Skip to main content
Sign Out

Welcome to Dell

My Account
  • Place orders quickly and easily
  • View orders and track your shipping status
  • Enjoy members-only rewards and discounts
  • Create and access a list of your products
  • Manage your Dell EMC sites, products, and product-level contacts using Company Administration.
Sign In Create an Account Dell Financial Services Premier Sign In Partner Program Sign In
Contact Us

Your Dell.com Carts

Article Number: 000203882

DSA-2022-269: Dell Client Platform BIOS Security Update for Alienware Area-51 R4/R5

Summary: Dell Client Consumer and Commercial platform remediation is available for these vulnerabilities that could be exploited by malicious users to compromise the affected system(s).

Article Content

Impact

High

Details

Third-party Component CVE(s) More Information
Intel® CSME, Intel® SPS, Intel® TXE, Intel® DAL, and Intel® AMT 2019.1 QSR Advisory

 		 CVE-2019-0086 INTEL-SA-00213

 
CVE-2019-0091
CVE-2019-0093
2019.2 IPU – Intel® CSME, Intel® SPS, Intel® TXE, Intel® AMT, Intel® PTT and Intel® DAL Advisory



 		 CVE-2019-0169 INTEL-SA-00241




 
CVE-2019-11147
CVE-2019-11104
CVE-2019-11090
CVE-2019-11087
CVE-2019-11101
2020.1 IPU – Intel® CSME, SPS, TXE, AMT, ISM and DAL Advisory CVE-2020-0536 INTEL-SA-00295


 
CVE-2020-0539
CVE-2020-0545
2020.2 IPU – Intel® CSME, SPS, TXE, AMT and DAL Advisory CVE-2020-8745
INTEL-SA-00391



 
CVE-2020-8705
CVE-2020-12303
CVE-2020-12355
2020.2 IPU – BIOS Advisory



 		 CVE-2020-0587 INTEL-SA-00358



 
CVE-2020-0591
CVE-2020-0592
CVE-2020-0593
Intel BIOS Platform Sample Code Advisory



 		 CVE-2020-8738 INTEL-SA-00390



 
CVE-2020-8739
CVE-2020-8740
CVE-2020-8764
2021.1 IPU – Intel® CSME, SPS and LMS Advisory
 		 CVE-2020-24507 INTEL-SA-00459

 
CVE-2020-8703
2021.1 IPU – BIOS Advisory


 		 CVE-2020-12358 INTEL-SA-00463


 
CVE-2020-12360
CVE-2020-24486
Intel BSSA DFT Advisory CVE-2021-0144 INTEL-SA-00525
BIOS Reference Code Advisory CVE-2021-0157 INTEL-SA-00562
2021.2 IPU - Intel® Processor Breakpoint Control Flow Advisory CVE-2021-0127 Intel-SA-00532
Intel® CSME, Intel® SPS, Intel® TXE, Intel® DAL, and Intel® AMT 2019.1 QSR Advisory

 		 CVE-2019-0086 INTEL-SA-00213


 
CVE-2019-0091
CVE-2019-0093
 
Proprietary Code CVE(s) Description CVSS Base Score CVSS Vector String
CVE-2022-34390 Dell BIOS contains a use of uninitialized variable vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM.
7.5		 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
CVE-2022-34391 Dell Client BIOS Versions prior to the remediated version contain an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM. 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
Third-party Component CVE(s) More Information
Intel® CSME, Intel® SPS, Intel® TXE, Intel® DAL, and Intel® AMT 2019.1 QSR Advisory

 		 CVE-2019-0086 INTEL-SA-00213

 
CVE-2019-0091
CVE-2019-0093
2019.2 IPU – Intel® CSME, Intel® SPS, Intel® TXE, Intel® AMT, Intel® PTT and Intel® DAL Advisory



