CVE & CISA-KEV Catalog

CVE-2022-34409

HIGH
7.5
CVSS v3
NVD

Description

Dell PowerEdge BIOS and Dell Precision BIOS contain an Improper SMM communication buffer verification vulnerability. A local malicious user with high Privileges may potentially exploit this vulnerability to perform arbitrary code execution or cause denial of service.

How to fix

Remediation Available
c4130 firmwareNVD
Affected:< 2.16.0Fixed in:2.16.0CVE-2022-34409derived from NVD
c4140 firmwareNVD
Affected:< 2.16.1Fixed in:2.16.1CVE-2022-34409derived from NVD
c6320 firmwareNVD
Affected:< 2.16.0Fixed in:2.16.0CVE-2022-34409derived from NVD
c6420 firmwareNVD
Affected:< 2.16.1Fixed in:2.16.1CVE-2022-34409derived from NVD
c6520 firmwareNVD
Affected:< 1.8.2Fixed in:1.8.2CVE-2022-34409derived from NVD
dss8440 firmwareNVD
Affected:< 2.16.1Fixed in:2.16.1CVE-2022-34409derived from NVD
fc430 firmwareNVD
Affected:< 2.16.0Fixed in:2.16.0CVE-2022-34409derived from NVD
fc630 firmwareNVD
Affected:< 2.16.0Fixed in:2.16.0CVE-2022-34409derived from NVD
fc640 firmwareNVD
Affected:< 2.16.1Fixed in:2.16.1CVE-2022-34409derived from NVD
fc830 firmwareNVD
Affected:< 2.16.0Fixed in:2.16.0CVE-2022-34409derived from NVD
m630 firmwareNVD
Affected:< 2.16.0Fixed in:2.16.0CVE-2022-34409derived from NVD
m630p firmwareNVD
Affected:< 2.16.0Fixed in:2.16.0CVE-2022-34409derived from NVD
m640 firmwareNVD
Affected:< 2.16.1Fixed in:2.16.1CVE-2022-34409derived from NVD
m640p firmwareNVD
Affected:< 2.16.1Fixed in:2.16.1CVE-2022-34409derived from NVD
m830 firmwareNVD
Affected:< 2.16.0Fixed in:2.16.0CVE-2022-34409derived from NVD
m830p firmwareNVD
Affected:< 2.16.0Fixed in:2.16.0CVE-2022-34409derived from NVD
mx740c firmwareNVD
Affected:< 2.16.1Fixed in:2.16.1CVE-2022-34409derived from NVD
mx750c firmwareNVD
Affected:< 1.8.2Fixed in:1.8.2CVE-2022-34409derived from NVD
mx840c firmwareNVD
Affected:< 2.16.1Fixed in:2.16.1CVE-2022-34409derived from NVD
nx3230 firmwareNVD
Affected:< 2.16.0Fixed in:2.16.0CVE-2022-34409derived from NVD
nx3240 firmwareNVD
Affected:< 2.16.1Fixed in:2.16.1CVE-2022-34409derived from NVD
nx3330 firmwareNVD
Affected:< 2.16.0Fixed in:2.16.0CVE-2022-34409derived from NVD
nx3340 firmwareNVD
Affected:< 2.16.1Fixed in:2.16.1CVE-2022-34409derived from NVD
nx430 firmwareNVD
Affected:< 2.16.0Fixed in:2.16.0CVE-2022-34409derived from NVD
nx440 firmwareNVD
Affected:< 2.11.1Fixed in:2.11.1CVE-2022-34409derived from NVD
r230 firmwareNVD
Affected:< 2.16.0Fixed in:2.16.0CVE-2022-34409derived from NVD
r240 firmwareNVD
Affected:< 2.11.1Fixed in:2.11.1CVE-2022-34409derived from NVD
r250 firmwareNVD
Affected:< 1.4.2Fixed in:1.4.2CVE-2022-34409derived from NVD
r330 firmwareNVD
Affected:< 2.16.0Fixed in:2.16.0CVE-2022-34409derived from NVD
r340 firmwareNVD
Affected:< 2.11.1Fixed in:2.11.1CVE-2022-34409derived from NVD
r350 firmwareNVD
Affected:< 1.4.2Fixed in:1.4.2CVE-2022-34409derived from NVD
r430 firmwareNVD
Affected:< 2.16.0Fixed in:2.16.0CVE-2022-34409derived from NVD
r440 firmwareNVD
Affected:< 2.16.1Fixed in:2.16.1CVE-2022-34409derived from NVD
r450 firmwareNVD
Affected:< 1.8.2Fixed in:1.8.2CVE-2022-34409derived from NVD
r530 firmwareNVD
Affected:< 2.16.0Fixed in:2.16.0CVE-2022-34409derived from NVD
r540 firmwareNVD
Affected:< 2.16.1Fixed in:2.16.1CVE-2022-34409derived from NVD
r550 firmwareNVD
Affected:< 1.8.2Fixed in:1.8.2CVE-2022-34409derived from NVD
r630 firmwareNVD
Affected:< 2.16.0Fixed in:2.16.0CVE-2022-34409derived from NVD
r640 firmwareNVD
Affected:< 2.16.1Fixed in:2.16.1CVE-2022-34409derived from NVD
r6415 firmwareNVD
Affected:< 1.19.0Fixed in:1.19.0CVE-2022-34409derived from NVD
r650 firmwareNVD
Affected:< 1.8.2Fixed in:1.8.2CVE-2022-34409derived from NVD
r650xs firmwareNVD
Affected:< 1.8.2Fixed in:1.8.2CVE-2022-34409derived from NVD
r6515 firmwareNVD
Affected:< 2.9.3Fixed in:2.9.3CVE-2022-34409derived from NVD
r6525 firmwareNVD
Affected:< 2.9.3Fixed in:2.9.3CVE-2022-34409derived from NVD
r730 firmwareNVD
Affected:< 2.16.0Fixed in:2.16.0CVE-2022-34409derived from NVD
r730xd firmwareNVD
Affected:< 2.16.0Fixed in:2.16.0CVE-2022-34409derived from NVD
r740 firmwareNVD
Affected:< 2.16.1Fixed in:2.16.1CVE-2022-34409derived from NVD
r740xd2 firmwareNVD
Affected:< 2.16.1Fixed in:2.16.1CVE-2022-34409derived from NVD
r740xd firmwareNVD
Affected:< 2.16.1Fixed in:2.16.1CVE-2022-34409derived from NVD
r7415 firmwareNVD
Affected:< 1.19.0Fixed in:1.19.0CVE-2022-34409derived from NVD
r7425 firmwareNVD
Affected:< 1.19.0Fixed in:1.19.0CVE-2022-34409derived from NVD
r750 firmwareNVD
Affected:< 1.8.2Fixed in:1.8.2CVE-2022-34409derived from NVD
r750xa firmwareNVD
Affected:< 1.8.2Fixed in:1.8.2CVE-2022-34409derived from NVD
r750xs firmwareNVD
Affected:< 1.8.2Fixed in:1.8.2CVE-2022-34409derived from NVD
r7515 firmwareNVD
Affected:< 2.9.3Fixed in:2.9.3CVE-2022-34409derived from NVD
r7525 firmwareNVD
Affected:< 2.9.3Fixed in:2.9.3CVE-2022-34409derived from NVD
r830 firmwareNVD
Affected:< 1.16.0Fixed in:1.16.0CVE-2022-34409derived from NVD
r840 firmwareNVD
Affected:< 2.16.1Fixed in:2.16.1CVE-2022-34409derived from NVD
r930 firmwareNVD
Affected:< 2.16.0Fixed in:2.16.0CVE-2022-34409derived from NVD
r940 firmwareNVD
Affected:< 2.16.1Fixed in:2.16.1CVE-2022-34409derived from NVD
r940xa firmwareNVD
Affected:< 2.16.1Fixed in:2.16.1CVE-2022-34409derived from NVD
t130 firmwareNVD
Affected:< 2.16.0Fixed in:2.16.0CVE-2022-34409derived from NVD
t140 firmwareNVD
Affected:< 2.11.1Fixed in:2.11.1CVE-2022-34409derived from NVD
t150 firmwareNVD
Affected:< 1.4.2Fixed in:1.4.2CVE-2022-34409derived from NVD
t330 firmwareNVD
Affected:< 2.16.0Fixed in:2.16.0CVE-2022-34409derived from NVD
t340 firmwareNVD
Affected:< 2.11.1Fixed in:2.11.1CVE-2022-34409derived from NVD
t350 firmwareNVD
Affected:< 1.4.2Fixed in:1.4.2CVE-2022-34409derived from NVD
t430 firmwareNVD
Affected:< 2.16.0Fixed in:2.16.0CVE-2022-34409derived from NVD
t440 firmwareNVD
Affected:< 2.16.1Fixed in:2.16.1CVE-2022-34409derived from NVD
t550 firmwareNVD
Affected:< 1.8.2Fixed in:1.8.2CVE-2022-34409derived from NVD
t630 firmwareNVD
Affected:< 2.16.0Fixed in:2.16.0CVE-2022-34409derived from NVD
t640 firmwareNVD
Affected:< 2.16.1Fixed in:2.16.1CVE-2022-34409derived from NVD
xe2420 firmwareNVD
Affected:< 2.16.0Fixed in:2.16.0CVE-2022-34409derived from NVD
xe7420 firmwareNVD
Affected:< 2.16.1Fixed in:2.16.1CVE-2022-34409derived from NVD
xe7440 firmwareNVD
Affected:< 2.16.1Fixed in:2.16.1CVE-2022-34409derived from NVD
xe8545 firmwareNVD
Affected:< 2.9.4Fixed in:2.9.4CVE-2022-34409derived from NVD
xr11 firmwareNVD
Affected:< 1.8.2Fixed in:1.8.2CVE-2022-34409derived from NVD
xr12 firmwareNVD
Affected:< 1.8.2Fixed in:1.8.2CVE-2022-34409derived from NVD
xr2 firmwareNVD
Affected:< 2.16.1Fixed in:2.16.1CVE-2022-34409derived from NVD

