Skip to main content
  • Place orders quickly and easily
  • View orders and track your shipping status
  • Enjoy members-only rewards and discounts
  • Create and access a list of your products

DSA-2022-269: Dell Client Platform BIOS Security Update for Alienware Area-51 R4/R5

Summary: Dell Client Consumer and Commercial platform remediation is available for these vulnerabilities that could be exploited by malicious users to compromise the affected system(s).

This article applies to This article does not apply to This article is not tied to any specific product. Not all product versions are identified in this article.

Impact

High

Details

Third-party Component CVE(s) More Information
Intel® CSME, Intel® SPS, Intel® TXE, Intel® DAL, and Intel® AMT 2019.1 QSR Advisory

 
CVE-2019-0086 INTEL-SA-00213

 
CVE-2019-0091
CVE-2019-0093
2019.2 IPU – Intel® CSME, Intel® SPS, Intel® TXE, Intel® AMT, Intel® PTT and Intel® DAL Advisory



 
CVE-2019-0169 INTEL-SA-00241




 
CVE-2019-11147
CVE-2019-11104
CVE-2019-11090
CVE-2019-11087
CVE-2019-11101
2020.1 IPU – Intel® CSME, SPS, TXE, AMT, ISM and DAL Advisory CVE-2020-0536 INTEL-SA-00295


 
CVE-2020-0539
CVE-2020-0545
2020.2 IPU – Intel® CSME, SPS, TXE, AMT and DAL Advisory CVE-2020-8745
INTEL-SA-00391



 
CVE-2020-8705
CVE-2020-12303
CVE-2020-12355
2020.2 IPU – BIOS Advisory



 
CVE-2020-0587 INTEL-SA-00358



 
CVE-2020-0591
CVE-2020-0592
CVE-2020-0593
Intel BIOS Platform Sample Code Advisory



 
CVE-2020-8738 INTEL-SA-00390



 
CVE-2020-8739
CVE-2020-8740
CVE-2020-8764
2021.1 IPU – Intel® CSME, SPS and LMS Advisory
 
CVE-2020-24507 INTEL-SA-00459

 
CVE-2020-8703
2021.1 IPU – BIOS Advisory


 
CVE-2020-12358 INTEL-SA-00463


 
CVE-2020-12360
CVE-2020-24486
Intel BSSA DFT Advisory CVE-2021-0144 INTEL-SA-00525
BIOS Reference Code Advisory CVE-2021-0157 INTEL-SA-00562
2021.2 IPU - Intel® Processor Breakpoint Control Flow Advisory CVE-2021-0127 Intel-SA-00532
Intel® CSME, Intel® SPS, Intel® TXE, Intel® DAL, and Intel® AMT 2019.1 QSR Advisory

 
CVE-2019-0086 INTEL-SA-00213


 
CVE-2019-0091
CVE-2019-0093
 
Proprietary Code CVE(s) Description CVSS Base Score CVSS Vector String
CVE-2022-34390 Dell BIOS contains a use of uninitialized variable vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM.
7.5
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
CVE-2022-34391 Dell Client BIOS Versions prior to the remediated version contain an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM. 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
Third-party Component CVE(s) More Information
Intel® CSME, Intel® SPS, Intel® TXE, Intel® DAL, and Intel® AMT 2019.1 QSR Advisory

 
CVE-2019-0086 INTEL-SA-00213

 
CVE-2019-0091
CVE-2019-0093
2019.2 IPU – Intel® CSME, Intel® SPS, Intel® TXE, Intel® AMT, Intel® PTT and Intel® DAL Advisory



 
CVE-2019-0169 INTEL-SA-00241




 
CVE-2019-11147
CVE-2019-11104
CVE-2019-11090
CVE-2019-11087
CVE-2019-11101
2020.1 IPU – Intel® CSME, SPS, TXE, AMT, ISM and DAL Advisory CVE-2020-0536 INTEL-SA-00295


 
CVE-2020-0539
CVE-2020-0545
2020.2 IPU – Intel® CSME, SPS, TXE, AMT and DAL Advisory CVE-2020-8745
INTEL-SA-00391



 
CVE-2020-8705
CVE-2020-12303
CVE-2020-12355
2020.2 IPU – BIOS Advisory



 
CVE-2020-0587 INTEL-SA-00358



 
CVE-2020-0591
CVE-2020-0592
CVE-2020-0593
Intel BIOS Platform Sample Code Advisory



 
CVE-2020-8738 INTEL-SA-00390



 
CVE-2020-8739
CVE-2020-8740
CVE-2020-8764
2021.1 IPU – Intel® CSME, SPS and LMS Advisory
 
CVE-2020-24507 INTEL-SA-00459

 
CVE-2020-8703
2021.1 IPU – BIOS Advisory


 
CVE-2020-12358 INTEL-SA-00463


 
CVE-2020-12360
CVE-2020-24486
Intel BSSA DFT Advisory CVE-2021-0144 INTEL-SA-00525
BIOS Reference Code Advisory CVE-2021-0157 INTEL-SA-00562
2021.2 IPU - Intel® Processor Breakpoint Control Flow Advisory CVE-2021-0127 Intel-SA-00532
Intel® CSME, Intel® SPS, Intel® TXE, Intel® DAL, and Intel® AMT 2019.1 QSR Advisory

 
CVE-2019-0086 INTEL-SA-00213


 
CVE-2019-0091
CVE-2019-0093
 
Proprietary Code CVE(s) Description CVSS Base Score CVSS Vector String
CVE-2022-34390 Dell BIOS contains a use of uninitialized variable vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM.
7.5
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
CVE-2022-34391 Dell Client BIOS Versions prior to the remediated version contain an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM. 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
Dell Technologies recommends all customers consider both the CVSS base score and any relevant temporal and environmental scores that may impact the potential severity associated with a particular security vulnerability.

Affected Products & Remediation

See the table below for Dell Client BIOS releases containing resolutions to these vulnerabilities. Dell recommends all customers update at the earliest opportunity.

Go to the Drivers and Downloads site for updates on the applicable products. To learn more, see Dell KB article Dell BIOS Updates, and download the update for your Dell computer.

Customers may use one of the Dell notification solutions to be notified and download driver, BIOS, and firmware updates automatically once available.
 
Product BIOS Update Version BIOS Release Date
Alienware Area-51 R4 2.0.6 08/30/2022
Alienware Area-51 R5 2.0.6 08/30/2022
See the table below for Dell Client BIOS releases containing resolutions to these vulnerabilities. Dell recommends all customers update at the earliest opportunity.

Go to the Drivers and Downloads site for updates on the applicable products. To learn more, see Dell KB article Dell BIOS Updates, and download the update for your Dell computer.

Customers may use one of the Dell notification solutions to be notified and download driver, BIOS, and firmware updates automatically once available.
 
Product BIOS Update Version BIOS Release Date
Alienware Area-51 R4 2.0.6 08/30/2022
Alienware Area-51 R5 2.0.6 08/30/2022
Dell Technologies would like to thank yngweijw for reporting CVE-2022-34390 and CVE-2022-34391.

Workarounds & Mitigations

None

Revision History

RevisionDateDescription
1.02022/09/30Initial Release

Related Information

Affected Products

Alienware Area-51 R4 and R5, Product Security Information
Article Properties
Article Number: 000203882
Article Type: Dell Security Advisory
Last Modified: 30 Sep 2022
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.