CVE-2022-26864 — Improper Input Validation in Dell CPG Bios

CWE-20 — Improper Input Validation3 documents3 sources

Severity

7.8HIGHNVD

CNA6.3

EPSS

0.0%

top 89.23%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Dell CPG Bios Dell Alienware M15 R5 Firmware Dell G15 5515 Firmware +32 more

Timeline

PublishedJun 23

Latest updateJun 24

Description

Prior Dell BIOS versions contain an Input Validation vulnerability. A locally authenticated malicious user could potentially exploit this vulnerability by sending malicious input to an SMI in order to bypass security controls in SMM.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages35 packages

▶CVEListV5dell/cpg_biosunspecified — 1.5.0

▶NVDdell/g15_5515_firmware< 1.6.0

▶NVDdell/g5_se_5505_firmware< 1.11.0

▶NVDdell/vostro_3405_firmware< 1.6.0

▶NVDdell/vostro_3515_firmware< 1.5.0

🔴Vulnerability Details

GHSA

GHSA-rw55-9h5c-57pv: Prior Dell BIOS versions contain an Input Validation vulnerability↗2022-06-24

▶

CVEList

CVE-2022-26864: Prior Dell BIOS versions contain an Input Validation vulnerability↗2022-06-23

▶