Vulnerabilities > CVE-2022-31222 - Missing Release of Resource after Effective Lifetime vulnerability in Dell products

CVSS 4.4 - MEDIUM

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

HIGH

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

local

low complexity

dell

CWE-772

NVD

Published: 2022-09-12

Updated: 2023-06-29

Summary

Dell BIOS versions contain a Missing Release of Resource after Effective Lifetime vulnerability. A local authenticated administrator user could potentially exploit this vulnerability by consuming excess memory in order to cause the application to crash.

Vulnerable Configurations

Part	Description	Count
OS	Dell Dell Chengming 3900 Firmware - Dell Inspiron 14 Plus 7420 Firmware - Dell Inspiron 16 Plus 7620 Firmware - Dell Inspiron 3910 Firmware - Dell Inspiron 5320 Firmware - Dell Inspiron 5420 Firmware - Dell Inspiron 5620 Firmware - Dell Inspiron 7420 Firmware - Dell Inspiron 7620 Firmware - Dell Optiplex 3000 Firmware - Dell Optiplex 3000 Thin Client Firmware * Dell Optiplex 5000 Firmware - Dell Optiplex 5400 Firmware - Dell Optiplex 7000 Firmware - Dell Optiplex 7000 OEM Firmware * Dell Optiplex 7400 Firmware - Dell Precision 3460 Small Form Factor Firmware * Dell Precision 3660 Tower Firmware * Dell Precision 5770 Firmware - Dell Vostro 3710 Firmware - Dell Vostro 3910 Firmware - Dell Vostro 5320 Firmware * Dell Vostro 5620 Firmware - Dell Vostro 7620 Firmware * Dell XPS 17 9720 Firmware -	25
Hardware	Dell Dell Chengming 3900 - Dell Inspiron 14 Plus 7420 - Dell Inspiron 16 Plus 7620 - Dell Inspiron 3910 - Dell Inspiron 5320 - Dell Inspiron 5420 - Dell Inspiron 5620 - Dell Inspiron 7420 - Dell Inspiron 7620 - Dell Optiplex 3000 - Dell Optiplex 3000 Thin Client - Dell Optiplex 5000 - Dell Optiplex 5400 - Dell Optiplex 7000 - Dell Optiplex 7000 OEM - Dell Optiplex 7400 - Dell Precision 3460 Small Form Factor - Dell Precision 3660 Tower - Dell Precision 5770 - Dell Vostro 3710 - Dell Vostro 3910 - Dell Vostro 5320 - Dell Vostro 5620 - Dell Vostro 7620 - Dell XPS 17 9720 -	25

Common Weakness Enumeration (CWE)

CWE-772 - Missing Release of Resource after Effective Lifetime

Common Attack Pattern Enumeration and Classification (CAPEC)

HTTP DoS
An attacker performs flooding at the HTTP level to bring down only a particular web application rather than anything listening on a TCP/IP connection. This denial of service attack requires substantially fewer packets to be sent which makes DoS harder to detect. This is an equivalent of SYN flood in HTTP. The idea is to keep the HTTP session alive indefinitely and then repeat that hundreds of times. This attack targets resource depletion weaknesses in web server software. The web server will wait to attacker's responses on the initiated HTTP sessions while the connection threads are being exhausted.

References

https://www.dell.com/support/kbdoc/000202196