CVE-2022-34409 - Vulnerability Details

Description

Dell PowerEdge BIOS and Dell Precision BIOS contain an Improper SMM communication buffer verification vulnerability. A local malicious user with high Privileges may potentially exploit this vulnerability to perform arbitrary code execution or cause denial of service.

Published: 2023-03-16

Score: 7.5 High

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Analysis and contextual insights are available on OpenCVE Cloud.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Dell

PowerEdge Platform

unaffected

Version	Status	Constraints
`14G,15G`	affected	—

Configuration 1 [-]

AND

cpe:2.3:o:dell:r6515_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:r6515:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:dell:r7515_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:r7515:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:dell:r6525_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:r6525:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:dell:r7525_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:r7525:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:dell:xe8545_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:xe8545:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND

cpe:2.3:o:dell:c6525_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:c6525:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND

cpe:2.3:o:dell:r6415_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:r6415:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND

cpe:2.3:o:dell:r7415_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:r7415:-:*:*:*:*:*:*:*

Configuration 9 [-]

AND

cpe:2.3:o:dell:r7425_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:r7425:-:*:*:*:*:*:*:*

Configuration 10 [-]

AND

cpe:2.3:o:dell:r750_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:r750:-:*:*:*:*:*:*:*

Configuration 11 [-]

AND

cpe:2.3:o:dell:r750xa_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:r750xa:-:*:*:*:*:*:*:*

Configuration 12 [-]

AND

cpe:2.3:o:dell:r650_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:r650:-:*:*:*:*:*:*:*

Configuration 13 [-]

AND

cpe:2.3:o:dell:c6520_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:c6520:-:*:*:*:*:*:*:*

Configuration 14 [-]

AND

cpe:2.3:o:dell:mx750c_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:mx750c:-:*:*:*:*:*:*:*

Configuration 15 [-]

AND

cpe:2.3:o:dell:r450_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:r450:-:*:*:*:*:*:*:*

Configuration 16 [-]

AND

cpe:2.3:o:dell:r550_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:r550:-:*:*:*:*:*:*:*

Configuration 17 [-]

AND

cpe:2.3:o:dell:r650xs_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:r650xs:-:*:*:*:*:*:*:*

Configuration 18 [-]

AND

cpe:2.3:o:dell:r750xs_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:r750xs:-:*:*:*:*:*:*:*

Configuration 19 [-]

AND

cpe:2.3:o:dell:t550_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:t550:-:*:*:*:*:*:*:*

Configuration 20 [-]

AND

cpe:2.3:o:dell:xr11_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:xr11:-:*:*:*:*:*:*:*

Configuration 21 [-]

AND

cpe:2.3:o:dell:xr12_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:xr12:-:*:*:*:*:*:*:*

Configuration 22 [-]

AND

cpe:2.3:o:dell:r250_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:r250:-:*:*:*:*:*:*:*

Configuration 23 [-]

AND

cpe:2.3:o:dell:r350_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:r350:-:*:*:*:*:*:*:*

Configuration 24 [-]

AND

cpe:2.3:o:dell:t150_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:t150:-:*:*:*:*:*:*:*

Configuration 25 [-]

AND

cpe:2.3:o:dell:t350_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:t350:-:*:*:*:*:*:*:*

Configuration 26 [-]

AND

cpe:2.3:o:dell:r740_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:r740:-:*:*:*:*:*:*:*

Configuration 27 [-]

AND

cpe:2.3:o:dell:r740xd_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:r740xd:-:*:*:*:*:*:*:*

Configuration 28 [-]

AND

cpe:2.3:o:dell:r640_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:r640:-:*:*:*:*:*:*:*

Configuration 29 [-]

AND

cpe:2.3:o:dell:r940_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:r940:-:*:*:*:*:*:*:*

Configuration 30 [-]

AND

cpe:2.3:o:dell:r540_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:r540:-:*:*:*:*:*:*:*

Configuration 31 [-]

AND

cpe:2.3:o:dell:r440_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:r440:-:*:*:*:*:*:*:*

Configuration 32 [-]

AND

cpe:2.3:o:dell:t440_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:t440:-:*:*:*:*:*:*:*

Configuration 33 [-]

AND

cpe:2.3:o:dell:xr2_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:xr2:-:*:*:*:*:*:*:*

Configuration 34 [-]

AND

cpe:2.3:o:dell:r740xd2_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:r740xd2:-:*:*:*:*:*:*:*

Configuration 35 [-]

AND

cpe:2.3:o:dell:r840_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:r840:-:*:*:*:*:*:*:*

Configuration 36 [-]

AND

cpe:2.3:o:dell:r940xa_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:r940xa:-:*:*:*:*:*:*:*

Configuration 37 [-]

AND

cpe:2.3:o:dell:t640_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:t640:-:*:*:*:*:*:*:*

