CVE-2022-34399

  1. Yack CVE
  2. Vulnerabilities (CVE)
  3. CVE-2022-34399

5.1 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 0.8 / Impact : 4.2

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

Dell Alienware m17 R5 BIOS version prior to 1.2.2 contain a buffer access vulnerability. A malicious user with admin privileges could potentially exploit this vulnerability by sending input larger than expected in order to leak certain sections of SMRAM.

References
Link Resource
https://www.dell.com/support/kbdoc/en-us/000205329/dsa-2022-317-dell-client-security-update-for-dell-client-bios Vendor Advisory
https://www.dell.com/support/kbdoc/en-us/000205329/dsa-2022-317-dell-client-security-update-for-dell-client-bios Vendor Advisory
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:dell:alienware_m15_a6_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:alienware_m15_a6:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:dell:alienware_m15_ryzen_edition_r5_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:alienware_m15_ryzen_edition_r5:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:dell:alienware_m17_ryzen_edition_r5_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:alienware_m17_ryzen_edition_r5:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:dell:g15_5515_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:g15_5515:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:dell:g15_5525_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:g15_5525:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:o:dell:inspiron_3505_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:inspiron_3505:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
cpe:2.3:o:dell:inspiron_3515_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:inspiron_3515:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND
cpe:2.3:o:dell:inspiron_3525_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:inspiron_3525:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND
cpe:2.3:o:dell:inspiron_3585_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:inspiron_3585:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND
cpe:2.3:o:dell:inspiron_3595_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:inspiron_3595:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND
cpe:2.3:o:dell:inspiron_3785_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:inspiron_3785:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND
cpe:2.3:o:dell:vostro_3405_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:vostro_3405:-:*:*:*:*:*:*:*

Configuration 13 (hide)

AND
cpe:2.3:o:dell:vostro_3425_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:vostro_3425:-:*:*:*:*:*:*:*

Configuration 14 (hide)

AND
cpe:2.3:o:dell:vostro_3515_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:vostro_3515:-:*:*:*:*:*:*:*

Configuration 15 (hide)

AND
cpe:2.3:o:dell:vostro_3525_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:vostro_3525:-:*:*:*:*:*:*:*
History

21 Nov 2024, 07:09

Type Values Removed Values Added
CVSS v2 : unknown
v3 : 2.3 		v2 : unknown
v3 : 5.1
References () https://www.dell.com/support/kbdoc/en-us/000205329/dsa-2022-317-dell-client-security-update-for-dell-client-bios - Vendor Advisory () https://www.dell.com/support/kbdoc/en-us/000205329/dsa-2022-317-dell-client-security-update-for-dell-client-bios - Vendor Advisory
Information

Published : 2023-01-18 12:15

Updated : 2024-11-21 07:09

NVD link : CVE-2022-34399

Mitre link : CVE-2022-34399

CVE.ORG link : CVE-2022-34399

JSON object : View

Products Affected

dell

CWE
CWE-805

Buffer Access with Incorrect Length Value

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer