CVE-2022-34399

EPSS 0.04%
Published 18.01.2023 12:15:10
Last modified 21.11.2024 07:09:26
Source security_alert@emc.com
Teams watchlist Login
Open Login

Dell Alienware m17 R5 BIOS version prior to 1.2.2 contain a buffer access vulnerability. A malicious user with admin privileges could potentially exploit this vulnerability by sending input larger than expected in order to leak certain sections of SMRAM.

Affected products Warnungen 0 Metrics 3 CWE 2 References 4

Data is provided by the National Vulnerability Database (NVD)

Dell ≫ Alienware M15 A6 Firmware Version < 1.4.3

Dell ≫ Alienware M15 A6 Version-

Dell ≫ Alienware M15 Ryzen Edition R5 Firmware Version < 1.8.0

Dell ≫ Alienware M15 Ryzen Edition R5 Version-

Dell ≫ Alienware M17 Ryzen Edition R5 Firmware Version < 1.4.3

Dell ≫ Alienware M17 Ryzen Edition R5 Version-

Dell ≫ G15 5515 Firmware Version < 1.8.0

Dell ≫ G15 5515 Version-

Dell ≫ G15 5525 Firmware Version < 1.4.3

Dell ≫ G15 5525 Version-

Dell ≫ Inspiron 3505 Firmware Version < 1.9.0

Dell ≫ Inspiron 3505 Version-

Dell ≫ Inspiron 3515 Firmware Version < 1.9.0

Dell ≫ Inspiron 3515 Version-

Dell ≫ Inspiron 3525 Firmware Version < 1.5.0

Dell ≫ Inspiron 3525 Version-

Dell ≫ Inspiron 3585 Firmware Version < 1.10.0

Dell ≫ Inspiron 3585 Version-

Dell ≫ Inspiron 3595 Firmware Version < 1.5.0

Dell ≫ Inspiron 3595 Version-

Dell ≫ Inspiron 3785 Firmware Version < 1.10.0

Dell ≫ Inspiron 3785 Version-

Dell ≫ Vostro 3405 Firmware Version < 1.9.0

Dell ≫ Vostro 3405 Version-

Dell ≫ Vostro 3425 Firmware Version < 1.5.0

Dell ≫ Vostro 3425 Version-

Dell ≫ Vostro 3515 Firmware Version < 1.9.0

Dell ≫ Vostro 3515 Version-

Dell ≫ Vostro 3525 Firmware Version < 1.5.0

Dell ≫ Vostro 3525 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.04%	0.099

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	2.3	0.8	1.4	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
security_alert@emc.com	5.1	0.8	4.2	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:N

CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

CWE-805 Buffer Access with Incorrect Length Value

The product uses a sequential operation to read or write a buffer, but it uses an incorrect length value that causes it to access memory that is outside of the bounds of the buffer.

https://www.dell.com/support/kbdoc/en-us/000205329/dsa-2022-317-dell-client-security-update-for-dell-client-bios

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2022-34399

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-34399

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-34399

EUVD