Configuration 38 [-]

AND

cpe:2.3:o:dell:c6420_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:c6420:-:*:*:*:*:*:*:*

Configuration 39 [-]

AND

cpe:2.3:o:dell:fc640_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:fc640:-:*:*:*:*:*:*:*

Configuration 40 [-]

AND

cpe:2.3:o:dell:m640_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:m640:-:*:*:*:*:*:*:*

Configuration 41 [-]

AND

cpe:2.3:o:dell:m640p_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:m640p:-:*:*:*:*:*:*:*

Configuration 42 [-]

AND

cpe:2.3:o:dell:mx740c_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:mx740c:-:*:*:*:*:*:*:*

Configuration 43 [-]

AND

cpe:2.3:o:dell:mx840c_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:mx840c:-:*:*:*:*:*:*:*

Configuration 44 [-]

AND

cpe:2.3:o:dell:c4140_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:c4140:-:*:*:*:*:*:*:*

Configuration 45 [-]

AND

cpe:2.3:o:dell:dss8440_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:dss8440:-:*:*:*:*:*:*:*

Configuration 46 [-]

AND

cpe:2.3:o:dell:t140_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:t140:-:*:*:*:*:*:*:*

Configuration 47 [-]

AND

cpe:2.3:o:dell:t340_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:t340:-:*:*:*:*:*:*:*

Configuration 48 [-]

AND

cpe:2.3:o:dell:r240_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:r240:-:*:*:*:*:*:*:*

Configuration 49 [-]

AND

cpe:2.3:o:dell:r340_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:r340:-:*:*:*:*:*:*:*

Configuration 50 [-]

AND

cpe:2.3:o:dell:xe2420_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:xe2420:-:*:*:*:*:*:*:*

Configuration 51 [-]

AND

cpe:2.3:o:dell:xe7420_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:xe7420:-:*:*:*:*:*:*:*

Configuration 52 [-]

AND

cpe:2.3:o:dell:xe7440_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:xe7440:-:*:*:*:*:*:*:*

Configuration 53 [-]

AND

cpe:2.3:o:dell:r730_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:r730:-:*:*:*:*:*:*:*

Configuration 54 [-]

AND

cpe:2.3:o:dell:r730xd_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:r730xd:-:*:*:*:*:*:*:*

Configuration 55 [-]

AND

cpe:2.3:o:dell:r630_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:r630:-:*:*:*:*:*:*:*

Configuration 56 [-]

AND

cpe:2.3:o:dell:c4130_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:c4130:-:*:*:*:*:*:*:*

Configuration 57 [-]

AND

cpe:2.3:o:dell:r930_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:r930:-:*:*:*:*:*:*:*

Configuration 58 [-]

AND

cpe:2.3:o:dell:m630_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:m630:-:*:*:*:*:*:*:*

Configuration 59 [-]

AND

cpe:2.3:o:dell:m630p_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:m630p:-:*:*:*:*:*:*:*

Configuration 60 [-]

AND

cpe:2.3:o:dell:fc630_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:fc630:-:*:*:*:*:*:*:*

Configuration 61 [-]

AND

cpe:2.3:o:dell:fc430_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:fc430:-:*:*:*:*:*:*:*

Configuration 62 [-]

AND

cpe:2.3:o:dell:m830_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:m830:-:*:*:*:*:*:*:*

Configuration 63 [-]

AND

cpe:2.3:o:dell:m830p_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:m830p:-:*:*:*:*:*:*:*

Configuration 64 [-]

AND

cpe:2.3:o:dell:fc830_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:fc830:-:*:*:*:*:*:*:*

Configuration 65 [-]

AND

cpe:2.3:o:dell:t630_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:t630:-:*:*:*:*:*:*:*

Configuration 66 [-]

AND

cpe:2.3:o:dell:r530_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:r530:-:*:*:*:*:*:*:*

Configuration 67 [-]

AND

cpe:2.3:o:dell:r430_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:r430:-:*:*:*:*:*:*:*

Configuration 68 [-]

AND

cpe:2.3:o:dell:t430_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:t430:-:*:*:*:*:*:*:*

Configuration 69 [-]

AND

cpe:2.3:o:dell:r830_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:r830:-:*:*:*:*:*:*:*

Configuration 70 [-]

AND

cpe:2.3:o:dell:c6320_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:c6320:-:*:*:*:*:*:*:*

Configuration 71 [-]

AND

cpe:2.3:o:dell:t130_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:t130:-:*:*:*:*:*:*:*

Configuration 72 [-]

AND

cpe:2.3:o:dell:r230_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:r230:-:*:*:*:*:*:*:*

Configuration 73 [-]

AND

cpe:2.3:o:dell:t330_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:t330:-:*:*:*:*:*:*:*

Configuration 74 [-]

