

cpe:2.3:o:dell:m640p_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:m640p:-:*:*:*:*:*:*:*

Configuration 42 [-]

AND

cpe:2.3:o:dell:mx740c_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:mx740c:-:*:*:*:*:*:*:*

Configuration 43 [-]

AND

cpe:2.3:o:dell:mx840c_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:mx840c:-:*:*:*:*:*:*:*

Configuration 44 [-]

AND

cpe:2.3:o:dell:c4140_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:c4140:-:*:*:*:*:*:*:*

Configuration 45 [-]

AND

cpe:2.3:o:dell:dss8440_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:dss8440:-:*:*:*:*:*:*:*

Configuration 46 [-]

AND

cpe:2.3:o:dell:t140_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:t140:-:*:*:*:*:*:*:*

Configuration 47 [-]

AND

cpe:2.3:o:dell:t340_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:t340:-:*:*:*:*:*:*:*

Configuration 48 [-]

AND

cpe:2.3:o:dell:r240_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:r240:-:*:*:*:*:*:*:*

Configuration 49 [-]

AND

cpe:2.3:o:dell:r340_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:r340:-:*:*:*:*:*:*:*

Configuration 50 [-]

AND

cpe:2.3:o:dell:xe2420_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:xe2420:-:*:*:*:*:*:*:*

Configuration 51 [-]

AND

cpe:2.3:o:dell:xe7420_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:xe7420:-:*:*:*:*:*:*:*

Configuration 52 [-]

AND

cpe:2.3:o:dell:xe7440_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:xe7440:-:*:*:*:*:*:*:*

Configuration 53 [-]

AND

cpe:2.3:o:dell:r730_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:r730:-:*:*:*:*:*:*:*

Configuration 54 [-]

AND

cpe:2.3:o:dell:r730xd_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:r730xd:-:*:*:*:*:*:*:*

Configuration 55 [-]

AND

cpe:2.3:o:dell:r630_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:r630:-:*:*:*:*:*:*:*

Configuration 56 [-]

AND

cpe:2.3:o:dell:c4130_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:c4130:-:*:*:*:*:*:*:*

Configuration 57 [-]

AND

cpe:2.3:o:dell:r930_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:r930:-:*:*:*:*:*:*:*

Configuration 58 [-]

AND

cpe:2.3:o:dell:m630_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:m630:-:*:*:*:*:*:*:*

Configuration 59 [-]

AND

cpe:2.3:o:dell:m630p_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:m630p:-:*:*:*:*:*:*:*

Configuration 60 [-]

AND

cpe:2.3:o:dell:fc630_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:fc630:-:*:*:*:*:*:*:*

Configuration 61 [-]

AND

cpe:2.3:o:dell:fc430_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:fc430:-:*:*:*:*:*:*:*

Configuration 62 [-]

AND

cpe:2.3:o:dell:m830_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:m830:-:*:*:*:*:*:*:*

Configuration 63 [-]

AND

cpe:2.3:o:dell:m830p_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:m830p:-:*:*:*:*:*:*:*

Configuration 64 [-]

AND

cpe:2.3:o:dell:fc830_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:fc830:-:*:*:*:*:*:*:*

Configuration 65 [-]

AND

cpe:2.3:o:dell:t630_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:t630:-:*:*:*:*:*:*:*

Configuration 66 [-]

AND

cpe:2.3:o:dell:r530_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:r530:-:*:*:*:*:*:*:*

Configuration 67 [-]

AND

cpe:2.3:o:dell:r430_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:r430:-:*:*:*:*:*:*:*

Configuration 68 [-]

AND

cpe:2.3:o:dell:t430_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:t430:-:*:*:*:*:*:*:*

Configuration 69 [-]

AND

cpe:2.3:o:dell:r830_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:r830:-:*:*:*:*:*:*:*

Configuration 70 [-]

AND

cpe:2.3:o:dell:c6320_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:c6320:-:*:*:*:*:*:*:*

Configuration 71 [-]

AND

cpe:2.3:o:dell:t130_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:t130:-:*:*:*:*:*:*:*

Configuration 72 [-]

AND

cpe:2.3:o:dell:r230_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:r230:-:*:*:*:*:*:*:*

Configuration 73 [-]

AND

cpe:2.3:o:dell:t330_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:t330:-:*:*:*:*:*:*:*

Configuration 74 [-]

AND

cpe:2.3:o:dell:r330_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:r330:-:*:*:*:*:*:*:*

Configuration 75 [-]

AND

cpe:2.3:o:dell:nx430_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:nx430:-:*:*:*:*:*:*:*

Configuration 76 [-]

AND

cpe:2.3:o:dell:nx3230_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:nx3230:-:*:*:*:*:*:*:*

Configuration 77 [-]

AND

cpe:2.3:o:dell:nx3330_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:nx3330:-:*:*:*:*:*:*:*

Configuration 78 [-]

AND

cpe:2.3:o:dell:nx440_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:nx440:-:*:*:*:*:*:*:*

Configuration 79 [-]

AND

cpe:2.3:o:dell:nx3240_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:nx3240:-:*:*:*:*:*:*:*

Configuration 80 [-]

AND

cpe:2.3:o:dell:nx3340_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:nx3340:-:*:*:*:*:*:*:*

No data.

