CVE-2022-24421

Q: What is the severity of CVE-2022-24421?

CVE-2022-24421 has a CVSS score of 8.2 (HIGH). CVE-2022-24421 is a BIOS vulnerability in Dell systems where improper input validation allows a local authenticated attacker to execute arbitrary code in System Management Mode (SMM) via System Management Interrupt (SMI). This affects Dell client platforms with vulnerable BIOS versions. Attackers could gain high-privilege access to the system firmware.

8.2 HIGH

📋 TL;DR

CVE-2022-24421 is a BIOS vulnerability in Dell systems where improper input validation allows a local authenticated attacker to execute arbitrary code in System Management Mode (SMM) via System Management Interrupt (SMI). This affects Dell client platforms with vulnerable BIOS versions. Attackers could gain high-privilege access to the system firmware.

💻 Affected Systems

Products:

Dell Latitude
Dell Precision
Dell OptiPlex
Dell XPS
Dell Inspiron
Dell Vostro

Versions: Various BIOS versions prior to fixes released in March 2022

Operating Systems: Windows, Linux, All OSes running on affected hardware

Default Config Vulnerable: ⚠️ Yes

Notes: Affects multiple Dell client platforms. Check Dell advisory for specific models and BIOS versions.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attacker gains persistent firmware-level access, installs undetectable malware, bypasses OS security controls, and potentially bricks the system.

🟠

Likely Case

Local attacker escalates privileges to SMM level, gains control over hardware resources, and bypasses OS security mechanisms.

🟢

If Mitigated

With proper BIOS updates and SMM protections, exploitation is prevented, maintaining system integrity.

🌐 Internet-Facing: LOW - Requires local authenticated access, not directly exploitable over network.

🏢 Internal Only: HIGH - Local authenticated attackers (including compromised accounts) can exploit this for privilege escalation.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires local authenticated access and SMM exploitation knowledge. SMM exploitation is complex but well-documented in security research.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: BIOS updates released March 2022 and later

Vendor Advisory: https://www.dell.com/support/kbdoc/en-us/000197057/dsa-2022-053

Restart Required: Yes

Instructions:

1. Identify your Dell model and current BIOS version. 2. Download appropriate BIOS update from Dell Support site. 3. Run BIOS update executable with administrator privileges. 4. Restart system when prompted. 5. Verify BIOS version after update.

🔧 Temporary Workarounds

Restrict physical and local administrative access

all

Limit who has physical access to systems and reduce local administrator privileges to minimize attack surface.

Enable BIOS/UEFI password protection

all

Set BIOS administrator password to prevent unauthorized BIOS modifications.

🧯 If You Can't Patch

Isolate affected systems on network segments with strict access controls
Implement application whitelisting and endpoint detection to monitor for suspicious SMM activity

🔍 How to Verify

Check if Vulnerable:

Check BIOS version in system settings (F2 during boot) or using 'wmic bios get smbiosbiosversion' on Windows, then compare with Dell's patched versions list.

Check Version:

Windows: wmic bios get smbiosbiosversion | Linux: sudo dmidecode -s bios-version

Verify Fix Applied:

Verify BIOS version matches or exceeds patched version from Dell advisory. Check that SMM protections are enabled in BIOS settings.

📡 Detection & Monitoring

Log Indicators:

Unexpected BIOS/UEFI update attempts
SMI handler modifications
Privilege escalation to SYSTEM/SMM level

Network Indicators:

Unusual outbound connections from system management interfaces

SIEM Query:

EventID=12 OR EventID=13 (System boot/restart) with suspicious process names OR Privilege escalation patterns

📊 Metadata

CVE ID: CVE-2022-24421

CVSS v3 Score: 8.2 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

CWE: CWE-119

Published: March 11, 2022

Last Updated: November 21, 2024

🔗 References

https://www.dell.com/support/kbdoc/en-us/000197057/dsa-2022-053 Vendor Advisory
https://www.dell.com/support/kbdoc/en-us/000197057/dsa-2022-053 Vendor Advisory

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Alienware 13 R3 Firmware by Dell

Alienware 15 R3 Firmware by Dell

Alienware 15 R4 Firmware by Dell

Alienware 17 R4 Firmware by Dell

Alienware 17 R5 Firmware by Dell

Alienware Area 51m R1 Firmware by Dell

Alienware Area 51m R2 Firmware by Dell

Alienware Aurora R8 Firmware by Dell

Alienware M15 R2 Firmware by Dell

Alienware M15 R3 Firmware by Dell

Alienware M15 R4 Firmware by Dell

Alienware M17 R2 Firmware by Dell

Alienware M17 R3 Firmware by Dell

Alienware M17 R4 Firmware by Dell

Alienware X15 R1 Firmware by Dell

Alienware X17 R1 Firmware by Dell

Edge Gateway 3000 Firmware by Dell

Edge Gateway 5000 Firmware by Dell

Edge Gateway 5100 Firmware by Dell

Embedded Box Pc 3000 Firmware by Dell

Embedded Box Pc 5000 Firmware by Dell

Inspiron 14 3473 Firmware by Dell

Inspiron 15 3573 Firmware by Dell

Inspiron 15 5566 Firmware by Dell

Inspiron 3277 Firmware by Dell

Inspiron 3465 Firmware by Dell

Inspiron 3477 Firmware by Dell

Inspiron 3482 Firmware by Dell

Inspiron 3502 Firmware by Dell

Inspiron 3510 Firmware by Dell

Inspiron 3565 Firmware by Dell

Inspiron 3582 Firmware by Dell

Inspiron 3782 Firmware by Dell

Latitude 3379 Firmware by Dell

Vostro 14 5468 Firmware by Dell

Vostro 15 5568 Firmware by Dell

Vostro 3267 Firmware by Dell

Vostro 3268 Firmware by Dell

Vostro 3572 Firmware by Dell

Vostro 3582 Firmware by Dell

Vostro 3660 Firmware by Dell

Vostro 3667 Firmware by Dell

Vostro 3668 Firmware by Dell

Vostro 3669 Firmware by Dell

Wyse 7040 Thin Client Firmware by Dell

Xps 8930 Firmware by Dell