PT-2022-1900 · Dell · Dell Bios

Published

2022-03-10

Updated

2023-06-30

CVE-2022-24421

CVSS v3.1

8.2

High

Vector

AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Dell BIOS (affected versions not specified)

Description The issue is caused by improper input validation in the Dell BIOS, which may allow a local authenticated malicious user to exploit the vulnerability using an SMI to gain arbitrary code execution during SMM. This can be achieved by potentially overflowing a buffer in memory.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-119

Related Identifiers

BDU:2022-01435

CVE-2022-24421

Affected Products

Dell Bios

PT-2022-1900 · Dell · Dell Bios

CVE-2022-24421

Weakness Enumeration

Related Identifiers

Affected Products

References · 12