DSA-2022-053: Dell Client Platform Security Update for Multiple SMM Vulnerabilities
Riepilogo: Dell Client Consumer and Commercial platform remediation is available for multiple SMM vulnerabilities that may potentially be exploited by malicious users to compromise the affected system. ...
Questo articolo si applica a
Questo articolo non si applica a
Questo articolo non è legato a un prodotto specifico.
Non tutte le versioni del prodotto sono identificate in questo articolo.
Impatto
High
Dettagli
| Proprietary Code CVEs | Description | CVSS Base Score | CVSS Vector String |
| CVE-2022-24415 | Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution during SMM. | 8.2 |
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H |
| CVE-2022-24416 | Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution during SMM. | 8.2 |
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H |
| CVE-2022-24419 | Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution during SMM. | 8.2 |
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H |
| CVE-2022-24420 | Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution during SMM. | 8.2 |
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H |
| CVE-2022-24421 | Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution during SMM. | 8.2 |
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H |
See the table below for Dell Client BIOS releases containing resolutions to these vulnerabilities. Dell recommends all customers update at the earliest opportunity.
Go to the Drivers and Downloads site for updates on the applicable products. To learn more, see Dell KB article 124211: Dell BIOS Updates, and download the update for your Dell computer.
Customers may use one of the Dell notification solutions to be notified and download driver, BIOS, and firmware updates automatically once available.
| Proprietary Code CVEs | Description | CVSS Base Score | CVSS Vector String |
| CVE-2022-24415 | Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution during SMM. | 8.2 |
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H |
| CVE-2022-24416 | Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution during SMM. | 8.2 |
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H |
| CVE-2022-24419 | Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution during SMM. | 8.2 |
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H |
| CVE-2022-24420 | Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution during SMM. | 8.2 |
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H |
| CVE-2022-24421 | Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution during SMM. | 8.2 |
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H |
See the table below for Dell Client BIOS releases containing resolutions to these vulnerabilities. Dell recommends all customers update at the earliest opportunity.
Go to the Drivers and Downloads site for updates on the applicable products. To learn more, see Dell KB article 124211: Dell BIOS Updates, and download the update for your Dell computer.
Customers may use one of the Dell notification solutions to be notified and download driver, BIOS, and firmware updates automatically once available.
Prodotti interessati e correzione
| Product | BIOS Update Version | BIOS Release Date (MM/DD/YYYY) |
| Alienware 13 R3 | 1.16.1 | 02/22/2022 |
| Alienware 15 R3 | 1.16.1 | 02/22/2022 |
| Alienware 15 R4 | 1.17.0 | 02/17/2022 |
| Alienware 17 R4 | 1.16.1 | 02/22/2022 |
| Alienware 17 R5 | 1.17.0 | 02/17/2022 |
| Alienware Area 51m R1 | 1.18.0 | 02/17/2022 |
| Alienware Area 51m R2 | 1.13.0 | 02/17/2022 |
| Alienware Aurora R8 | 1.0.20 | 02/21/2022 |
| Alienware m15 R2 | 1.12.0 | 02/17/2022 |
| Alienware m15 R3 | 1.14.0 | 02/17/2022 |
| Alienware m15 R4 | 1.8.0 | 02/17/2022 |
| Alienware m17 R2 | 1.12.0 | 02/17/2022 |
| Alienware m17 R3 | 1.14.0 | 02/17/2022 |
| Alienware m17 R4 | 1.8.0 | 02/17/2022 |
