CVE-2023-28075

CWE-3673 documents3 sources

Severity

6.3MEDIUM

EPSS

0.0%

top 89.81%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

243

Dell Alienware M15 R7 Firmware Dell Alienware M16 Firmware Dell Alienware M18 Firmware +240 more

Timeline

PublishedAug 16

Description

Dell BIOS contain a Time-of-check Time-of-use vulnerability in BIOS. A local authenticated malicious user with physical access to the system could potentially exploit this vulnerability by using a specifically timed DMA transaction during an SMI in order to gain arbitrary code execution on the system.

CVSS vector

CVSS:3.1/AV:P/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:HExploitability: 0.3 | Impact: 6.0

Affected Packages243 packages

▶CVEListV5dell/cpg_biosAll Versions

▶NVDdell/g3_3500_firmware< 1.26.0

▶NVDdell/g15_5520_firmware< 1.18.0

▶NVDdell/g16_7620_firmware< 1.18.0

▶NVDdell/wyse_5470_firmware< 1.20.0

🔴Vulnerability Details

GHSA

GHSA-4frm-gc48-jwjx: Dell BIOS contain a Time-of-check Time-of-use vulnerability in BIOS↗2023-08-16

▶

CVEList

CVE-2023-28075: Dell BIOS contain a Time-of-check Time-of-use vulnerability in BIOS↗2023-08-16

▶