Vulnerability Description
Dell BIOS contains a heap buffer overflow vulnerability. A local attacker with admin privileges could potentially exploit this vulnerability to perform an arbitrary write to SMRAM during SMM.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Dell | Alienware M15 R6 Firmware | < 1.17.0 |
| Dell | Alienware M15 R6 | - |
| Dell | Alienware M15 R7 Firmware | < 1.4.3 |
| Dell | Alienware M15 R7 | - |
| Dell | Alienware M15 Ryzen Edition R5 Firmware | < 1.8.0 |
| Dell | Alienware M15 Ryzen Edition R5 | - |
| Dell | Alienware M17 R5 Amd Firmware | < 1.4.3 |
| Dell | Alienware M17 R5 Amd | - |
| Dell | G15 5510 Firmware | < 1.16.0 |
| Dell | G15 5510 | - |
| Dell | G15 5511 Firmware | < 1.18.0 |
| Dell | G15 5511 | - |
| Dell | G15 5515 Firmware | < 1.8.0 |
| Dell | G15 5515 | - |
| Dell | G15 5525 Firmware | < 1.4.3 |
| Dell | G15 5525 | - |
| Dell | G5 Se 5505 Firmware | < 1.13.0 |
| Dell | G5 Se 5505 | - |
| Dell | Inspiron 14 5410 2-In-1 Firmware | < 2.15.2 |
| Dell | Inspiron 14 5410 2-In-1 | - |
Related Weaknesses (CWE)
References
- https://www.dell.com/support/kbdoc/en-us/000205716/dsa-2022-327Vendor Advisory
- https://www.dell.com/support/kbdoc/en-us/000205716/dsa-2022-327Vendor Advisory
FAQ
What is CVE-2022-34400?
CVE-2022-34400 is a vulnerability with a CVSS score of 7.1 (HIGH). Dell BIOS contains a heap buffer overflow vulnerability. A local attacker with admin privileges could potentially exploit this vulnerability to perform an arbitrary write to SMRAM during SMM.
How severe is CVE-2022-34400?
CVE-2022-34400 has been rated HIGH with a CVSS base score of 7.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-34400?
Check the references section above for vendor advisories and patch information. Affected products include: Dell Alienware M15 R6 Firmware, Dell Alienware M15 R6, Dell Alienware M15 R7 Firmware, Dell Alienware M15 R7, Dell Alienware M15 Ryzen Edition R5 Firmware.