4 Dell BIOS Bugs Affect Millions of Inspiron, Vostro, Alienware Devices

CVE-2022-34393

Four new security vulnerabilities have been disclosed in Dell BIOS that, if successfully exploited, could lead to code execution and read certain sections on vulnerable systems.

Tracked as CVE-2022-34401 (CVSS score of 7.5) and affecting three Dell models (Alienware m15 A6, Alienware m17 Ryzen Edition R5, Dell G15 5525), the first of the bugs impacts the SMI (system management interrupt) function and could be abused by a local attacker to execute arbitrary code.

Dell BIOS contains a stack-based buffer overflow vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to send larger than expected input to a parameter in order to gain arbitrary code execution in SMRAM,” Dell said in an advisory.

Fifteen other Dell models are impacted by CVE-2022-34399 (CVSS score of 5.1), a security hole that exists because BIOS modules exist a buffer access vulnerability that an attacker with administrator privileges to read certain sections.

Tracked as CVE-2022-34393 and CVE-2022-34460, the third and four of the vulnerabilities affect Dell notebook models, and “a local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM” the computer maker explains.

Both CVE-2022-34393 and CVE-2022-34460 are rated 7.5 out of 10 on the CVSS scoring system.

A number of Dell products, including G5 SE 5505, Inspiron, and Vostro line-ups are impacted and Dell says it has already released BIOS updates for the affected devices. Dell recommends all customers update at the earliest opportunity.