8.2
HIGH
CVE-2022-24421
"Dell BIOS SMM Code Execution Vulnerability"
Description

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution during SMM.

INFO

Published Date :

March 11, 2022, 10:15 p.m.

Last Modified :

Nov. 21, 2024, 6:50 a.m.

Remotely Exploitable :

No

Impact Score :

6.0

Exploitability Score :

1.5
Affected Products

The following products are affected by CVE-2022-24421 vulnerability. Even if cvefeed.io is aware of the exact versions of the products that are affected, the information is not represented in the table below.

ID Vendor Product Action
1 Dell cpg_bios
2 Dell edge_gateway_3000_firmware
3 Dell edge_gateway_5000_firmware
4 Dell embedded_box_pc_3000_firmware
5 Dell alienware_area_51m_r1_firmware
6 Dell alienware_area_51m_r2_firmware
7 Dell alienware_m15_r2_firmware
8 Dell alienware_m15_r3_firmware
9 Dell alienware_m15_r4_firmware
10 Dell alienware_m17_r2_firmware
11 Dell alienware_m17_r3_firmware
12 Dell alienware_m17_r4_firmware
13 Dell alienware_x15_r1_firmware
14 Dell alienware_x17_r1_firmware
15 Dell embedded_box_pc_5000_firmware
16 Dell inspiron_3482_firmware
17 Dell inspiron_3502_firmware
18 Dell inspiron_3510_firmware
19 Dell inspiron_3582_firmware
20 Dell inspiron_3782_firmware
21 Dell vostro_3267_firmware
22 Dell vostro_3268_firmware
23 Dell vostro_3582_firmware
24 Dell vostro_3667_firmware
25 Dell vostro_3668_firmware
26 Dell vostro_3669_firmware
27 Dell wyse_7040_thin_client_firmware
28 Dell latitude_3379_firmware
29 Dell vostro_3660_firmware
30 Dell alienware_13_r3_firmware
31 Dell alienware_15_r3_firmware
32 Dell alienware_15_r4_firmware
33 Dell alienware_17_r4_firmware
34 Dell alienware_17_r5_firmware
35 Dell alienware_aurora_r8_firmware
36 Dell inspiron_15_5566_firmware
37 Dell inspiron_3277_firmware
38 Dell inspiron_3477_firmware
39 Dell vostro_14_5468_firmware
40 Dell vostro_15_5568_firmware
41 Dell xps_8930_firmware
42 Dell inspiron_14_3473_firmware
43 Dell inspiron_15_3573_firmware
44 Dell edge_gateway_5100_firmware
45 Dell inspiron_3465_firmware
46 Dell inspiron_3565_firmware
47 Dell vostro_3572_firmware
48 Dell edge_gateway_5000
49 Dell edge_gateway_3000
50 Dell embedded_box_pc_3000
51 Dell embedded_box_pc_5000
52 Dell wyse_7040_thin_client
53 Dell alienware_area_51m_r2
54 Dell alienware_m15_r3
55 Dell alienware_m15_r4
56 Dell alienware_m17_r3
57 Dell alienware_m17_r4
58 Dell alienware_x15_r1
59 Dell alienware_x17_r1
60 Dell inspiron_3502
61 Dell edge_gateway_5100
62 Dell latitude_3379
63 Dell vostro_3267
64 Dell vostro_3268
65 Dell vostro_3660
66 Dell vostro_3667
67 Dell vostro_3668
68 Dell vostro_3669
69 Dell inspiron_14_3473
70 Dell inspiron_15_5566
71 Dell vostro_14_5468
72 Dell vostro_15_5568
73 Dell alienware_13_r3
74 Dell alienware_15_r3
75 Dell alienware_15_r4
76 Dell alienware_17_r4
77 Dell alienware_17_r5
78 Dell alienware_area_51m_r1
79 Dell alienware_aurora_r8
80 Dell alienware_m15_r2
81 Dell alienware_m17_r2
82 Dell inspiron_3277
83 Dell inspiron_3477
84 Dell xps_8930
85 Dell inspiron_15_3573
86 Dell inspiron_3482
87 Dell inspiron_3510
88 Dell inspiron_3582
89 Dell inspiron_3782
90 Dell inspiron_3465
91 Dell inspiron_3565
92 Dell vostro_3572
93 Dell vostro_3582
References to Advisories, Solutions, and Tools

