CVE-2022-24420

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution during SMM.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:dell:alienware_13_r3_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:alienware_13_r3:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:dell:alienware_15_r3_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:alienware_15_r3:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:dell:alienware_15_r4_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:alienware_15_r4:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:dell:alienware_17_r4_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:alienware_17_r4:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:dell:alienware_17_r5_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:alienware_17_r5:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:o:dell:alienware_area_51m_r1_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:alienware_area_51m_r1:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
cpe:2.3:o:dell:alienware_area_51m_r2_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:alienware_area_51m_r2:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND
cpe:2.3:o:dell:alienware_aurora_r8_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:alienware_aurora_r8:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND
cpe:2.3:o:dell:alienware_m15_r2_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:alienware_m15_r2:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND
cpe:2.3:o:dell:alienware_m15_r3_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:alienware_m15_r3:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND
cpe:2.3:o:dell:alienware_m15_r4_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:alienware_m15_r4:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND
cpe:2.3:o:dell:alienware_m17_r2_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:alienware_m17_r2:-:*:*:*:*:*:*:*

Configuration 13 (hide)

AND
cpe:2.3:o:dell:alienware_m17_r3_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:alienware_m17_r3:-:*:*:*:*:*:*:*

Configuration 14 (hide)

AND
cpe:2.3:o:dell:alienware_m17_r4_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:alienware_m17_r4:-:*:*:*:*:*:*:*

Configuration 15 (hide)

AND
cpe:2.3:o:dell:alienware_x15_r1_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:alienware_x15_r1:-:*:*:*:*:*:*:*

Configuration 16 (hide)

AND
cpe:2.3:o:dell:alienware_x17_r1_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:alienware_x17_r1:-:*:*:*:*:*:*:*

Configuration 17 (hide)

AND
cpe:2.3:o:dell:edge_gateway_3000_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:edge_gateway_3000:-:*:*:*:*:*:*:*

Configuration 18 (hide)

AND
cpe:2.3:o:dell:edge_gateway_5000_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:edge_gateway_5000:-:*:*:*:*:*:*:*

Configuration 19 (hide)

AND
cpe:2.3:o:dell:edge_gateway_5100_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:edge_gateway_5100:-:*:*:*:*:*:*:*

Configuration 20 (hide)

AND
cpe:2.3:o:dell:embedded_box_pc_3000_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:embedded_box_pc_3000:-:*:*:*:*:*:*:*

Configuration 21 (hide)

AND
cpe:2.3:o:dell:embedded_box_pc_5000_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:embedded_box_pc_5000:-:*:*:*:*:*:*:*

Configuration 22 (hide)

AND
cpe:2.3:o:dell:inspiron_14_3473_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:inspiron_14_3473:-:*:*:*:*:*:*:*

Configuration 23 (hide)

AND
cpe:2.3:o:dell:inspiron_15_3573_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:inspiron_15_3573:-:*:*:*:*:*:*:*

Configuration 24 (hide)

AND
cpe:2.3:o:dell:inspiron_15_5566_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:inspiron_15_5566:-:*:*:*:*:*:*:*

Configuration 25 (hide)

AND
cpe:2.3:o:dell:inspiron_3277_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:inspiron_3277:-:*:*:*:*:*:*:*

Configuration 26 (hide)

AND
cpe:2.3:o:dell:inspiron_3465_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:inspiron_3465:-:*:*:*:*:*:*:*

Configuration 27 (hide)

AND
cpe:2.3:o:dell:inspiron_3477_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:inspiron_3477:-:*:*:*:*:*:*:*

Configuration 28 (hide)

AND
cpe:2.3:o:dell:inspiron_3482_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:inspiron_3482:-:*:*:*:*:*:*:*

Configuration 29 (hide)

AND
cpe:2.3:o:dell:inspiron_3502_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:inspiron_3502:-:*:*:*:*:*:*:*

Configuration 30 (hide)

AND
cpe:2.3:o:dell:inspiron_3510_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:inspiron_3510:-:*:*:*:*:*:*:*

Configuration 31 (hide)

AND
cpe:2.3:o:dell:inspiron_3565_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:inspiron_3565:-:*:*:*:*:*:*:*

Configuration 32 (hide)

AND
cpe:2.3:o:dell:inspiron_3582_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:inspiron_3582:-:*:*:*:*:*:*:*

Configuration 33 (hide)

AND
cpe:2.3:o:dell:inspiron_3782_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:inspiron_3782:-:*:*:*:*:*:*:*

Configuration 34 (hide)

AND
cpe:2.3:o:dell:latitude_3379_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:latitude_3379:-:*:*:*:*:*:*:*

Configuration 35 (hide)

AND
cpe:2.3:o:dell:vostro_14_5468_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:vostro_14_5468:-:*:*:*:*:*:*:*

Configuration 36 (hide)

AND
cpe:2.3:o:dell:vostro_15_5568_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:vostro_15_5568:-:*:*:*:*:*:*:*

Configuration 37 (hide)

AND
cpe:2.3:o:dell:vostro_3267_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:vostro_3267:-:*:*:*:*:*:*:*

Configuration 38 (hide)

