CVE-2022-34391

Published: Oct 12, 2022Modified: Nov 21, 2024

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

Dell Client BIOS Versions prior to the remediated version contain an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM.

Affected (2)

Products: Dell: Alienware Area 51 R5 Firmware, Alienware Area 51 R4 Firmware

Dell

2 products

Alienware Area 51 R5 Firmware

Alienware Area 51 R4 Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dell Alienware Area 51 R5 Firmware	Before 2.0.6

Running on/with	Platform Versions
Dell Alienware Area 51 R5	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dell Alienware Area 51 R4 Firmware	Before 2.0.6

Running on/with	Platform Versions
Dell Alienware Area 51 R4	All versions

Related CWEs

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

References (2)

https://www.dell.com/support/kbdoc/000203882

Source: security_alert@emc.com

Vendor Advisory

https://www.dell.com/support/kbdoc/000203882

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.