CVE-2022-34400

CWE-122 — Heap-based Buffer Overflow CWE-787 — Out-of-bounds Write3 documents3 sources

Severity

7.1HIGH

EPSS

0.1%

top 84.37%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Dell Alienware M15 R6 Firmware Dell Alienware M15 R7 Firmware Dell Alienware M15 Ryzen Edition R5 Firmware +81 more

Timeline

PublishedFeb 1

Description

Dell BIOS contains a heap buffer overflow vulnerability. A local attacker with admin privileges could potentially exploit this vulnerability to perform an arbitrary write to SMRAM during SMM.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:HExploitability: 1.8 | Impact: 5.2

Affected Packages84 packages

▶CVEListV5dell/cpg_bios2.15.2

▶NVDdell/g15_5510_firmware< 1.16.0

▶NVDdell/g15_5511_firmware< 1.18.0

▶NVDdell/g15_5515_firmware< 1.8.0

▶NVDdell/g15_5525_firmware< 1.4.3

🔴Vulnerability Details

CVEList

CVE-2022-34400: Dell BIOS contains a heap buffer overflow vulnerability↗2023-02-01

▶

GHSA

GHSA-vjh9-8m4p-gh99: Dell BIOS contains a heap buffer overflow vulnerability↗2023-02-01

▶