DSA-2022-053: Dell Client Platform Security Update for Multiple SMM Vulnerabilities
Summary: Dell Client Consumer and Commercial platform remediation is available for multiple SMM vulnerabilities that may potentially be exploited by malicious users to compromise the affected system. ...
This article applies to
This article does not apply to
This article is not tied to any specific product.
Not all product versions are identified in this article.
Impact
High
Details
| Proprietary Code CVEs | Description | CVSS Base Score | CVSS Vector String |
| CVE-2022-24415 | Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution during SMM. | 8.2 |
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H |
| CVE-2022-24416 | Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution during SMM. | 8.2 |
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H |
| CVE-2022-24419 | Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution during SMM. | 8.2 |
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H |
| CVE-2022-24420 | Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution during SMM. | 8.2 |
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H |
| CVE-2022-24421 | Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution during SMM. | 8.2 |
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H |
See the table below for Dell Client BIOS releases containing resolutions to these vulnerabilities. Dell recommends all customers update at the earliest opportunity.
Go to the Drivers and Downloads site for updates on the applicable products. To learn more, see Dell KB article 124211: Dell BIOS Updates, and download the update for your Dell computer.
Customers may use one of the Dell notification solutions to be notified and download driver, BIOS, and firmware updates automatically once available.
| Proprietary Code CVEs | Description | CVSS Base Score | CVSS Vector String |
| CVE-2022-24415 | Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution during SMM. | 8.2 |
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H |
| CVE-2022-24416 | Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution during SMM. | 8.2 |
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H |
| CVE-2022-24419 | Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution during SMM. | 8.2 |
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H |
| CVE-2022-24420 | Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution during SMM. | 8.2 |
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H |
| CVE-2022-24421 | Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution during SMM. | 8.2 |
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H |
See the table below for Dell Client BIOS releases containing resolutions to these vulnerabilities. Dell recommends all customers update at the earliest opportunity.
Go to the Drivers and Downloads site for updates on the applicable products. To learn more, see Dell KB article 124211: Dell BIOS Updates, and download the update for your Dell computer.
Customers may use one of the Dell notification solutions to be notified and download driver, BIOS, and firmware updates automatically once available.
Affected Products & Remediation
| Product | BIOS Update Version | BIOS Release Date (MM/DD/YYYY) |
| Alienware 13 R3 | 1.16.1 | 02/22/2022 |
| Alienware 15 R3 | 1.16.1 | 02/22/2022 |
| Alienware 15 R4 | 1.17.0 | 02/17/2022 |
| Alienware 17 R4 | 1.16.1 | 02/22/2022 |
| Alienware 17 R5 | 1.17.0 | 02/17/2022 |
| Alienware Area 51m R1 | 1.18.0 | 02/17/2022 |
| Alienware Area 51m R2 | 1.13.0 | 02/17/2022 |
| Alienware Aurora R8 | 1.0.20 | 02/21/2022 |
| Alienware m15 R2 | 1.12.0 | 02/17/2022 |
| Alienware m15 R3 | 1.14.0 | 02/17/2022 |
| Alienware m15 R4 | 1.8.0 | 02/17/2022 |
| Alienware m17 R2 | 1.12.0 | 02/17/2022 |
| Alienware m17 R3 | 1.14.0 | 02/17/2022 |