AND
cpe:2.3:o:dell:vostro_3268_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:vostro_3268:-:*:*:*:*:*:*:*

Configuration 39 (hide)

AND
cpe:2.3:o:dell:vostro_3572_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:vostro_3572:-:*:*:*:*:*:*:*

Configuration 40 (hide)

AND
cpe:2.3:o:dell:vostro_3582_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:vostro_3582:-:*:*:*:*:*:*:*

Configuration 41 (hide)

AND
cpe:2.3:o:dell:vostro_3660_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:vostro_3660:-:*:*:*:*:*:*:*

Configuration 42 (hide)

AND
cpe:2.3:o:dell:vostro_3667_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:vostro_3667:-:*:*:*:*:*:*:*

Configuration 43 (hide)

AND
cpe:2.3:o:dell:vostro_3668_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:vostro_3668:-:*:*:*:*:*:*:*

Configuration 44 (hide)

AND
cpe:2.3:o:dell:vostro_3669_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:vostro_3669:-:*:*:*:*:*:*:*

Configuration 45 (hide)

AND
cpe:2.3:o:dell:wyse_7040_thin_client_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:wyse_7040_thin_client:-:*:*:*:*:*:*:*

Configuration 46 (hide)

AND
cpe:2.3:o:dell:xps_8930_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:xps_8930:-:*:*:*:*:*:*:*

History

21 Nov 2024, 06:50

Type Values Removed Values Added
References () https://www.dell.com/support/kbdoc/en-us/000197057/dsa-2022-053 - Vendor Advisory () https://www.dell.com/support/kbdoc/en-us/000197057/dsa-2022-053 - Vendor Advisory
CVSS v2 : 7.2
v3 : 7.8
v2 : 7.2
v3 : 8.2

30 Jun 2023, 18:41

Type Values Removed Values Added
CWE CWE-20 CWE-119

Information

Published : 2022-03-11 22:15

Updated : 2024-11-21 06:50


NVD link : CVE-2022-24420

Mitre link : CVE-2022-24420

CVE.ORG link : CVE-2022-24420


JSON object : View

Products Affected

dell

  • inspiron_3782
  • alienware_x15_r1
  • inspiron_15_5566_firmware
  • vostro_15_5568
  • xps_8930_firmware
  • alienware_m17_r4_firmware
  • wyse_7040_thin_client_firmware
  • alienware_x17_r1
  • alienware_15_r3_firmware
  • alienware_13_r3_firmware
  • inspiron_15_3573
  • vostro_3668
  • inspiron_14_3473
  • embedded_box_pc_3000_firmware
  • alienware_m17_r4
  • inspiron_3477_firmware
  • inspiron_3582_firmware
  • alienware_m15_r3_firmware
  • alienware_15_r4_firmware
  • vostro_3267
  • inspiron_14_3473_firmware
  • vostro_3268_firmware
  • alienware_aurora_r8_firmware
  • alienware_aurora_r8
  • alienware_15_r4
  • inspiron_3277_firmware
  • inspiron_3510_firmware
  • inspiron_3465
  • inspiron_3510
  • vostro_3667_firmware
  • alienware_area_51m_r1
  • edge_gateway_5100
  • alienware_area_51m_r2
  • alienware_area_51m_r2_firmware
  • alienware_m15_r4_firmware
  • alienware_17_r4
  • edge_gateway_3000
  • inspiron_15_3573_firmware
  • alienware_m17_r3_firmware
  • vostro_3668_firmware
  • vostro_3268
  • alienware_m15_r2
  • alienware_15_r3
  • vostro_15_5568_firmware
  • inspiron_3565_firmware
  • alienware_17_r5
  • latitude_3379_firmware
  • latitude_3379
  • alienware_17_r5_firmware
  • alienware_m15_r4
  • inspiron_3277
  • inspiron_15_5566
  • vostro_3660_firmware
  • vostro_3582
  • xps_8930
  • vostro_3669
  • inspiron_3565
  • inspiron_3582
  • vostro_3572
  • vostro_3582_firmware
  • inspiron_3502_firmware
  • inspiron_3502
  • vostro_3669_firmware
  • vostro_3667
  • alienware_area_51m_r1_firmware
  • alienware_x15_r1_firmware
  • vostro_14_5468
  • embedded_box_pc_5000
  • inspiron_3782_firmware
  • alienware_m17_r3
  • edge_gateway_5000_firmware
  • embedded_box_pc_3000
  • alienware_m15_r3
  • inspiron_3477
  • inspiron_3482_firmware
  • edge_gateway_3000_firmware
  • alienware_13_r3
  • alienware_m17_r2
  • alienware_m15_r2_firmware
  • vostro_3267_firmware
  • vostro_14_5468_firmware
  • alienware_17_r4_firmware
  • embedded_box_pc_5000_firmware
  • inspiron_3465_firmware
  • edge_gateway_5100_firmware
  • vostro_3572_firmware
  • inspiron_3482
  • wyse_7040_thin_client
  • alienware_m17_r2_firmware
  • vostro_3660
  • edge_gateway_5000
  • alienware_x17_r1_firmware
CWE
CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer