Vulnerability Description
Dell BIOS contains a race condition vulnerability. A local attacker could exploit this vulnerability by sending malicious input via SMI in order to bypass security checks during SMM.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Dell | Alienware M15 R6 Firmware | < 1.8.0 |
| Dell | Alienware M15 R6 | - |
| Dell | Chengming 3980 Firmware | < 2.21.0 |
| Dell | Chengming 3980 | - |
| Dell | Chengming 3988 Firmware | < 1.9.0 |
| Dell | Chengming 3988 | - |
| Dell | Chengming 3990 Firmware | < 1.8.2 |
| Dell | Chengming 3990 | - |
| Dell | Chengming 3991 Firmware | < 1.8.2 |
| Dell | Chengming 3991 | - |
| Dell | G15 5510 Firmware | < 1.8.0 |
| Dell | G15 5510 | - |
| Dell | G15 5511 Firmware | < 1.9.0 |
| Dell | G15 5511 | - |
| Dell | G3 15 3590 Firmware | < 1.16.0 |
| Dell | G3 15 3590 | - |
| Dell | G3 3500 Firmware | < 1.12.0 |
| Dell | G3 3500 | - |
| Dell | G3 3579 Firmware | < 1.19.0 |
| Dell | G3 3579 | - |
Related Weaknesses (CWE)
References
- https://www.dell.com/support/kbdoc/000202194Vendor Advisory
- https://www.dell.com/support/kbdoc/000202194Vendor Advisory
FAQ
What is CVE-2022-26859?
CVE-2022-26859 is a vulnerability with a CVSS score of 6.1 (MEDIUM). Dell BIOS contains a race condition vulnerability. A local attacker could exploit this vulnerability by sending malicious input via SMI in order to bypass security checks during SMM.
How severe is CVE-2022-26859?
CVE-2022-26859 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-26859?
Check the references section above for vendor advisories and patch information. Affected products include: Dell Alienware M15 R6 Firmware, Dell Alienware M15 R6, Dell Chengming 3980 Firmware, Dell Chengming 3980, Dell Chengming 3988 Firmware.