CVE-2022-31226

moderate-risk

Published 2022-09-12

Dell BIOS versions contain a Stack-based Buffer Overflow vulnerability. A local authenticated malicious user could potentially exploit this vulnerability by sending excess data to a function in order to gain arbitrary code execution on the system.

Do I need to act?

0.06% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 7.1/10 High

LOCAL / LOW complexity

Affected Products (20)

Chengming 3900 Firmware

Inspiron 14 Plus 7420 Firmware

Inspiron 16 Plus 7620 Firmware

Inspiron 3910 Firmware

Inspiron 5320 Firmware

Inspiron 5420 Firmware

Inspiron 5620 Firmware

Inspiron 7420 Firmware

Inspiron 7620 Firmware

Optiplex 3000 Firmware

Optiplex 3000 Thin Client Firmware

Optiplex 5000 Firmware

Optiplex 5400 Firmware

Optiplex 7000 Firmware

Optiplex 7000 Oem Firmware

Optiplex 7400 Firmware

Precision 3460 Small Form Factor Firmware

Precision 3660 Tower Firmware

Precision 5770 Firmware

Vostro 3710 Firmware

Affected Vendors

Dell

References (2)

Patch https://www.dell.com/support/kbdoc/000202196

/ 100

moderate-risk

Severity 22/34 · High

Exploitability 0/34 · Minimal

Exposure 21/34 · High