| Alienware m17 R4 | 1.8.0 | 02/17/2022 |
| Alienware x15 R1 | 1.7.0 | 02/21/2022 |
| Alienware x17 R1 | 1.7.0 | 02/21/2022 |
| Dell Edge Gateway 3000 Series | 1.7.0 | 02/17/2022 |
| Dell Edge Gateway 5000/5100 | 1.17.0 | 02/17/2022 |
| Dell Embedded Box PC 3000 | 1.13.0 | 02/22/2022 |
| Dell Embedded Box PC 5000 | 1.14.0 | 02/14/2022 |
| Inspiron 14 3473 | 1.14.0 | 02/17/2022 |
| Inspiron 15 3573 | 1.14.0 | 02/17/2022 |
| Inspiron 15 5566 | 1.18.0 | 02/21/2022 |
| Inspiron 3277 | 1.19.0 | 02/21/2022 |
| Inspiron 3465 | 1.12.0 | 02/25/2022 |
| Inspiron 3477 | 1.19.0 | 02/21/2022 |
| Inspiron 3482 | 1.13.0 | 02/17/2022 |
| Inspiron 3502 | 1.7.0 | 02/17/2022 |
| Inspiron 3510 | 1.6.0 | 02/17/2022 |
| Inspiron 3565 | 1.12.0 | 02/25/2022 |
| Inspiron 3582 | 1.13.0 | 02/17/2022 |
| Inspiron 3782 | 1.13.0 | 02/17/2022 |
| Latitude 3379 | 1.0.34 | 02/22/2022 |
| Vostro 14 5468 | 1.19.0 | 02/22/2022 |
| Vostro 15 5568 | 1.19.0 | 02/22/2022 |
| Vostro 3267 | 1.20.0 | 02/15/2022 |
| Vostro 3268 | 1.20.0 | 02/15/2022 |
| Vostro 3572 | 1.14.0 | 02/17/2022 |
| Vostro 3582 | 1.13.0 | 02/17/2022 |
| Vostro 3660 | 1.20.0 | 02/15/2022 |
| Vostro 3667 | 1.20.0 | 02/15/2022 |
| Vostro 3668 | 1.20.0 | 02/15/2022 |
| Vostro 3669 | 1.20.0 | 02/15/2022 |
| Wyse 7040 Thin Client | 1.15.0 | 02/16/2022 |
| XPS 8930 | 1.1.21 | 02/21/2022 |
| Product | BIOS Update Version | BIOS Release Date (MM/DD/YYYY) |
| Alienware 13 R3 | 1.16.1 | 02/22/2022 |
| Alienware 15 R3 | 1.16.1 | 02/22/2022 |
| Alienware 15 R4 | 1.17.0 | 02/17/2022 |
| Alienware 17 R4 | 1.16.1 | 02/22/2022 |
| Alienware 17 R5 | 1.17.0 | 02/17/2022 |
| Alienware Area 51m R1 | 1.18.0 | 02/17/2022 |
| Alienware Area 51m R2 | 1.13.0 | 02/17/2022 |
| Alienware Aurora R8 | 1.0.20 | 02/21/2022 |
| Alienware m15 R2 | 1.12.0 | 02/17/2022 |
| Alienware m15 R3 | 1.14.0 | 02/17/2022 |
| Alienware m15 R4 | 1.8.0 | 02/17/2022 |
| Alienware m17 R2 | 1.12.0 | 02/17/2022 |
| Alienware m17 R3 | 1.14.0 | 02/17/2022 |
| Alienware m17 R4 | 1.8.0 | 02/17/2022 |
| Alienware x15 R1 | 1.7.0 | 02/21/2022 |
| Alienware x17 R1 | 1.7.0 | 02/21/2022 |
| Dell Edge Gateway 3000 Series | 1.7.0 | 02/17/2022 |
| Dell Edge Gateway 5000/5100 | 1.17.0 | 02/17/2022 |
| Dell Embedded Box PC 3000 | 1.13.0 | 02/22/2022 |
| Dell Embedded Box PC 5000 | 1.14.0 | 02/14/2022 |
| Inspiron 14 3473 | 1.14.0 | 02/17/2022 |
| Inspiron 15 3573 | 1.14.0 | 02/17/2022 |
| Inspiron 15 5566 | 1.18.0 | 02/21/2022 |
| Inspiron 3277 | 1.19.0 | 02/21/2022 |
| Inspiron 3465 | 1.12.0 | 02/25/2022 |
| Inspiron 3477 | 1.19.0 | 02/21/2022 |
| Inspiron 3482 | 1.13.0 | 02/17/2022 |
| Inspiron 3502 | 1.7.0 | 02/17/2022 |
| Inspiron 3510 | 1.6.0 | 02/17/2022 |
| Inspiron 3565 | 1.12.0 | 02/25/2022 |
| Inspiron 3582 | 1.13.0 | 02/17/2022 |
| Inspiron 3782 | 1.13.0 | 02/17/2022 |
| Latitude 3379 | 1.0.34 | 02/22/2022 |
| Vostro 14 5468 | 1.19.0 | 02/22/2022 |
| Vostro 15 5568 | 1.19.0 | 02/22/2022 |
| Vostro 3267 | 1.20.0 | 02/15/2022 |
| Vostro 3268 | 1.20.0 | 02/15/2022 |
| Vostro 3572 | 1.14.0 | 02/17/2022 |
| Vostro 3582 | 1.13.0 | 02/17/2022 |
| Vostro 3660 | 1.20.0 | 02/15/2022 |
| Vostro 3667 | 1.20.0 | 02/15/2022 |
| Vostro 3668 | 1.20.0 | 02/15/2022 |
| Vostro 3669 | 1.20.0 | 02/15/2022 |
| Wyse 7040 Thin Client | 1.15.0 | 02/16/2022 |
| XPS 8930 | 1.1.21 | 02/21/2022 |
Revision History
| Revision | Date | Description |
| 1.0 | 2022/03/10 | Initial Release |
Acknowledgements
Dell would like to thank JiaWei Yin (yngweijw) for reporting CVE-2022-24415 and CVE-2022-24416 and Binarly efiXplorer Team for reporting CVE-2022-24419, CVE-2022-24420, and CVE-2022-24421.
Related Information
Legal Disclaimer
Affected Products
Product Security InformationArticle Properties
Article Number: 000197057
Article Type: Dell Security Advisory
Last Modified: 18 Sep 2025
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.