CVE-2022-34403

moderate-risk

Published 2023-02-01

Dell BIOS contains a Stack based buffer overflow vulnerability. A local authenticated attacker could potentially exploit this vulnerability by using an SMI to send larger than expected input to a parameter to gain arbitrary code execution in SMRAM.

Do I need to act?

0.05% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 7.5/10 High

LOCAL / HIGH complexity

Affected Products (20)

Alienware M15 R6 Firmware

Alienware M15 R7 Firmware

Alienware M15 Ryzen Edition R5 Firmware

Alienware M17 R5 Amd Firmware

G15 5510 Firmware

G15 5511 Firmware

G15 5515 Firmware

G15 5525 Firmware

G5 Se 5505 Firmware

Inspiron 14 5410 2-In-1 Firmware

Inspiron 15 3511 Firmware

Inspiron 3195 2-In-1 Firmware

Inspiron 3275 Firmware

Inspiron 3475 Firmware

Inspiron 3505 Firmware

Inspiron 3515 Firmware

Inspiron 3525 Firmware

Inspiron 3585 Firmware

Inspiron 3595 Firmware

Inspiron 3785 Firmware

Affected Vendors

Dell

References (2)

Vendor Advisory https://www.dell.com/support/kbdoc/000205716

/ 100

moderate-risk

Severity 20/34 · Moderate

Exploitability 0/34 · Minimal

Exposure 29/34 · Critical