CVE-2022-34400

high-risk

Published 2023-02-01

Dell BIOS contains a heap buffer overflow vulnerability. A local attacker with admin privileges could potentially exploit this vulnerability to perform an arbitrary write to SMRAM during SMM.

Do I need to act?

0.05% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 7.1/10 High

LOCAL / LOW complexity

Affected Products (20)

Alienware M15 R6 Firmware

Alienware M15 R7 Firmware

Alienware M15 Ryzen Edition R5 Firmware

Alienware M17 R5 Amd Firmware

G15 5510 Firmware

G15 5511 Firmware

G15 5515 Firmware

G15 5525 Firmware

G5 Se 5505 Firmware

Inspiron 14 5410 2-In-1 Firmware

Inspiron 15 3511 Firmware

Inspiron 3195 2-In-1 Firmware

Inspiron 3275 Firmware

Inspiron 3475 Firmware

Inspiron 3505 Firmware

Inspiron 3515 Firmware

Inspiron 3525 Firmware

Inspiron 3585 Firmware

Inspiron 3595 Firmware

Inspiron 3785 Firmware

Affected Vendors

Dell

References (2)

Vendor Advisory https://www.dell.com/support/kbdoc/en-us/000205716/dsa-2022-327

/ 100

high-risk

Severity 22/34 · High

Exploitability 0/34 · Minimal

Exposure 29/34 · Critical