Here, you will find a curated list of external links that provide in-depth information, practical solutions, and valuable tools related to CVE-2022-24421.

URL Resource
https://www.dell.com/support/kbdoc/en-us/000197057/dsa-2022-053 Vendor Advisory
https://www.dell.com/support/kbdoc/en-us/000197057/dsa-2022-053 Vendor Advisory

We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).

Results are limited to the first 15 repositories due to potential performance issues.

The following list is the news that have been mention CVE-2022-24421 vulnerability anywhere in the article.

The following table lists the changes that have been made to the CVE-2022-24421 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.

  • CVE Modified by af854a3a-2127-422b-91ae-364da2661108

    Nov. 21, 2024

    Action Type Old Value New Value
    Added Reference https://www.dell.com/support/kbdoc/en-us/000197057/dsa-2022-053
  • CVE Modified by [email protected]

    May. 14, 2024

    Action Type Old Value New Value
  • Reanalysis by [email protected]

    Jun. 30, 2023

    Action Type Old Value New Value
    Removed CWE NIST CWE-20
    Added CWE NIST CWE-119
  • Initial Analysis by [email protected]

    Mar. 18, 2022

    Action Type Old Value New Value
    Added CVSS V2 NIST (AV:L/AC:L/Au:N/C:C/I:C/A:C)
    Added CVSS V3.1 NIST AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
    Changed Reference Type https://www.dell.com/support/kbdoc/en-us/000197057/dsa-2022-053 No Types Assigned https://www.dell.com/support/kbdoc/en-us/000197057/dsa-2022-053 Vendor Advisory
    Added CWE NIST CWE-20
    Added CPE Configuration AND OR *cpe:2.3:o:dell:alienware_13_r3_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 1.16.1 OR cpe:2.3:h:dell:alienware_13_r3:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:dell:alienware_15_r3_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 1.16.1 OR cpe:2.3:h:dell:alienware_15_r3:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:dell:alienware_15_r4_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 1.17.0 OR cpe:2.3:h:dell:alienware_15_r4:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:dell:alienware_17_r4_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 1.16.1 OR cpe:2.3:h:dell:alienware_17_r4:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:dell:alienware_17_r5_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 1.17.0 OR cpe:2.3:h:dell:alienware_17_r5:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:dell:alienware_area_51m_r1_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 1.18.0 OR cpe:2.3:h:dell:alienware_area_51m_r1:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:dell:alienware_area_51m_r2_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 1.13.0 OR cpe:2.3:h:dell:alienware_area_51m_r2:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:dell:alienware_aurora_r8_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 1.0.20 OR cpe:2.3:h:dell:alienware_aurora_r8:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:dell:alienware_m15_r2_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 1.12.0 OR cpe:2.3:h:dell:alienware_m15_r2:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:dell:alienware_m15_r3_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 1.14.0 OR cpe:2.3:h:dell:alienware_m15_r3:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:dell:alienware_m15_r4_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 1.8.0 OR cpe:2.3:h:dell:alienware_m15_r4:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:dell:alienware_m17_r2_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 1.12.0 OR cpe:2.3:h:dell:alienware_m17_r2:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:dell:alienware_m17_r3_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 1.14.0 OR cpe:2.3:h:dell:alienware_m17_r3:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:dell:alienware_m17_r4_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 1.8.0 OR cpe:2.3:h:dell:alienware_m17_r4:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:dell:alienware_x15_r1_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 1.7.0 OR cpe:2.3:h:dell:alienware_x15_r1:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:dell:alienware_x17_r1_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 1.7.0 OR cpe:2.3:h:dell:alienware_x17_r1:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:dell:edge_gateway_3000_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 1.7.0 OR cpe:2.3:h:dell:edge_gateway_3000:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:dell:edge_gateway_5000_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 1.17.0 OR cpe:2.3:h:dell:edge_gateway_5000:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:dell:edge_gateway_5100_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 1.17.0 OR