Vulnerabilities > CVE-2022-34401 - Out-of-bounds Write vulnerability in Dell products

CVSS 7.5 - HIGH

Attack vector

LOCAL

Attack complexity

HIGH

Privileges required

HIGH

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

local

high complexity

dell

CWE-787

NVD

Published: 2023-01-18

Updated: 2023-11-07

Summary

Dell BIOS contains a stack based buffer overflow vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to send larger than expected input to a parameter in order to gain arbitrary code execution in SMRAM.

Vulnerable Configurations

Part	Description	Count
OS	Dell Dell Alienware M15 A6 Firmware - Dell Alienware M17 R5 Firmware * Dell G15 5525 Firmware -	3
Hardware	Dell Dell Alienware M15 A6 - Dell Alienware M17 R5 - Dell G15 5525 -	3

Common Weakness Enumeration (CWE)

CWE-787 - Out-of-bounds Write

References

https://www.dell.com/support/kbdoc/000204679