CVE-2022-34399

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2022-34399
Dell Alienware m17 R5 BIOS version prior to 1.2.2 contain a buffer access vulnerability. A malicious user with admin privileges could potentially exploit this vulnerability by sending input larger than expected in order to leak certain sections of SMRAM.

5.1 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 0.8 / Impact : 4.2

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://www.dell.com/support/kbdoc/en-us/000205329/dsa-2022-317-dell-client-security-update-for-dell-client-bios Vendor Advisory
https://www.dell.com/support/kbdoc/en-us/000205329/dsa-2022-317-dell-client-security-update-for-dell-client-bios Vendor Advisory
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:dell:alienware_m15_a6_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:alienware_m15_a6:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:dell:alienware_m15_ryzen_edition_r5_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:alienware_m15_ryzen_edition_r5:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:dell:alienware_m17_ryzen_edition_r5_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:alienware_m17_ryzen_edition_r5:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:dell:g15_5515_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:g15_5515:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:dell:g15_5525_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:g15_5525:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:o:dell:inspiron_3505_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:inspiron_3505:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
cpe:2.3:o:dell:inspiron_3515_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:inspiron_3515:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND
cpe:2.3:o:dell:inspiron_3525_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:inspiron_3525:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND
cpe:2.3:o:dell:inspiron_3585_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:inspiron_3585:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND
cpe:2.3:o:dell:inspiron_3595_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:inspiron_3595:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND
cpe:2.3:o:dell:inspiron_3785_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:inspiron_3785:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND
cpe:2.3:o:dell:vostro_3405_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:vostro_3405:-:*:*:*:*:*:*:*

Configuration 13 (hide)

AND
cpe:2.3:o:dell:vostro_3425_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:vostro_3425:-:*:*:*:*:*:*:*

Configuration 14 (hide)

AND
cpe:2.3:o:dell:vostro_3515_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:vostro_3515:-:*:*:*:*:*:*:*

Configuration 15 (hide)

AND
cpe:2.3:o:dell:vostro_3525_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:vostro_3525:-:*:*:*:*:*:*:*
History

21 Nov 2024, 07:09

Type Values Removed Values Added
References () https://www.dell.com/support/kbdoc/en-us/000205329/dsa-2022-317-dell-client-security-update-for-dell-client-bios - Vendor Advisory () https://www.dell.com/support/kbdoc/en-us/000205329/dsa-2022-317-dell-client-security-update-for-dell-client-bios - Vendor Advisory
CVSS v2 : unknown
v3 : 2.3 		v2 : unknown
v3 : 5.1
Summary
  • (es) Las versiones de BIOS Dell Alienware m17 R5 anteriores a 1.2.2 contienen una vulnerabilidad de acceso al búfer. Un usuario malintencionado con privilegios de administrador podría explotar esta vulnerabilidad enviando entradas mayores a las esperadas para filtrar ciertas secciones de SMRAM.
Information

Published : 2023-01-18 12:15

Updated : 2024-11-21 07:09

NVD link : CVE-2022-34399

Mitre link : CVE-2022-34399

CVE.ORG link : CVE-2022-34399

JSON object : View

Products Affected

dell

  • vostro_3525
  • g15_5515
  • inspiron_3585
  • alienware_m15_ryzen_edition_r5_firmware
  • vostro_3405
  • g15_5515_firmware
  • alienware_m17_ryzen_edition_r5_firmware
  • inspiron_3595_firmware
  • alienware_m15_a6_firmware
  • vostro_3405_firmware
  • vostro_3425
  • inspiron_3515
  • vostro_3515_firmware
  • inspiron_3785_firmware
  • inspiron_3525_firmware
  • alienware_m15_ryzen_edition_r5
  • inspiron_3515_firmware
  • inspiron_3525
  • g15_5525_firmware
  • inspiron_3595
  • alienware_m17_ryzen_edition_r5
  • inspiron_3505_firmware
  • vostro_3515
  • vostro_3425_firmware
  • g15_5525
  • vostro_3525_firmware
  • inspiron_3505
  • inspiron_3785
  • alienware_m15_a6
  • inspiron_3585_firmware
CWE
CWE-805

Buffer Access with Incorrect Length Value

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer