Vulnerabilities > CVE-2022-31226 - Out-of-bounds Write vulnerability in Dell products

CVSS 7.8 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

local

low complexity

dell

CWE-787

NVD

Published: 2022-09-12

Updated: 2022-09-15

Summary

Dell BIOS versions contain a Stack-based Buffer Overflow vulnerability. A local authenticated malicious user could potentially exploit this vulnerability by sending excess data to a function in order to gain arbitrary code execution on the system.

Vulnerable Configurations

Part	Description	Count
OS	Dell Dell Chengming 3900 Firmware - Dell Inspiron 14 Plus 7420 Firmware - Dell Inspiron 16 Plus 7620 Firmware - Dell Inspiron 3910 Firmware - Dell Inspiron 5320 Firmware - Dell Inspiron 5420 Firmware - Dell Inspiron 5620 Firmware - Dell Inspiron 7420 Firmware - Dell Inspiron 7620 Firmware - Dell Optiplex 3000 Firmware - Dell Optiplex 3000 Thin Client Firmware - Dell Optiplex 5000 Firmware - Dell Optiplex 5400 Firmware - Dell Optiplex 7000 Firmware - Dell Optiplex 7000 OEM Firmware * Dell Optiplex 7400 Firmware - Dell Precision 3460 Small Form Factor Firmware - Dell Precision 3660 Tower Firmware * Dell Precision 5770 Firmware - Dell Vostro 3710 Firmware - Dell Vostro 3910 Firmware - Dell Vostro 5320 Firmware - Dell Vostro 5620 Firmware - Dell Vostro 7620 Firmware - Dell XPS 17 9720 Firmware -	25
Hardware	Dell Dell Chengming 3900 - Dell Inspiron 14 Plus 7420 - Dell Inspiron 16 Plus 7620 - Dell Inspiron 3910 - Dell Inspiron 5320 - Dell Inspiron 5420 - Dell Inspiron 5620 - Dell Inspiron 7420 - Dell Inspiron 7620 - Dell Optiplex 3000 - Dell Optiplex 3000 Thin Client - Dell Optiplex 5000 - Dell Optiplex 5400 - Dell Optiplex 7000 - Dell Optiplex 7000 OEM - Dell Optiplex 7400 - Dell Precision 3460 Small Form Factor - Dell Precision 3660 Tower - Dell Precision 5770 - Dell Vostro 3710 - Dell Vostro 3910 - Dell Vostro 5320 - Dell Vostro 5620 - Dell Vostro 7620 - Dell XPS 17 9720 -	25

Common Weakness Enumeration (CWE)

CWE-787 - Out-of-bounds Write

References

https://www.dell.com/support/kbdoc/000202196