Project Subscriptions

Vendors	Products
Dell Subscribe	C4130 Subscribe C4130 Firmware Subscribe C4140 Subscribe C4140 Firmware Subscribe C6320 Subscribe C6320 Firmware Subscribe C6420 Subscribe C6420 Firmware Subscribe C6520 Subscribe C6520 Firmware Subscribe C6525 Subscribe C6525 Firmware Subscribe Dss8440 Subscribe Dss8440 Firmware Subscribe Fc430 Subscribe Fc430 Firmware Subscribe Fc630 Subscribe Fc630 Firmware Subscribe Fc640 Subscribe Fc640 Firmware Subscribe Fc830 Subscribe Fc830 Firmware Subscribe M630 Subscribe M630 Firmware Subscribe M630p Subscribe M630p Firmware Subscribe M640 Subscribe M640 Firmware Subscribe M640p Subscribe M640p Firmware Subscribe M830 Subscribe M830 Firmware Subscribe M830p Subscribe M830p Firmware Subscribe Mx740c Subscribe Mx740c Firmware Subscribe Mx750c Subscribe Mx750c Firmware Subscribe Mx840c Subscribe Mx840c Firmware Subscribe Nx3230 Subscribe Nx3230 Firmware Subscribe Nx3240 Subscribe Nx3240 Firmware Subscribe Nx3330 Subscribe Nx3330 Firmware Subscribe Nx3340 Subscribe Nx3340 Firmware Subscribe Nx430 Subscribe Nx430 Firmware Subscribe Nx440 Subscribe Nx440 Firmware Subscribe R230 Subscribe R230 Firmware Subscribe R240 Subscribe R240 Firmware Subscribe R250 Subscribe R250 Firmware Subscribe R330 Subscribe R330 Firmware Subscribe R340 Subscribe R340 Firmware Subscribe R350 Subscribe R350 Firmware Subscribe R430 Subscribe R430 Firmware Subscribe R440 Subscribe R440 Firmware Subscribe R450 Subscribe R450 Firmware Subscribe R530 Subscribe R530 Firmware Subscribe R540 Subscribe R540 Firmware Subscribe R550 Subscribe R550 Firmware Subscribe R630 Subscribe R630 Firmware Subscribe R640 Subscribe R640 Firmware Subscribe R6415 Subscribe R6415 Firmware Subscribe R650 Subscribe R650 Firmware Subscribe R650xs Subscribe R650xs Firmware Subscribe R6515 Subscribe R6515 Firmware Subscribe R6525 Subscribe R6525 Firmware Subscribe R730 Subscribe R730 Firmware Subscribe R730xd Subscribe R730xd Firmware Subscribe R740 Subscribe R740 Firmware Subscribe R740xd Subscribe R740xd2 Subscribe R740xd2 Firmware Subscribe R740xd Firmware Subscribe R7415 Subscribe R7415 Firmware Subscribe R7425 Subscribe R7425 Firmware Subscribe R750 Subscribe R750 Firmware Subscribe R750xa Subscribe R750xa Firmware Subscribe R750xs Subscribe R750xs Firmware Subscribe R7515 Subscribe R7515 Firmware Subscribe R7525 Subscribe R7525 Firmware Subscribe R830 Subscribe R830 Firmware Subscribe R840 Subscribe R840 Firmware Subscribe R930 Subscribe R930 Firmware Subscribe R940 Subscribe R940 Firmware Subscribe R940xa Subscribe R940xa Firmware Subscribe T130 Subscribe T130 Firmware Subscribe T140 Subscribe T140 Firmware Subscribe T150 Subscribe T150 Firmware Subscribe T330 Subscribe T330 Firmware Subscribe T340 Subscribe T340 Firmware Subscribe T350 Subscribe T350 Firmware Subscribe T430 Subscribe T430 Firmware Subscribe T440 Subscribe T440 Firmware Subscribe T550 Subscribe T550 Firmware Subscribe T630 Subscribe T630 Firmware Subscribe T640 Subscribe T640 Firmware Subscribe Xe2420 Subscribe Xe2420 Firmware Subscribe Xe7420 Subscribe Xe7420 Firmware Subscribe Xe7440 Subscribe Xe7440 Firmware Subscribe Xe8545 Subscribe Xe8545 Firmware Subscribe Xr11 Subscribe Xr11 Firmware Subscribe Xr12 Subscribe Xr12 Firmware Subscribe Xr2 Subscribe Xr2 Firmware Subscribe

Advisories

Source	ID	Title
EUVD	EUVD-2022-37378	Dell PowerEdge BIOS and Dell Precision BIOS contain an Improper SMM communication buffer verification vulnerability. A local malicious user with high Privileges may potentially exploit this vulnerability to perform arbitrary code execution or cause denial of service.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://www.dell.com/support/kbdoc/en-us/000206296/dsa-2022-204-dell-poweredge-improper-smm-communication-buffer-verification-vulnerability

History

Tue, 04 Mar 2025 03:45:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Projects

Sign in to view the affected projects.

MITRE

Status: PUBLISHED

Assigner: dell

Published: 2023-03-16T12:21:18.567Z

Updated: 2025-02-26T15:24:44.475Z

Reserved: 2022-06-23T18:55:17.113Z

Link: CVE-2022-34423

Vulnrichment

Updated: 2024-08-03T09:07:16.144Z

NVD

Status : Modified

Published: 2023-03-16T13:15:10.137

Modified: 2024-11-21T07:09:31.843

Link: CVE-2022-34423

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

CWE-119

Attack Vector Local

Attack Complexity High

Privileges Required High

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Exploitation none

Automatable no

Technical Impact total

Project Subscriptions

Projects

JSON object

JSON object

JSON object

JSON object

JSON object