CVE-2022-34421

Vulnerability

CVE-2022-34421 is an improper SMM (System Management Mode) communication buffer verification vulnerability in the BIOS of Dell PowerEdge and Dell Precision systems. The affected products include multiple models; users should refer to the Dell Security Advisory [DSA-2022-204] [1] for the complete list of impacted versions. The flaw occurs when the System Management Interrupt (SMI) handler fails to properly validate the communication buffer passed between the operating system and SMM. A local attacker with high privileges can craft a malicious SMI to trigger the vulnerability.

Exploitation

Exploitation requires local access to the system and high privileges (e.g., Administrator or root). An attacker with such privileges can send a specially crafted SMI to the SMM handler. The improper buffer verification allows the attacker to corrupt SMM memory or execute arbitrary code within SMM. No user interaction beyond the attacker's own actions is needed.

Impact

Successful exploitation can lead to arbitrary code execution within System Management Mode (SMM), which operates at the highest privilege level on x86 systems (ring -2). The CVSS v3.1 vector is CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H with a base score of 7.5, indicating high impact on confidentiality, integrity, and availability. The attacker can also cause a denial of service (DoS) condition. Gaining code execution in SMM allows bypassing most OS-level security measures.

Mitigation

Dell released a firmware update to address this vulnerability. Users should update their system BIOS to the fixed version provided in the Dell Security Advisory [DSA-2022-204] [1]. The advisory includes specific BIOS versions for each affected model. No workarounds are available; applying the patch is the only mitigation. The vulnerability is not listed on the CISA Known Exploited Vulnerabilities (KEV) catalog as of March 2023.