Serious vulnerabilities found in the BIOS of millions of Dell
Software

Serious vulnerabilities found in the BIOS of millions of Dell computers affecting the Inspiron, Vostro, XPS and Alienware series

Five new vulnerabilities have been identified in the BIOS of Dell computers that could allow arbitrary code execution on affected systems. These errors have been added to Insyde Software’s list of recently discovered UEFI issues.

Image source: thehackernews.com

Image source: thehackernews.com

New vulnerabilities are tracked under the identifiers CVE-2022-24415, CVE-2022-24416, CVE-2022-24419, CVE-2022-24420, and CVE-2022-24421. They all pose a serious threat and are rated 8.2 out of 10 on the CVSS scale. All of the new vulnerabilities are related to improper validation of input data and affect the system management mode of the firmware, which allows an authorized attacker to use an interrupt operation to execute arbitrary code.

Recall that SMM mode is designed to work out system-wide features like power and hardware management, thermal energy monitoring, etc. SMM code set by BIOS. Since the SMM code runs at the highest privilege level, this method can be used to inject malicious code.

Experts from the Binarly company, who discovered the mentioned flaws, note that solutions for remotely checking the health of devices are not able to identify vulnerable systems due to design limitations in the visibility of the firmware execution environment. The new vulnerabilities are reported to affect a range of Dell products including Alienware, Inspiron, Vostro, XPS and Edge Gateway series devices. The manufacturer recommends users to update the BIOS on their devices as soon as possible.

.

RELATED TOPICS

About the author

Robbie Elmers

Robbie Elmers is a staff writer for Tech News Space, covering software, applications and services.

Add Comment

Click here to post a comment