8.2
HIGH
CVE-2022-24420
Dell BIOS SMM Code Execution Vulnerability
Description

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution during SMM.

INFO

Published Date :

March 11, 2022, 10:15 p.m.

Last Modified :

June 30, 2023, 6:41 p.m.

Remotely Exploitable :

No

Impact Score :

6.0

Exploitability Score :

1.5
Affected Products

The following products are affected by CVE-2022-24420 vulnerability. Even if cvefeed.io is aware of the exact versions of the products that are affected, the information is not represented in the table below.

ID Vendor Product Action
1 Dell cpg_bios
2 Dell edge_gateway_3000_firmware
3 Dell edge_gateway_5000_firmware
4 Dell embedded_box_pc_3000_firmware
5 Dell alienware_area_51m_r1_firmware
6 Dell alienware_area_51m_r2_firmware
7 Dell alienware_m15_r2_firmware
8 Dell alienware_m15_r3_firmware
9 Dell alienware_m15_r4_firmware
10 Dell alienware_m17_r2_firmware
11 Dell alienware_m17_r3_firmware
12 Dell alienware_m17_r4_firmware
13 Dell alienware_x15_r1_firmware
14 Dell alienware_x17_r1_firmware
15 Dell embedded_box_pc_5000_firmware
16 Dell inspiron_3482_firmware
17 Dell inspiron_3502_firmware
18 Dell inspiron_3510_firmware
19 Dell inspiron_3582_firmware
20 Dell inspiron_3782_firmware
21 Dell vostro_3267_firmware
22 Dell vostro_3268_firmware
23 Dell vostro_3582_firmware
24 Dell vostro_3667_firmware
25 Dell vostro_3668_firmware
26 Dell vostro_3669_firmware
27 Dell wyse_7040_thin_client_firmware
28 Dell latitude_3379_firmware
29 Dell vostro_3660_firmware
30 Dell alienware_13_r3_firmware
31 Dell alienware_15_r3_firmware
32 Dell alienware_15_r4_firmware
33 Dell alienware_17_r4_firmware
34 Dell alienware_17_r5_firmware
35 Dell alienware_aurora_r8_firmware
36 Dell inspiron_15_5566_firmware
37 Dell inspiron_3277_firmware
38 Dell inspiron_3477_firmware
39 Dell vostro_14_5468_firmware
40 Dell vostro_15_5568_firmware
41 Dell xps_8930_firmware
42 Dell inspiron_14_3473_firmware
43 Dell inspiron_15_3573_firmware
44 Dell edge_gateway_5100_firmware
45 Dell inspiron_3465_firmware
46 Dell inspiron_3565_firmware
47 Dell vostro_3572_firmware
References to Advisories, Solutions, and Tools

Here, you will find a curated list of external links that provide in-depth information, practical solutions, and valuable tools related to CVE-2022-24420.

URL Resource
https://www.dell.com/support/kbdoc/en-us/000197057/dsa-2022-053 Vendor Advisory

We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).

Results are limited to the first 15 repositories due to potential performance issues.

The following list is the news that have been mention CVE-2022-24420 vulnerability anywhere in the article.

The following table lists the changes that have been made to the CVE-2022-24420 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.

  • CVE Modified by [email protected]

    May. 14, 2024

    Action Type Old Value New Value
  • Reanalysis by [email protected]

    Jun. 30, 2023

    Action Type Old Value New Value
    Removed CWE NIST CWE-20
    Added CWE NIST CWE-119
  • Initial Analysis by [email protected]