AND

cpe:2.3:o:dell:r330_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:r330:-:*:*:*:*:*:*:*

Configuration 75 [-]

AND

cpe:2.3:o:dell:nx430_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:nx430:-:*:*:*:*:*:*:*

Configuration 76 [-]

AND

cpe:2.3:o:dell:nx3230_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:nx3230:-:*:*:*:*:*:*:*

Configuration 77 [-]

AND

cpe:2.3:o:dell:nx3330_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:nx3330:-:*:*:*:*:*:*:*

Configuration 78 [-]

AND

cpe:2.3:o:dell:nx440_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:nx440:-:*:*:*:*:*:*:*

Configuration 79 [-]

AND

cpe:2.3:o:dell:nx3240_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:nx3240:-:*:*:*:*:*:*:*

Configuration 80 [-]

AND

cpe:2.3:o:dell:nx3340_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:nx3340:-:*:*:*:*:*:*:*

No data.

No data available yet.

Remediation

No vendor fix or workaround currently provided.

Additional remediation guidance may be available on OpenCVE Cloud.

Tracking

Sign in to view the affected projects.

Advisories

Source	ID	Title
EUVD	EUVD-2022-37364	Dell PowerEdge BIOS and Dell Precision BIOS contain an Improper SMM communication buffer verification vulnerability. A local malicious user with high Privileges may potentially exploit this vulnerability to perform arbitrary code execution or cause denial of service.

No CVSS v4.0

Attack Vector Local

Attack Complexity High

Privileges Required High

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00056.

Exploitation none

Automatable no

Technical Impact total

References

Link	Providers
https://www.dell.com/support/kbdoc/en-us/000206296/dsa-2022-204-dell-poweredge-improper-smm-communication-buffer-verification-vulnerability

History

Tue, 04 Mar 2025 03:45:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Subscriptions

Dell C4130 C4130 Firmware C4140 C4140 Firmware C6320 C6320 Firmware C6420 C6420 Firmware C6520 C6520 Firmware C6525 C6525 Firmware Dss8440 Dss8440 Firmware Fc430 Fc430 Firmware Fc630 Fc630 Firmware Fc640 Fc640 Firmware Fc830 Fc830 Firmware M630 M630 Firmware M630p M630p Firmware M640 M640 Firmware M640p M640p Firmware M830 M830 Firmware M830p M830p Firmware Mx740c Mx740c Firmware Mx750c Mx750c Firmware Mx840c Mx840c Firmware Nx3230 Nx3230 Firmware Nx3240 Nx3240 Firmware Nx3330 Nx3330 Firmware Nx3340 Nx3340 Firmware Nx430 Nx430 Firmware Nx440 Nx440 Firmware R230 R230 Firmware R240 R240 Firmware R250 R250 Firmware R330 R330 Firmware R340 R340 Firmware R350 R350 Firmware R430 R430 Firmware R440 R440 Firmware R450 R450 Firmware R530 R530 Firmware R540 R540 Firmware R550 R550 Firmware R630 R630 Firmware R640 R640 Firmware R6415 R6415 Firmware R650 R650 Firmware R650xs R650xs Firmware R6515 R6515 Firmware R6525 R6525 Firmware R730 R730 Firmware R730xd R730xd Firmware R740 R740 Firmware R740xd R740xd2 R740xd2 Firmware R740xd Firmware R7415 R7415 Firmware R7425 R7425 Firmware R750 R750 Firmware R750xa R750xa Firmware R750xs R750xs Firmware R7515 R7515 Firmware R7525 R7525 Firmware R830 R830 Firmware R840 R840 Firmware R930 R930 Firmware R940 R940 Firmware R940xa R940xa Firmware T130 T130 Firmware T140 T140 Firmware T150 T150 Firmware T330 T330 Firmware T340 T340 Firmware T350 T350 Firmware T430 T430 Firmware T440 T440 Firmware T550 T550 Firmware T630 T630 Firmware T640 T640 Firmware Xe2420 Xe2420 Firmware Xe7420 Xe7420 Firmware Xe7440 Xe7440 Firmware Xe8545 Xe8545 Firmware Xr11 Xr11 Firmware Xr12 Xr12 Firmware Xr2 Xr2 Firmware

MITRE

Status: PUBLISHED

Assigner: dell

Published: 2023-03-16T11:26:00.563Z

Updated: 2025-02-26T18:57:23.837Z

Reserved: 2022-06-23T18:55:17.103Z

Link: CVE-2022-34409

Vulnrichment

Updated: 2024-08-03T09:07:16.288Z

NVD

Status : Modified

Published: 2023-03-16T12:15:10.137

Modified: 2024-11-21T07:09:28.170

Link: CVE-2022-34409

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

CWE-119

Tracking

Attack Vector Local

Attack Complexity High

Privileges Required High

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Exploitation none

Automatable no

Technical Impact total

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object