CVE-2022-34412

Name: CVE-2022-34412
Creator: NVD / NIST
Published: 2023-03-16T12:15:10.353+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

MEDIUMCVSS 6.7/10EPSS 0.21%

Last modified Jun 17, 2026

CVE-2022-34412 is a medium-severity vulnerability rated 6.7/10 on the CVSS scale. Dell PowerEdge BIOS and Dell Precision BIOS contain an Improper SMM communication buffer verification vulnerability. A local malicious user with high Privileges may potentially exploit this vulnerability to perform arbitrary code execution or cause denial of service. . EPSS estimates a 0.21% chance of exploitation in the next 30 days.

Description

Dell PowerEdge BIOS and Dell Precision BIOS contain an Improper SMM communication buffer verification vulnerability. A local malicious user with high Privileges may potentially exploit this vulnerability to perform arbitrary code execution or cause denial of service.

Metrics

CVSS 3.1

6.7/10

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

EPSS Probability

0.21%

10.9th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

Vendor	Product	Versions
Dell	R6515 Firmware	< 2.9.3
Dell	R7515 Firmware	< 2.9.3
Dell	R6525 Firmware	< 2.9.3
Dell	R7525 Firmware	< 2.9.3
Dell	Xe8545 Firmware	< 2.9.4
Dell	C6525 Firmware	All versions
Dell	R6415 Firmware	< 1.19.0
Dell	R7415 Firmware	< 1.19.0
Dell	R7425 Firmware	< 1.19.0
Dell	R750 Firmware	< 1.8.2
Dell	R750xa Firmware	< 1.8.2
Dell	R650 Firmware	< 1.8.2
Dell	C6520 Firmware	< 1.8.2
Dell	Mx750c Firmware	< 1.8.2
Dell	R450 Firmware	< 1.8.2
Dell	R550 Firmware	< 1.8.2
Dell	R650xs Firmware	< 1.8.2
Dell	R750xs Firmware	< 1.8.2
Dell	T550 Firmware	< 1.8.2
Dell	Xr11 Firmware	< 1.8.2
Dell	Xr12 Firmware	< 1.8.2
Dell	R250 Firmware	< 1.4.2
Dell	R350 Firmware	< 1.4.2
Dell	T150 Firmware	< 1.4.2
Dell	T350 Firmware	< 1.4.2
Dell	R740 Firmware	< 2.16.1
Dell	R740xd Firmware	< 2.16.1
Dell	R640 Firmware	< 2.16.1
Dell	R940 Firmware	< 2.16.1
Dell	R540 Firmware	< 2.16.1
Dell	R440 Firmware	< 2.16.1
Dell	T440 Firmware	< 2.16.1
Dell	Xr2 Firmware	< 2.16.1
Dell	R740xd2 Firmware	< 2.16.1
Dell	R840 Firmware	< 2.16.1
Dell	R940xa Firmware	< 2.16.1
Dell	T640 Firmware	< 2.16.1
Dell	C6420 Firmware	< 2.16.1
Dell	Fc640 Firmware	< 2.16.1
Dell	M640 Firmware	< 2.16.1
Dell	M640p Firmware	< 2.16.1
Dell	Mx740c Firmware	< 2.16.1
Dell	Mx840c Firmware	< 2.16.1
Dell	C4140 Firmware	< 2.16.1
Dell	Dss8440 Firmware	< 2.16.1
Dell	T140 Firmware	< 2.11.1
Dell	T340 Firmware	< 2.11.1
Dell	R240 Firmware	< 2.11.1
Dell	R340 Firmware	< 2.11.1
Dell	Xe2420 Firmware	< 2.16.0

Showing 50 of 80 affected configurations. See NVD for the full list.

References

Timeline

Published: Mar 16, 2023
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2022-34412?

How severe is CVE-2022-34412?

CVE-2022-34412 has a CVSS score of 6.7/10 (MEDIUM severity). The EPSS model estimates a 0.21% probability of exploitation in the next 30 days.

How do I fix CVE-2022-34412?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2022-34412?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST