CVE-2022-34390 — Use of Uninitialized Variable in Dell CPG Bios

CWE-457 — Use of Uninitialized Variable CWE-908 — Use of Uninitialized Resource3 documents3 sources

Severity

7.8HIGHNVD

CNA7.5

EPSS

0.0%

top 84.86%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Dell CPG Bios Dell Alienware Area-51 R4 Firmware Dell Alienware Area-51 R5 Firmware

Timeline

PublishedOct 12

Latest updateOct 13

Description

Dell BIOS contains a use of uninitialized variable vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages3 packages

▶CVEListV5dell/cpg_biosunspecified — 8 MSI Platforms

▶NVDdell/alienware_area-51_r4_firmware< 2.0.6

▶NVDdell/alienware_area-51_r5_firmware< 2.0.6

🔴Vulnerability Details

GHSA

GHSA-g9fm-c939-xc3q: Dell BIOS contains a use of uninitialized variable vulnerability↗2022-10-13

▶

CVEList

CVE-2022-34390: Dell BIOS contains a use of uninitialized variable vulnerability↗2022-10-12

▶