CVE-2022-34403 — Stack-based Buffer Overflow in Dell Alienware M15 R6 Firmware

CWE-121 — Stack-based Buffer Overflow CWE-787 — Out-of-bounds Write3 documents3 sources

Severity

8.8HIGHNVD

CNA7.5

EPSS

0.1%

top 83.72%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Dell Alienware M15 R6 Firmware Dell Alienware M15 R7 Firmware Dell Alienware M15 Ryzen Edition R5 Firmware +81 more

Timeline

PublishedFeb 1

Description

Dell BIOS contains a Stack based buffer overflow vulnerability. A local authenticated attacker could potentially exploit this vulnerability by using an SMI to send larger than expected input to a parameter to gain arbitrary code execution in SMRAM.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:HExploitability: 2.0 | Impact: 6.0

Affected Packages84 packages

▶CVEListV5dell/cpg_bios2.15.2

▶NVDdell/g15_5510_firmware< 1.16.0

▶NVDdell/g15_5511_firmware< 1.18.0

▶NVDdell/g15_5515_firmware< 1.8.0

▶NVDdell/g15_5525_firmware< 1.4.3

🔴Vulnerability Details

GHSA

GHSA-f4vh-w8qv-cvrw: Dell BIOS contains a Stack based buffer overflow vulnerability↗2023-02-01

▶

CVEList

CVE-2022-34403: Dell BIOS contains a Stack based buffer overflow vulnerability↗2023-02-01

▶