4.4
CVE-2022-31222
- EPSS 0.18%
- Veröffentlicht 12.09.2022 19:15:09
- Zuletzt bearbeitet 21.11.2024 07:04:10
- Quelle security_alert@emc.com
- CVE-Watchlists
- Unerledigt
Dell BIOS versions contain a Missing Release of Resource after Effective Lifetime vulnerability. A local authenticated administrator user could potentially exploit this vulnerability by consuming excess memory in order to cause the application to crash.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Dell ≫ Chengming 3900 Firmware Version < 1.1.66
Dell ≫ Inspiron 14 Plus 7420 Firmware Version < 1.2.0
Dell ≫ Inspiron 16 Plus 7620 Firmware Version < 1.2.0
Dell ≫ Inspiron 3910 Firmware Version < 1.1.66
Dell ≫ Inspiron 5320 Firmware Version < 1.1.0
Dell ≫ Inspiron 5420 Firmware Version < 1.4.1
Dell ≫ Inspiron 5620 Firmware Version < 1.4.1
Dell ≫ Inspiron 7420 Firmware Version < 1.3.0
Dell ≫ Inspiron 7620 Firmware Version < 1.3.0
Dell ≫ Optiplex 3000 Firmware Version < 1.1.66
Dell ≫ Optiplex 3000 Thin Client Firmware Version < 1.0.7
Dell ≫ Optiplex 5000 Firmware Version < 1.3.62
Dell ≫ Optiplex 5400 Firmware Version < 1.0.13
Dell ≫ Optiplex 7000 Firmware Version < 1.3.62
Dell ≫ Optiplex 7000 Oem Firmware Version < 1.3.62
Dell ≫ Optiplex 7400 Firmware Version < 1.0.13
Dell ≫ Precision 3460 Small Form Factor Firmware Version < 1.3.62
Dell ≫ Precision 3660 Tower Firmware Version < 1.3.71
Dell ≫ Precision 5770 Firmware Version < 1.6.0
Dell ≫ Vostro 3710 Firmware Version < 1.1.66
Dell ≫ Vostro 3910 Firmware Version < 1.1.66
Dell ≫ Vostro 5320 Firmware Version < 1.1.0
Dell ≫ Vostro 5620 Firmware Version < 1.4.1
Dell ≫ Vostro 7620 Firmware Version < 1.2.0
Dell ≫ Xps 17 9720 Firmware Version < 1.6.0
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.18% | 0.073 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 4.4 | 0.8 | 3.6 |
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
|
| security_alert@emc.com | 2.3 | 0.8 | 1.4 |
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L
|
CWE-401 Missing Release of Memory after Effective Lifetime
The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse.
CWE-772 Missing Release of Resource after Effective Lifetime
The product does not release a resource after its effective lifetime has ended, i.e., after the resource is no longer needed.
https://www.dell.com/support/kbdoc/000202196