CVE-2022-34405

Published: Jan 26, 2023Modified: Nov 21, 2024

7.3

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

Exploitability: 1.3 / Impact: 5.9

Source: NVD

Description

An improper access control vulnerability was identified in the Realtek audio driver. A local authenticated malicious user may potentially exploit this vulnerability by waiting for an administrator to launch the application and attach to the process to elevate privileges on the system.

Affected (7)

Products: Dell: Realtek High Definition Audio Driver

Dell

1 product

Realtek High Definition Audio Driver

Configuration A

1 vulnerable · 2 platform

Vulnerable Software	Affected Versions
Dell Realtek High Definition Audio Driver	Before 6.0.9433.1

Running on/with	Platform Versions
Dell Alienware M15 Ryzen Edition R5	All versions
Dell G15 5515	All versions

Configuration B

1 vulnerable · 3 platform

Vulnerable Software	Affected Versions
Dell Realtek High Definition Audio Driver	Before 6.0.9400.1

Running on/with	Platform Versions
Dell Alienware M15 R6	All versions
Dell G15 5510	All versions
Dell G15 5511	All versions

Configuration C

1 vulnerable · 20 platform

Vulnerable Software	Affected Versions
Dell Realtek High Definition Audio Driver	Before 6.0.9394.1

Running on/with	Platform Versions
Dell Alienware Area 51m R1	All versions
Dell Alienware Area 51m R2	All versions
Dell Alienware Aurora R10	All versions
Dell Alienware Aurora R11	All versions
Dell Alienware Aurora R12	All versions
Dell Alienware Aurora R8	All versions
Dell Alienware Aurora R9	All versions
Dell Alienware M15 R1	All versions
Dell Alienware M15 R2	All versions
Dell Alienware M15 R3	All versions
Dell Alienware M15 R4	All versions
Dell Alienware M17 R1	All versions
Dell Alienware M17 R2	All versions
Dell Alienware M17 R3	All versions
Dell Alienware M17 R4	All versions
Dell G5 5000	All versions
Dell G5 5090	All versions
Dell G5 5590	All versions
Dell G7 7590	All versions
Dell G7 7790	All versions

Configuration D

1 vulnerable · 2 platform

Vulnerable Software	Affected Versions
Dell Realtek High Definition Audio Driver	Before 6.0.9407.1

Running on/with	Platform Versions
Dell G7 7500	All versions
Dell G7 7700	All versions

Configuration E

1 vulnerable · 3 platform

Vulnerable Software	Affected Versions
Dell Realtek High Definition Audio Driver	Before 6.0.9388.1

Running on/with	Platform Versions
Dell Alienware Aurora R13	All versions
Dell Alienware X15 R1	All versions
Dell Alienware X17 R1	All versions

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dell Realtek High Definition Audio Driver	Before 6.0.9254.1

Running on/with	Platform Versions
Dell G3 3590	All versions

Configuration G

1 vulnerable · 2 platform

Vulnerable Software	Affected Versions
Dell Realtek High Definition Audio Driver	Before 6.0.9422.1

Running on/with	Platform Versions
Dell G3 3500	All versions
Dell G5 5500	All versions

Related CWEs

CWE-285

Improper Authorization

The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.

References (2)

https://www.dell.com/support/kbdoc/en-us/000205721/dsa-2022-316-dell-client-security-update-for-a-realtek-high-definition-audio-driver-vulnerability

Source: security_alert@emc.com

Vendor Advisory

https://www.dell.com/support/kbdoc/en-us/000205721/dsa-2022-316-dell-client-security-update-for-a-realtek-high-definition-audio-driver-vulnerability

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.