Dell recently released a security bulletin to
announce CVE-2022-24415, CVE-2022-24416, CVE-2022-24419, CVE-2022-24420, and CVE-2022-24421
vulnerabilities. These vulnerabilities have a CVSS score of 8.2. The vulnerability is related to improper input validation of the firmware system management mode (SMM), which can be exploited by an attacker to interrupt SMI for arbitrary code execution.
System management mode refers to a dedicated CPU mode in x86 microcontrollers designed to handle system-wide functions such as power management, system hardware control, temperature monitoring, and other manufacturer-developed proprietary code. Whenever one of these operations is requested, the SMI is called in the Runtime, which executes the BIOS-installed SMM code.
Given that SMM code executes with the highest privileges and is invisible to the underlying operating system, these vulnerabilities, if exploited, could allow the deployment of persistent malicious code.
It is worth noting that because the execution is invisible to the underlying operating system, even if a hacker exploits a vulnerability to launch an attack, it cannot be detected by conventional methods. For example, installing security software on the operating system cannot theoretically detect the exploit.
Therefore, although security companies have discovered these vulnerabilities, it is impossible to know whether hackers have exploited these vulnerabilities. The only thing consumers and enterprises can do is to upgrade the BIOS to block the vulnerabilities. At present, Dell has released a new version of the BIOS to fix these vulnerabilities.
Affected product lines include Dell Alienware, Dell Inspiron, Dell Vostro, Dell Edge Gateway 3000 series, etc. Dell’s security advice is that users upgrade the BIOS immediately.