CVE-2022-32493 — Stack-based Buffer Overflow in Dell CPG Bios

CWE-121 — Stack-based Buffer Overflow CWE-787 — Out-of-bounds Write3 documents3 sources

Severity

7.8HIGHNVD

CNA6.0

EPSS

0.0%

top 87.10%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

291

Dell CPG Bios Dell Alienware Area 51M R1 Firmware Dell Alienware Area 51M R2 Firmware +288 more

Timeline

PublishedOct 12

Latest updateOct 13

Description

Dell BIOS contains an Stack-Based Buffer Overflow vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages291 packages

▶CVEListV5dell/cpg_biosunspecified — XPS 8940 BIOS (version: 2.5.1)

▶NVDdell/g3_3579_firmware< 1.22.0

▶NVDdell/g3_3779_firmware< 1.22.0

▶NVDdell/g5_5000_firmware< 1.10.0

▶NVDdell/g5_5090_firmware< 1.15.0

🔴Vulnerability Details

GHSA

GHSA-pp39-mm75-97q9: Dell BIOS contains an Stack-Based Buffer Overflow vulnerability↗2022-10-13

▶

CVEList

CVE-2022-32493: Dell BIOS contains an Stack-Based Buffer Overflow vulnerability↗2022-10-12

▶