CVE-2022-24417 — Improper Input Validation in Dell CPG Bios

CWE-20 — Improper Input Validation3 documents3 sources

Severity

6.7MEDIUMNVD

CNA7.5

EPSS

0.0%

top 85.27%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Dell CPG Bios Dell G5 5505 Firmware Dell Inspiron 22-3275 Firmware +26 more

Timeline

PublishedMay 26

Latest updateMay 27

Description

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution during SMM.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 0.8 | Impact: 5.9

Affected Packages29 packages

▶CVEListV5dell/cpg_biosunspecified — 1.10.0

▶NVDdell/vostro_3405_firmware< 1.5.0

▶NVDdell/vostro_3515_firmware< 1.4.0

▶NVDdell/vostro_5415_firmware< 1.7.1

▶NVDdell/vostro_5515_firmware< 1.7.1

🔴Vulnerability Details

GHSA

GHSA-mcfm-qpjr-xxm3: Dell BIOS contains an improper input validation vulnerability↗2022-05-27

▶

CVEList

CVE-2022-24417: Dell BIOS contains an improper input validation vulnerability↗2022-05-26

▶