Firmware security company Binarly has discovered three new arbitrary code execution vulnerabilities in the System Management Mode components on Dell devices. All three memory corruption flaws in Dell BIOS have been assigned "high" severity ratings and a score of 8.2 on the Common Vulnerability Score System (CVSS).
Running SMM bypasses built-in protections against modifications, which means attackers could potentially install firmware backdoors into the BIOS. The security issues, if exploited, could also be used to bypass the controls in the Unified Extensible Firmware Interface (UEFI) firmware ecosystem (the software interface between the system's operating system and platform firmware) such as Secure Boot and memory isolating for hypervisors.
According to Binarly, exploitation can allow a locally authenticated user to elevate privileges and execute arbitrary code in SMM to install modified firmware or backdoors. Once the firmware has been modified, detecting and removing the malicious code becomes more difficult, Binarly notes.
Affected devices include Dell Edge Gateway 3000 and Dell Inspiron 15 Gaming 7567, Binarly says. Dell has updated the BIOS to address the issues (CVE-2022-24420, CVE-2022-24421, CVE-2022-24419), and organizations are encouraged to download and update "at the earliest opportunity."
The latest vulnerability announcement comes just a month after Binarly's security research team managed the coordinated disclosure of 16 high severity vulnerabilities in HP devices and 23 issues impacting major enterprise vendors.
Binarly refers to all these vulnerabilities as "repeatable failures" because of the lack of input sanitization and insecure coding practices. The complexity of the codebase and the widespread adoption makes it difficult to completely address the issues as they are found. The complexity of the firmware supply chain leads to "an almost infinite source of vulnerabilities," Binarly says in its blog post discussing the latest flaws.
"In many cases, the same vulnerability can be fixed over multiple iterations, and still, the complexity of the attack surface leaves open gaps for malicious exploitation," Binarly says.