CVE-2022-34419

Vulnerability

The vulnerability exists in the System Management Mode (SMM) communication buffer verification in Dell PowerEdge BIOS and Dell Precision BIOS. An improper verification of SMM communication buffers allows a local attacker with high privileges to potentially execute arbitrary code in SMM or cause a denial of service. Affected versions include those listed in Dell Security Advisory DSA-2022-204 [1].

Exploitation

To exploit, the attacker must have local access with high privileges (e.g., root or administrator). The attacker triggers a System Management Interrupt (SMI) that sends a crafted communication buffer to SMM. The improper verification fails to validate the buffer, leading to memory corruption within SMM [1].

Impact

Successful exploitation allows arbitrary code execution within SMM, which operates at the highest privilege level. This can lead to full compromise of the system, including bypassing OS-level security controls, or cause a denial of service. The CVSS score for this specific CVE is not disclosed in the available references.

Mitigation

Dell has released BIOS updates to address this vulnerability. Users should apply the latest BIOS version for their specific Dell PowerEdge or Precision model as specified in Dell Security Advisory DSA-2022-204 [1]. No workarounds are available; updating the firmware is the recommended mitigation.