On March 10, Dell announced patches for five SMM vulnerabilities in the UEFI – the successor of the BIOS firmware interface – of 45 device models, including multiple Alienware, Inspiron, and Vostro laptop models.
Tracked as CVE-2022-24415, CVE-2022-24416, CVE-2022-24419, CVE-2022-24420, and CVE-2022-24421, the high-severity security bugs (CVSS score of 8.2) are described as improper input validation issues that could allow a local, authenticated attacker to execute arbitrary code on the vulnerable system.
Starting mid-February, Dell has made UEFI updates available for all of the impacted devices, including laptops, edge gateways, and embedded box PCs. Customers are advised to apply the updates as soon as possible.