Vulnerability Description
Prior Dell BIOS versions contain an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Dell | G5 Se 5505 Firmware | < 1.12.1 |
| Dell | G5 Se 5505 | - |
| Dell | Inspiron 27 7775 Firmware | < 2.17.0 |
| Dell | Inspiron 27 7775 | - |
| Dell | Inspiron 3180 Firmware | < 1.5.0 |
| Dell | Inspiron 3180 | - |
| Dell | Inspiron 3185 Firmware | < 1.5.0 |
| Dell | Inspiron 3185 | - |
| Dell | Inspiron 3195 2-In-1 Firmware | < 1.5.0 |
| Dell | Inspiron 3195 2-In-1 | - |
| Dell | Inspiron 3275 Firmware | < 1.9.1 |
| Dell | Inspiron 3275 | - |
| Dell | Inspiron 3475 Firmware | < 1.9.1 |
| Dell | Inspiron 3475 | - |
| Dell | Inspiron 3505 Firmware | < 1.8.0 |
| Dell | Inspiron 3505 | - |
| Dell | Inspiron 3515 Firmware | < 1.7.0 |
| Dell | Inspiron 3515 | - |
| Dell | Inspiron 3585 Firmware | < 1.9.0 |
| Dell | Inspiron 3585 | - |
Related Weaknesses (CWE)
References
- https://www.dell.com/support/kbdoc/000204686Vendor Advisory
- https://www.dell.com/support/kbdoc/000204686Vendor Advisory
FAQ
What is CVE-2022-34460?
CVE-2022-34460 is a vulnerability with a CVSS score of 7.5 (HIGH). Prior Dell BIOS versions contain an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code exe...
How severe is CVE-2022-34460?
CVE-2022-34460 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-34460?
Check the references section above for vendor advisories and patch information. Affected products include: Dell G5 Se 5505 Firmware, Dell G5 Se 5505, Dell Inspiron 27 7775 Firmware, Dell Inspiron 27 7775, Dell Inspiron 3180 Firmware.