    Mar. 18, 2022

    Action Type Old Value New Value
    Added CVSS V2 NIST (AV:L/AC:L/Au:N/C:C/I:C/A:C)
    Added CVSS V3.1 NIST AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
    Changed Reference Type https://www.dell.com/support/kbdoc/en-us/000197057/dsa-2022-053 No Types Assigned https://www.dell.com/support/kbdoc/en-us/000197057/dsa-2022-053 Vendor Advisory
    Added CWE NIST CWE-20
    Added CPE Configuration AND OR *cpe:2.3:o:dell:alienware_13_r3_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 1.16.1 OR cpe:2.3:h:dell:alienware_13_r3:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:dell:alienware_15_r3_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 1.16.1 OR cpe:2.3:h:dell:alienware_15_r3:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:dell:alienware_15_r4_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 1.17.0 OR cpe:2.3:h:dell:alienware_15_r4:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:dell:alienware_17_r4_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 1.16.1 OR cpe:2.3:h:dell:alienware_17_r4:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:dell:alienware_17_r5_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 1.17.0 OR cpe:2.3:h:dell:alienware_17_r5:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:dell:alienware_area_51m_r1_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 1.18.0 OR cpe:2.3:h:dell:alienware_area_51m_r1:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:dell:alienware_area_51m_r2_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 1.13.0 OR cpe:2.3:h:dell:alienware_area_51m_r2:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:dell:alienware_aurora_r8_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 1.0.20 OR cpe:2.3:h:dell:alienware_aurora_r8:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:dell:alienware_m15_r2_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 1.12.0 OR cpe:2.3:h:dell:alienware_m15_r2:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:dell:alienware_m15_r3_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 1.14.0 OR cpe:2.3:h:dell:alienware_m15_r3:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:dell:alienware_m15_r4_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 1.8.0 OR cpe:2.3:h:dell:alienware_m15_r4:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:dell:alienware_m17_r2_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 1.12.0 OR cpe:2.3:h:dell:alienware_m17_r2:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:dell:alienware_m17_r3_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 1.14.0 OR cpe:2.3:h:dell:alienware_m17_r3:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:dell:alienware_m17_r4_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 1.8.0 OR cpe:2.3:h:dell:alienware_m17_r4:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:dell:alienware_x15_r1_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 1.7.0 OR cpe:2.3:h:dell:alienware_x15_r1:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:dell:alienware_x17_r1_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 1.7.0 OR cpe:2.3:h:dell:alienware_x17_r1:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:dell:edge_gateway_3000_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 1.7.0 OR cpe:2.3:h:dell:edge_gateway_3000:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:dell:edge_gateway_5000_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 1.17.0 OR cpe:2.3:h:dell:edge_gateway_5000:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:dell:edge_gateway_5100_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 1.17.0 OR cpe:2.3:h:dell:edge_gateway_5100:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:dell:embedded_box_pc_3000_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 1.13.0 OR cpe:2.3:h:dell:embedded_box_pc_3000:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:dell:embedded_box_pc_5000_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 1.14.0 OR cpe:2.3:h:dell:embedded_box_pc_5000:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:dell:inspiron_14_3473_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 1.14.0 OR cpe:2.3:h:dell:inspiron_14_3473:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:dell:inspiron_15_3573_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 1.14.0 OR cpe:2.3:h:dell:inspiron_15_3573:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:dell:inspiron_15_5566_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 1.18.0 OR cpe:2.3:h:dell:inspiron_15_5566:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:dell:inspiron_3277_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 1.19.0 OR cpe:2.3:h:dell:inspiron_3277:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:dell:inspiron_3465_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 1.12.0 OR cpe:2.3:h:dell:inspiron_3465:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:dell:inspiron_3477_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 1.19.0 OR cpe:2.3:h:dell:inspiron_3477:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:dell:inspiron_3482_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 1.13.0 OR cpe:2.3:h:dell:inspiron_3482:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:dell:inspiron_3502_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 1.7.0 OR cpe:2.3:h:dell:inspiron_3502:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:dell:inspiron_3510_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 1.6.0 OR cpe:2.3:h:dell:inspiron_3510:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:dell:inspiron_3565_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 1.12.0 OR cpe:2.3:h:dell:inspiron_3565:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:dell:inspiron_3582_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 1.13.0 OR cpe:2.3:h:dell:inspiron_3582:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:dell:inspiron_3782_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 1.13.0 OR cpe:2.3:h:dell:inspiron_3782:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:dell:latitude_3379_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 1.0.34 OR cpe:2.3:h:dell:latitude_3379:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:dell:vostro_14_5468_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 1.19.0 OR cpe:2.3:h:dell:vostro_14_5468:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:dell:vostro_15_5568_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 1.19.0 OR cpe:2.3:h:dell:vostro_15_5568:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:dell:vostro_3267_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 1.20.0 OR cpe:2.3:h:dell:vostro_3267:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:dell:vostro_3268_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 1.20.0 OR cpe:2.3:h:dell:vostro_3268:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:dell:vostro_3572_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 1.14.0 OR cpe:2.3:h:dell:vostro_3572:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:dell:vostro_3582_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 1.13.0 OR cpe:2.3:h:dell:vostro_3582:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:dell:vostro_3660_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 1.20.0 OR cpe:2.3:h:dell:vostro_3660:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:dell:vostro_3667_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 1.20.0 OR cpe:2.3:h:dell:vostro_3667:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:dell:vostro_3668_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 1.20.0 OR cpe:2.3:h:dell:vostro_3668:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:dell:vostro_3669_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 1.20.0 OR cpe:2.3:h:dell:vostro_3669:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:dell:wyse_7040_thin_client_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 1.15.0 OR cpe:2.3:h:dell:wyse_7040_thin_client:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:dell:xps_8930_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 1.1.21 OR cpe:2.3:h:dell:xps_8930:-:*:*:*:*:*:*:*
EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days. Following chart shows the EPSS score history of the vulnerability.
Exploit Prediction

EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days.

0.04 }} 0.00%

score

0.05635

percentile

CVSS31 - Vulnerability Scoring System
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability