CVE-2022-34423

Vulnerability

An improper SMM communication buffer verification vulnerability exists in Dell PowerEdge BIOS and Dell Precision BIOS. The affected products include various PowerEdge server models and Precision workstation models. When a local user with high privileges invokes a System Management Interrupt (SMI) handler, the firmware fails to properly validate the communication buffer between the OS and SMM. This allows the attacker to corrupt SMM memory. The vulnerability is identified as CVE-2022-34423 [1].

Exploitation

Exploitation requires local access to the system with high privileges (such as root or administrator rights). The attacker must be able to trigger an SMI that invokes the vulnerable handler. By crafting a malicious SMM communication buffer, the attacker can overwrite SMM memory regions. No user interaction beyond the initial privilege escalation is needed [1].

Impact

A successful attack can result in arbitrary code execution within the System Management Mode (SMM), which runs at the highest privilege level on the platform. Alternatively, the attacker could cause a denial of service by corrupting critical SMM data structures. The impact is limited to the local system but can lead to persistent firmware compromise [1].

Mitigation

Dell has released BIOS updates to address this vulnerability. Affected users should update to the latest BIOS version for their PowerEdge or Precision system as specified in Dell Security Advisory DSA-2022-204. No workaround is available other than applying the patch. The vulnerability is not listed on the CISA Known Exploited Vulnerabilities (KEV) catalog as of the publication date [1].