CVE-2022-34399

CWE-805 CWE-119 — Buffer Overflow3 documents3 sources

Severity

2.3LOW

EPSS

0.1%

top 83.66%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Dell CPG Bios Dell Alienware M15 A6 Firmware Dell Alienware M15 Ryzen Edition R5 Firmware +13 more

Timeline

PublishedJan 18

Description

Dell Alienware m17 R5 BIOS version prior to 1.2.2 contain a buffer access vulnerability. A malicious user with admin privileges could potentially exploit this vulnerability by sending input larger than expected in order to leak certain sections of SMRAM.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:NExploitability: 0.8 | Impact: 4.2

Affected Packages16 packages

▶CVEListV5dell/cpg_bios< 1.2.2

▶NVDdell/alienware_m15_a6_firmware< 1.4.3

▶NVDdell/alienware_m15_ryzen_edition_r5_firmware< 1.8.0

▶NVDdell/alienware_m17_ryzen_edition_r5_firmware< 1.4.3

▶NVDdell/g15_5515_firmware< 1.8.0

🔴Vulnerability Details

CVEList

CVE-2022-34399: Dell Alienware m17 R5 BIOS version prior to 1↗2023-01-18

▶

GHSA

GHSA-xcr3-2hg5-6c3w: Dell Alienware m17 R5 BIOS version prior to 1↗2023-01-18

▶