cpe:2.3:h:dell:edge_gateway_5100:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:dell:embedded_box_pc_3000_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 1.13.0 OR cpe:2.3:h:dell:embedded_box_pc_3000:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:dell:embedded_box_pc_5000_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 1.14.0 OR cpe:2.3:h:dell:embedded_box_pc_5000:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:dell:inspiron_14_3473_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 1.14.0 OR cpe:2.3:h:dell:inspiron_14_3473:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:dell:inspiron_15_3573_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 1.14.0 OR cpe:2.3:h:dell:inspiron_15_3573:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:dell:inspiron_15_5566_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 1.18.0 OR cpe:2.3:h:dell:inspiron_15_5566:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:dell:inspiron_3277_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 1.19.0 OR cpe:2.3:h:dell:inspiron_3277:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:dell:inspiron_3465_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 1.12.0 OR cpe:2.3:h:dell:inspiron_3465:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:dell:inspiron_3477_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 1.19.0 OR cpe:2.3:h:dell:inspiron_3477:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:dell:inspiron_3482_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 1.13.0 OR cpe:2.3:h:dell:inspiron_3482:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:dell:inspiron_3502_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 1.7.0 OR cpe:2.3:h:dell:inspiron_3502:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:dell:inspiron_3510_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 1.6.0 OR cpe:2.3:h:dell:inspiron_3510:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:dell:inspiron_3565_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 1.12.0 OR cpe:2.3:h:dell:inspiron_3565:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:dell:inspiron_3582_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 1.13.0 OR cpe:2.3:h:dell:inspiron_3582:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:dell:inspiron_3782_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 1.13.0 OR cpe:2.3:h:dell:inspiron_3782:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:dell:latitude_3379_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 1.0.34 OR cpe:2.3:h:dell:latitude_3379:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:dell:vostro_14_5468_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 1.19.0 OR cpe:2.3:h:dell:vostro_14_5468:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:dell:vostro_15_5568_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 1.19.0 OR cpe:2.3:h:dell:vostro_15_5568:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:dell:vostro_3267_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 1.20.0 OR cpe:2.3:h:dell:vostro_3267:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:dell:vostro_3268_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 1.20.0 OR cpe:2.3:h:dell:vostro_3268:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:dell:vostro_3572_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 1.14.0 OR cpe:2.3:h:dell:vostro_3572:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:dell:vostro_3582_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 1.13.0 OR cpe:2.3:h:dell:vostro_3582:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:dell:vostro_3660_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 1.20.0 OR cpe:2.3:h:dell:vostro_3660:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:dell:vostro_3667_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 1.20.0 OR cpe:2.3:h:dell:vostro_3667:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:dell:vostro_3668_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 1.20.0 OR cpe:2.3:h:dell:vostro_3668:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:dell:vostro_3669_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 1.20.0 OR cpe:2.3:h:dell:vostro_3669:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:dell:wyse_7040_thin_client_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 1.15.0 OR cpe:2.3:h:dell:wyse_7040_thin_client:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:dell:xps_8930_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 1.1.21 OR cpe:2.3:h:dell:xps_8930:-:*:*:*:*:*:*:*
EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days. Following chart shows the EPSS score history of the vulnerability.
Exploit Prediction

EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days.

0.04 }} 0.00%

score

0.05635

percentile

CVSS31 - Vulnerability Scoring System
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability