Five new security vulnerabilities have been found in the Dell BIOS that, if exploited, could lead to code execution on the vulnerable systems. Exploitation of these vulnerabilities is undetectable by remote device health attestation solutions due to the limitations in visibility of the firmware runtime, making exploitation harder to detect.
All five security vulnerabilities have been rated as an 8.2 out of 10 on the CVSS scoring system and are being tracked as:
- CVE-2022-24415
- CVE-2022-24416
- CVE-2022-24419
- CVE-2022-24420
- CVE-2022-24421
All of the flaws relate to an improper input validation affecting the System Management Mode (SMM) of the firmware. Exploitation of these vulnerabilities would allow a local authenticated attacker to leverage the system management interrupt (SMI) to achieve code execution.
Since SMM code is executed at the highest privilege level and is invisible to the operating system, these vulnerabilities could allow an attacker to deploy a persistent firmware implant and maintain access to the system even if its hard drive or operating system is replaced.