CVE-2022-22566

CWE-11903 documents3 sources

Severity

7.2HIGH

EPSS

0.0%

top 87.22%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

215

Dell CPG Bios Dell Alienware Area 51M R1 Firmware Dell Alienware Area 51M R2 Firmware +212 more

Timeline

PublishedFeb 9

Latest updateFeb 10

Description

Select Dell Client Commercial and Consumer platforms contain a pre-boot direct memory access (DMA) vulnerability. An authenticated attacker with physical access to the system may potentially exploit this vulnerability in order to execute arbitrary code on the device.

CVSS vector

CVSS:3.1/AV:P/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:HExploitability: 0.3 | Impact: 6.0

Affected Packages215 packages

▶CVEListV5dell/cpg_biosunspecified — 1.15

▶NVDdell/g3_3500_firmware< 1.12.0

▶NVDdell/g3_3590_firmware< 1.14.0

▶NVDdell/g5_5000_firmware< 1.4.0

▶NVDdell/g5_5500_firmware< 1.12.0

🔴Vulnerability Details

GHSA

GHSA-q4rx-2jfq-q5g9: Select Dell Client Commercial and Consumer platforms contain a pre-boot direct memory access (DMA) vulnerability↗2022-02-10

▶

CVEList

CVE-2022-22566: Select Dell Client Commercial and Consumer platforms contain a pre-boot direct memory access (DMA) vulnerability↗2022-02-09

▶