Vulnerability Description
Dell BIOS contains a stack based buffer overflow vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to send larger than expected input to a parameter in order to gain arbitrary code execution in SMRAM.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Dell | Alienware M15 A6 Firmware | < 1.4.3 |
| Dell | Alienware M15 A6 | - |
| Dell | Alienware M17 R5 Firmware | < 1.4.3 |
| Dell | Alienware M17 R5 | - |
| Dell | G15 5525 Firmware | < 1.4.3 |
| Dell | G15 5525 | - |
Related Weaknesses (CWE)
References
- https://www.dell.com/support/kbdoc/000204679Vendor Advisory
- https://www.dell.com/support/kbdoc/000204679Vendor Advisory
FAQ
What is CVE-2022-34401?
CVE-2022-34401 is a vulnerability with a CVSS score of 7.5 (HIGH). Dell BIOS contains a stack based buffer overflow vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to send larger than expected input to a...
How severe is CVE-2022-34401?
CVE-2022-34401 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-34401?
Check the references section above for vendor advisories and patch information. Affected products include: Dell Alienware M15 A6 Firmware, Dell Alienware M15 A6, Dell Alienware M17 R5 Firmware, Dell Alienware M17 R5, Dell G15 5525 Firmware.