Vulnerability Description
Dell BIOS contains a Stack based buffer overflow vulnerability. A local authenticated attacker could potentially exploit this vulnerability by using an SMI to send larger than expected input to a parameter to gain arbitrary code execution in SMRAM.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Dell | Alienware M15 R6 Firmware | < 1.17.0 |
| Dell | Alienware M15 R6 | - |
| Dell | Alienware M15 R7 Firmware | < 1.4.3 |
| Dell | Alienware M15 R7 | - |
| Dell | Alienware M15 Ryzen Edition R5 Firmware | < 1.8.0 |
| Dell | Alienware M15 Ryzen Edition R5 | - |
| Dell | Alienware M17 R5 Amd Firmware | < 1.4.3 |
| Dell | Alienware M17 R5 Amd | - |
| Dell | G15 5510 Firmware | < 1.16.0 |
| Dell | G15 5510 | - |
| Dell | G15 5511 Firmware | < 1.18.0 |
| Dell | G15 5511 | - |
| Dell | G15 5515 Firmware | < 1.8.0 |
| Dell | G15 5515 | - |
| Dell | G15 5525 Firmware | < 1.4.3 |
| Dell | G15 5525 | - |
| Dell | G5 Se 5505 Firmware | < 1.13.0 |
| Dell | G5 Se 5505 | - |
| Dell | Inspiron 14 5410 2-In-1 Firmware | < 2.15.2 |
| Dell | Inspiron 14 5410 2-In-1 | - |
Related Weaknesses (CWE)
References
- https://www.dell.com/support/kbdoc/000205716Vendor Advisory
- https://www.dell.com/support/kbdoc/000205716Vendor Advisory
FAQ
What is CVE-2022-34403?
CVE-2022-34403 is a vulnerability with a CVSS score of 7.5 (HIGH). Dell BIOS contains a Stack based buffer overflow vulnerability. A local authenticated attacker could potentially exploit this vulnerability by using an SMI to send larger than expected input to a par...
How severe is CVE-2022-34403?
CVE-2022-34403 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-34403?
Check the references section above for vendor advisories and patch information. Affected products include: Dell Alienware M15 R6 Firmware, Dell Alienware M15 R6, Dell Alienware M15 R7 Firmware, Dell Alienware M15 R7, Dell Alienware M15 Ryzen Edition R5 Firmware.