| Alienware x15 R1 | 1.7.0 | 02/21/2022 |
| Alienware x17 R1 | 1.7.0 | 02/21/2022 |
| Dell Edge Gateway 3000 Series | 1.7.0 | 02/17/2022 |
| Dell Edge Gateway 5000/5100 | 1.17.0 | 02/17/2022 |
| Dell Embedded Box PC 3000 | 1.13.0 | 02/22/2022 |
| Dell Embedded Box PC 5000 | 1.14.0 | 02/14/2022 |
| Inspiron 14 3473 | 1.14.0 | 02/17/2022 |
| Inspiron 15 3573 | 1.14.0 | 02/17/2022 |
| Inspiron 15 5566 | 1.18.0 | 02/21/2022 |
| Inspiron 3277 | 1.19.0 | 02/21/2022 |
| Inspiron 3465 | 1.12.0 | 02/25/2022 |
| Inspiron 3477 | 1.19.0 | 02/21/2022 |
| Inspiron 3482 | 1.13.0 | 02/17/2022 |
| Inspiron 3502 | 1.7.0 | 02/17/2022 |
| Inspiron 3510 | 1.6.0 | 02/17/2022 |
| Inspiron 3565 | 1.12.0 | 02/25/2022 |
| Inspiron 3582 | 1.13.0 | 02/17/2022 |
| Inspiron 3782 | 1.13.0 | 02/17/2022 |
| Latitude 3379 | 1.0.34 | 02/22/2022 |
| Vostro 14 5468 | 1.19.0 | 02/22/2022 |
| Vostro 15 5568 | 1.19.0 | 02/22/2022 |
| Vostro 3267 | 1.20.0 | 02/15/2022 |
| Vostro 3268 | 1.20.0 | 02/15/2022 |
| Vostro 3572 | 1.14.0 | 02/17/2022 |
| Vostro 3582 | 1.13.0 | 02/17/2022 |
| Vostro 3660 | 1.20.0 | 02/15/2022 |
| Vostro 3667 | 1.20.0 | 02/15/2022 |
| Vostro 3668 | 1.20.0 | 02/15/2022 |
| Vostro 3669 | 1.20.0 | 02/15/2022 |
| Wyse 7040 Thin Client | 1.15.0 | 02/16/2022 |
| XPS 8930 | 1.1.21 | 02/21/2022 |
| Product | BIOS Update Version | BIOS Release Date (MM/DD/YYYY) |
| Alienware 13 R3 | 1.16.1 | 02/22/2022 |
| Alienware 15 R3 | 1.16.1 | 02/22/2022 |
| Alienware 15 R4 | 1.17.0 | 02/17/2022 |
| Alienware 17 R4 | 1.16.1 | 02/22/2022 |
| Alienware 17 R5 | 1.17.0 | 02/17/2022 |
| Alienware Area 51m R1 | 1.18.0 | 02/17/2022 |
| Alienware Area 51m R2 | 1.13.0 | 02/17/2022 |
| Alienware Aurora R8 | 1.0.20 | 02/21/2022 |
| Alienware m15 R2 | 1.12.0 | 02/17/2022 |
| Alienware m15 R3 | 1.14.0 | 02/17/2022 |
| Alienware m15 R4 | 1.8.0 | 02/17/2022 |
| Alienware m17 R2 | 1.12.0 | 02/17/2022 |
| Alienware m17 R3 | 1.14.0 | 02/17/2022 |
| Alienware m17 R4 | 1.8.0 | 02/17/2022 |
| Alienware x15 R1 | 1.7.0 | 02/21/2022 |
| Alienware x17 R1 | 1.7.0 | 02/21/2022 |
| Dell Edge Gateway 3000 Series | 1.7.0 | 02/17/2022 |
| Dell Edge Gateway 5000/5100 | 1.17.0 | 02/17/2022 |
| Dell Embedded Box PC 3000 | 1.13.0 | 02/22/2022 |
| Dell Embedded Box PC 5000 | 1.14.0 | 02/14/2022 |
| Inspiron 14 3473 | 1.14.0 | 02/17/2022 |
| Inspiron 15 3573 | 1.14.0 | 02/17/2022 |
| Inspiron 15 5566 | 1.18.0 | 02/21/2022 |
| Inspiron 3277 | 1.19.0 | 02/21/2022 |
| Inspiron 3465 | 1.12.0 | 02/25/2022 |
| Inspiron 3477 | 1.19.0 | 02/21/2022 |
| Inspiron 3482 | 1.13.0 | 02/17/2022 |
| Inspiron 3502 | 1.7.0 | 02/17/2022 |
| Inspiron 3510 | 1.6.0 | 02/17/2022 |
| Inspiron 3565 | 1.12.0 | 02/25/2022 |
| Inspiron 3582 | 1.13.0 | 02/17/2022 |
| Inspiron 3782 | 1.13.0 | 02/17/2022 |
| Latitude 3379 | 1.0.34 | 02/22/2022 |
| Vostro 14 5468 | 1.19.0 | 02/22/2022 |
| Vostro 15 5568 | 1.19.0 | 02/22/2022 |
| Vostro 3267 | 1.20.0 | 02/15/2022 |
| Vostro 3268 | 1.20.0 | 02/15/2022 |
| Vostro 3572 | 1.14.0 | 02/17/2022 |
| Vostro 3582 | 1.13.0 | 02/17/2022 |
| Vostro 3660 | 1.20.0 | 02/15/2022 |
| Vostro 3667 | 1.20.0 | 02/15/2022 |
| Vostro 3668 | 1.20.0 | 02/15/2022 |
| Vostro 3669 | 1.20.0 | 02/15/2022 |
| Wyse 7040 Thin Client | 1.15.0 | 02/16/2022 |
| XPS 8930 | 1.1.21 | 02/21/2022 |
Cronologia delle revisioni
| Revision | Date | Description |
| 1.0 | 2022/03/10 | Initial Release |
Ringraziamenti
Dell would like to thank JiaWei Yin (yngweijw) for reporting CVE-2022-24415 and CVE-2022-24416 and Binarly efiXplorer Team for reporting CVE-2022-24419, CVE-2022-24420, and CVE-2022-24421.
Informazioni correlate
Dichiarazione di non responsabilità
Prodotti interessati
Product Security InformationProprietà dell'articolo
Numero articolo: 000197057
Tipo di articolo: Dell Security Advisory
Ultima modifica: 18 set 2025
Trova risposta alle tue domande dagli altri utenti Dell
Support Services
Verifica che il dispositivo sia coperto dai Servizi di supporto.