Five new security weaknesses in the Dell BIOS have been disclosed that, if successfully exploited, could lead to code execution on vulnerable systems. These risks at the UEFI level are not new, they were announced in 2016 and are still present no matter how much the brands try to show the contrary.
The information has been released by Binarly, a company specialized in protecting devices from emerging firmware and hardware threats using modern artificial intelligence, after working together with the brand to resolve these vulnerabilities by coordinating the application of patches to code execution vulnerabilities. of the Dell BIOS.
Five different vulnerabilities
Registered as CVE-2022-24415, CVE-2022-24416, CVE-2022-24419, CVE-2022-24420, and CVE-2022-24421, the high-severity vulnerabilities are rated 8.2 out of 10 on the security system. Common Vulnerability Scoring System (CVSS), a free and open industry standard for assessing the severity of computer system security vulnerabilities.
The description of these five vulnerabilities is as follows: « Dell BIOS contains an incorrect input validation vulnerability. A locally authenticated malicious user can potentially exploit this vulnerability by using a system management interrupt (SMI) to gain arbitrary code execution during system administration (SMM).”
In essence, they are based on the UsbRt AMI attack vector , which is widespread in the industry and exposes massive attack surfaces in corporate networks. The UsbRt vulnerability was first discovered in 2016 and was named Aptiocalypsis. However, due to the complexity of the code, multiple variants of the bug were later discovered.
AMI stated that it “resolved and closed this security issue several years ago”, but these new indications show that it is still in the BIOS, so the Binarly team recommends removing the UsbRt component from future UEFI firmware updates to reduce the footprint. attack. Due to the complexity of the code in this component, it is difficult to maintain this code and absorb an acceptable security risk from running arbitrary code in System Management Mode (SMM).
System management mode refers to a special purpose CPU mode on x86 microcontrollers that is designed to handle system-wide functions such as power management, system hardware control, thermal monitoring, and other manufacturer-developed code owner.
Affected Dell Products and Correction
From the manufacturer, of which at least Binarly acknowledges that “about three months passed from when the problem was reported until the patch was released, when the usual schedule with other providers is almost six months”, they have recommended updating the BIOS of all clients as soon as possible.
Critical vulnerabilities Dell
The full list of affected computers is a mix of Dell products including Alienware, Inspiron, Vostro, and Edge Gateway 3000 Series:
- Alienware 13 R3
- Alienware 15 R3
- Alienware 15 R4
- Alienware 17 R4
- Alienware 17 R5
- Alienware Area 51m R1
- Alienware Area 51m R2
- Alienware Aurora R8
- Alienware m15 R2
- Alienware m15 R3
- Alienware m15 R4
- Alienware m17 R2
- Alienware m17 R3
- Alienware m17 R4
- Alienware x15 R1
- Alienware x17 R1
- Dell Edge Gateway 3000 Series
- Dell Edge Gateway 5000/5100
- Dell Embedded Box PC 3000
- Dell Embedded Box PC 5000
- Inspiron 14 3473
- Inspiron 15 3573
- Inspiron 15 5566
- Inspiron 3277
- Inspiron 3465
- Inspiron 3477
- Inspiron 3482
- Inspiron 3502
- Inspiron 3510
- Inspiron 3565
- Inspiron 3582
- Inspiron 3782
- Latitude 3379
- You 14 5468
- You 15 5568
- vostro 3267
- vostro 3268
- vostro 3572
- vostro 3582
- voice 3660
- you 3667
- you 3668
- you 3669
- Wyse 7040 Thin Client
- XPS 8930