Vulnerability Description
Dell BIOS versions contain a stack-based buffer overflow vulnerability. A local attacker could exploit this vulnerability by sending malicious input via SMI to bypass security checks resulting in arbitrary code execution in SMM.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Dell | Alienware M15 R6 Firmware | < 1.8.0 |
| Dell | Alienware M15 R6 | - |
| Dell | Chengming 3980 Firmware | < 2.21.0 |
| Dell | Chengming 3980 | - |
| Dell | Chengming 3988 Firmware | < 1.9.0 |
| Dell | Chengming 3988 | - |
| Dell | Chengming 3990 Firmware | < 1.8.2 |
| Dell | Chengming 3990 | - |
| Dell | Chengming 3991 Firmware | < 1.8.2 |
| Dell | Chengming 3991 | - |
| Dell | G15 5510 Firmware | < 1.8.0 |
| Dell | G15 5510 | - |
| Dell | G15 5511 Firmware | < 1.9.0 |
| Dell | G15 5511 | - |
| Dell | G3 15 3590 Firmware | < 1.16.0 |
| Dell | G3 15 3590 | - |
| Dell | G3 3500 Firmware | < 1.12.0 |
| Dell | G3 3500 | - |
| Dell | G3 3579 Firmware | < 1.19.0 |
| Dell | G3 3579 | - |
Related Weaknesses (CWE)
References
- https://www.dell.com/support/kbdoc/000202194Vendor Advisory
- https://www.dell.com/support/kbdoc/000202194Vendor Advisory
FAQ
What is CVE-2022-26860?
CVE-2022-26860 is a vulnerability with a CVSS score of 7.5 (HIGH). Dell BIOS versions contain a stack-based buffer overflow vulnerability. A local attacker could exploit this vulnerability by sending malicious input via SMI to bypass security checks resulting in arbi...
How severe is CVE-2022-26860?
CVE-2022-26860 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-26860?
Check the references section above for vendor advisories and patch information. Affected products include: Dell Alienware M15 R6 Firmware, Dell Alienware M15 R6, Dell Chengming 3980 Firmware, Dell Chengming 3980, Dell Chengming 3988 Firmware.