CVE-2022-34391 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Dell CPG Bios

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer3 documents3 sources

Severity

7.8HIGHNVD

CNA7.5

EPSS

0.0%

top 84.86%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Dell CPG Bios Dell Alienware Area-51 R4 Firmware Dell Alienware Area-51 R5 Firmware

Timeline

PublishedOct 12

Latest updateOct 13

Description

Dell Client BIOS Versions prior to the remediated version contain an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages3 packages

▶CVEListV5dell/cpg_biosunspecified — 1.2.15

▶NVDdell/alienware_area-51_r4_firmware< 2.0.6

▶NVDdell/alienware_area-51_r5_firmware< 2.0.6

🔴Vulnerability Details

GHSA

GHSA-xvm4-x6jf-7p35: Dell Client BIOS Versions prior to the remediated version contain an improper input validation vulnerability↗2022-10-13

▶

CVEList

CVE-2022-34391: Dell Client BIOS Versions prior to the remediated version contain an improper input validation vulnerability↗2022-10-12

▶