New vulnerabilities in Dell BIOS, including some that might be exploited to execute code on affected computers, have been discovered by researchers. Thеre are five high-severity vulnerabilities, tracked as CVE-2022-24415, CVE-2022-24416, CVE-2022-24420, and CVE-2022-24421, that require utmost attention.
Firmware security company Binarly, which found three of the vulnerabilities, claims that active exploitation of all of the reported weaknesses cannot be detected by firmware integrity monitoring solutions due to restrictions in the Trusted Platform Module (TPM) measurement. As per what has been explained, there are technical limitations that prevent the remote device health attestation solutions from detecting systems that have been infected.
At the same time, the reported flaws have an effect on the System Management Mode (SMM) of the firmware, allowing locally authenticated attackers to exploit system management interrupt (SMI) vulnerabilities to gain arbitrary code execution.
The term “System Management Mode” refers to a special-purpose CPU mode in x86 microcontrollers, that is meant for performing system-wide functions such as power management, hardware control, thermal monitoring, and other proprietary manufacturer-developed code.
At runtime, a non-maskable interrupt (SMI) executes SMM code installed by the BIOS whenever one of these operations is requested. Persistent firmware implants can be easily deployed using SMM code since it runs at the highest privilege level and is completely invisible to the operating system.
Researchers at Binarly explain that, as more and more flaws are found, they lead to “repeatable failures” in input sanitation or insecure coding practices in general. A complex codebase or the support for legacy components that have received less attention but are still widely deployed in the field are to blame for these issues. In many circumstances, the same vulnerability can be addressed many times, yet the attack surface’s complexity leaves open holes for malicious exploitation.
Dell has advised its customers to upgrade their BIOS as soon as possible on Alienware, Inspiron, Vostro, and Edge Gateway 3000 Series computers in response to the vulnerability disclosure.
Leave a Comment