CVE-2022-26861
published 2022-09-06CVE-2022-26861: Dell BIOS versions contain an Insecure Automated Optimization vulnerability. A local authenticated malicious user could exploit this vulnerability by sending…
high7.8CVSS 3.1
AVLACLPRLUINSUCHIHAH
Dell BIOS versions contain an Insecure Automated Optimization vulnerability. A local authenticated malicious user could exploit this vulnerability by sending malicious input via SMI to obtain arbitrary code execution during SMM.
Affected
400 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| dell | alienware_m15_r6_firmware | < 1.8.0 | 1.8.0 |
| dell | chengming_3980_firmware | < 2.21.0 | 2.21.0 |
| dell | chengming_3988_firmware | < 1.9.0 | 1.9.0 |
| dell | chengming_3990_firmware | < 1.8.2 | 1.8.2 |
| dell | chengming_3991_firmware | < 1.8.2 | 1.8.2 |
| dell | cpg_bios | >= unspecified < Gen7, Gen8, Gen9, Gen10, Gen11, 21Q1-Q4 | Gen7, Gen8, Gen9, Gen10, Gen11, 21Q1-Q4 |
| dell | edge_gateway_3000_firmware | < 1.8.0 | 1.8.0 |
| dell | edge_gateway_5000_firmware | < 1.18.0 | 1.18.0 |
| dell | embedded_box_pc_3000_firmware | < 1.14.0 | 1.14.0 |
| dell | embedded_box_pc_5000_firmware | < 1.15.0 | 1.15.0 |
| dell | g15_5510_firmware | < 1.8.0 | 1.8.0 |
| dell | g15_5511_firmware | < 1.9.0 | 1.9.0 |
| dell | g3_15_3590_firmware | < 1.16.0 | 1.16.0 |
| dell | g3_3500_firmware | < 1.12.0 | 1.12.0 |
| dell | g3_3579_firmware | < 1.19.0 | 1.19.0 |
| dell | g5_15_5587_firmware | < 1.19.0 | 1.19.0 |
| dell | g5_15_5590_firmware | < 1.18.0 | 1.18.0 |
| dell | g5_5000_firmware | < 1.5.1 | 1.5.1 |
| dell | g5_5090_firmware | < 1.12.0 | 1.12.0 |
| dell | g5_5500_firmware | < 1.12.0 | 1.12.0 |
| dell | g7_17_7700_firmware | < 1.12.0 | 1.12.0 |
| dell | g7_17_7790_firmware | < 1.18.0 | 1.18.0 |
| dell | g7_7500_firmware | < 1.12.0 | 1.12.0 |
| dell | g7_7588_firmware | < 1.19.0 | 1.19.0 |
| dell | inspiron_13_5378_firmware | < 1.36.0 | 1.36.0 |