 		 CVE-2019-0169 INTEL-SA-00241




 
CVE-2019-11147
CVE-2019-11104
CVE-2019-11090
CVE-2019-11087
CVE-2019-11101
2020.1 IPU – Intel® CSME, SPS, TXE, AMT, ISM and DAL Advisory CVE-2020-0536 INTEL-SA-00295


 
CVE-2020-0539
CVE-2020-0545
2020.2 IPU – Intel® CSME, SPS, TXE, AMT and DAL Advisory CVE-2020-8745
INTEL-SA-00391



 
CVE-2020-8705
CVE-2020-12303
CVE-2020-12355
2020.2 IPU – BIOS Advisory



 		 CVE-2020-0587 INTEL-SA-00358



 
CVE-2020-0591
CVE-2020-0592
CVE-2020-0593
Intel BIOS Platform Sample Code Advisory



 		 CVE-2020-8738 INTEL-SA-00390



 
CVE-2020-8739
CVE-2020-8740
CVE-2020-8764
2021.1 IPU – Intel® CSME, SPS and LMS Advisory
 		 CVE-2020-24507 INTEL-SA-00459

 
CVE-2020-8703
2021.1 IPU – BIOS Advisory


 		 CVE-2020-12358 INTEL-SA-00463


 
CVE-2020-12360
CVE-2020-24486
Intel BSSA DFT Advisory CVE-2021-0144 INTEL-SA-00525
BIOS Reference Code Advisory CVE-2021-0157 INTEL-SA-00562
2021.2 IPU - Intel® Processor Breakpoint Control Flow Advisory CVE-2021-0127 Intel-SA-00532
Intel® CSME, Intel® SPS, Intel® TXE, Intel® DAL, and Intel® AMT 2019.1 QSR Advisory

 		 CVE-2019-0086 INTEL-SA-00213


 
CVE-2019-0091
CVE-2019-0093
 
Proprietary Code CVE(s) Description CVSS Base Score CVSS Vector String
CVE-2022-34390 Dell BIOS contains a use of uninitialized variable vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM.
7.5		 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
CVE-2022-34391 Dell Client BIOS Versions prior to the remediated version contain an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM. 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
Dell Technologies recommends all customers consider both the CVSS base score and any relevant temporal and environmental scores that may impact the potential severity associated with a particular security vulnerability.

Affected Products and Remediation

See the table below for Dell Client BIOS releases containing resolutions to these vulnerabilities. Dell recommends all customers update at the earliest opportunity.

Go to the Drivers and Downloads site for updates on the applicable products. To learn more, see Dell KB article Dell BIOS Updates, and download the update for your Dell computer.

Customers may use one of the Dell notification solutions to be notified and download driver, BIOS, and firmware updates automatically once available.
 
Product BIOS Update Version BIOS Release Date
Alienware Area-51 R4 2.0.6 08/30/2022
Alienware Area-51 R5 2.0.6 08/30/2022
See the table below for Dell Client BIOS releases containing resolutions to these vulnerabilities. Dell recommends all customers update at the earliest opportunity.

Go to the Drivers and Downloads site for updates on the applicable products. To learn more, see Dell KB article Dell BIOS Updates, and download the update for your Dell computer.

Customers may use one of the Dell notification solutions to be notified and download driver, BIOS, and firmware updates automatically once available.
 
Product BIOS Update Version BIOS Release Date
Alienware Area-51 R4 2.0.6 08/30/2022
Alienware Area-51 R5 2.0.6 08/30/2022
Dell Technologies would like to thank yngweijw for reporting CVE-2022-34390 and CVE-2022-34391.

Workarounds and Mitigations

None

Revision History

RevisionDateDescription
1.02022/09/30Initial Release

Related Information

Dell Security Advisories and Notices
Dell Vulnerability Response Policy
CVSS Scoring Guide

Legal Information

Article Properties

Affected Product

Alienware Area-51 R4 and R5, Product Security Information

Last Published Date

30 Sep 2022

Version

1

Article Type

Dell Security Advisory

Back to Top