The five vulnerabilities are tracked as CVE-2022-24415, CVE-2022-24416, CVE-2022-24419, CVE-2022-24420, and CVE-2022-24421. These high-severity vulnerabilities are rated 8.2 out of 10 on the CVSS scoring system.
According to Binarly, a firmware security firm, “The active exploitation of all the discovered vulnerabilities can’t be detected by firmware integrity monitoring systems due to limitations of the Trusted Platform Module (TPM) measurement. The remote device health attestation solutions will not detect the affected systems due to the design limitations invisibility of the firmware runtime.”
The flaws are related to improper input validation which affects the System Management Mode (SMM) of the firmware. This allows bad actors to local authenticate and leverage the system management interrupt (SMI) to achieve arbitrary code execution.
The affected System Management Mode is a special-purpose CPU mode in x86 microcontrollers designed to handle system-wide functions such as power management, system hardware control, thermal monitoring, and other proprietary manufacturer-developed code.
A nonmaskable interrupt(SMI) is invoked at runtime every time one of these operations is requested. It executes the SMM code installed by the BIOS if the SMM code executes at the highest privilege level and is invisible to the underlying operating system. This way it makes it ripe for abuse to deploy persistent firmware implants.
Dell has also recommended its users to upgrade their BIOS at the “earliest opportunity“, as many of its products including Alienware, Inspiron, Vostro line-ups, and Edge Gateway 3000 Series, are impacted.
Binarly researchers said, “The ongoing discovery of these vulnerabilities demonstrate what we describe as ‘repeatable failures’ around the lack of input sanitation or, in general, insecure coding practices.”
Further, they added, “These failures are a direct consequence of the complexity of the codebase or support for legacy components that get less security attention, but are still widely deployed in the field. In many cases, the same vulnerability can be fixed over multiple iterations, and still, the complexity of the attack surface leaves open gaps for malicious exploitation.”
More than 40000 London Voters Have Data Leaked to Strangers
HubSpot CRM tool hacked leading to Data Breaches at BlockFi, Swan Bitcoin, NYDIG and Circle
Blackmatter Affiliates Spreading BlackCat Ransomware