CVE-2021-21574 — Stack-based Buffer Overflow in Dell Biosconnect

CWE-121 — Stack-based Buffer Overflow CWE-787 — Out-of-bounds Write3 documents3 sources

Severity

7.5HIGHNVD

CNA7.2

EPSS

0.1%

top 74.73%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

129

Dell Biosconnect Dell Alienware M15 R6 Firmware Dell Chengming 3990 Firmware +126 more

Timeline

PublishedJun 24

Latest updateMay 24

Description

Dell BIOSConnect feature contains a buffer overflow vulnerability. An authenticated malicious admin user with local access to the system may potentially exploit this vulnerability to run arbitrary code and bypass UEFI restrictions.

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:HExploitability: 0.8 | Impact: 6.0

Affected Packages129 packages

▶CVEListV5dell/biosconnectunspecified — Gen 11, Gen 10

▶NVDdell/g5_5500_firmware< 1.9.0

▶NVDdell/g7_7500_firmware< 1.9.0

▶NVDdell/g7_7700_firmware< 1.9.0

▶NVDdell/g15_5510_firmware< 1.4.0

🔴Vulnerability Details

GHSA

GHSA-666g-rqqj-3462: Dell BIOSConnect feature contains a buffer overflow vulnerability↗2022-05-24

▶

CVEList

CVE-2021-21574: Dell BIOSConnect feature contains a buffer overflow vulnerability↗2021-06-24

▶