Remediation is compiled from vendor and distribution security advisories. Always confirm against the linked source for your exact version and platform.

CVSS v3 Vector

Exploitability

Attack VectorLocal
Attack ComplexityHigh
Privileges RequiredHigh
User InteractionNone
ScopeChanged

Impact

ConfidentialityHigh
IntegrityHigh
AvailabilityHigh

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

Exploit Intelligence

0.17%probability of exploitation in 30 days
7thpercentile

Low risk: more likely to be exploited than 7% of all known CVEs.

References

Patch1

Related Vulnerabilities

Other CWE-119 (Buffer Overflow) vulnerabilities, ordered by exploit likelihood. View all

CVESeverityCVSSEPSSExploitedFix
CVE-2023-4966Critical9.4100%KEV + RansomFix
CVE-2017-11882High7.8100%KEV + Ransom-
CVE-2020-0796Critical10.0100%KEV + Ransom-
CVE-2008-4250Critical9.899%KEV-
CVE-2017-15944Critical9.898%KEVFix
CVE-2015-0014High10.097%--
Embed a live status badge for CVE-2022-34409
CVE-2022-34409 severity badge

Markdown

[![CVE-2022-34409](https://tridentstack.com/cve/badge/CVE-2022-34409.svg)](https://tridentstack.com/cve/CVE-2022-34409)

HTML

<a href="https://tridentstack.com/cve/CVE-2022-34409"><img src="https://tridentstack.com/cve/badge/CVE-2022-34409.svg" alt="CVE-2022-34409"></a>

Find and fix vulnerabilities across your fleet

TridentStack Control continuously scans your Windows, macOS, and Linux fleet for known vulnerabilities, prioritizes them by severity and active exploitation, and patches them automatically.

Start free

This product uses NVD data but is not endorsed or certified by the NVD. EPSS scores courtesy of FIRST.org (https://www.first.org/epss). Source: CISA KEV Catalog. Data as of 2024-11-21.