CVE-2022-34399

MEDIUM

5.1

Beschreibung

Dell Alienware m17 R5 BIOS version prior to 1.2.2 contain a buffer access vulnerability. A malicious user with admin privileges could potentially exploit this vulnerability by sending input larger than expected in order to leak certain sections of SMRAM.

CVE Details

CVSS v3.1 Bewertung5.1

SchweregradMEDIUM

CVSS VektorCVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:N

AngriffsvektorLOCAL

KomplexitatLOW

Erforderliche PrivilegienHIGH

BenutzerinteraktionNONE

Veroffentlicht1/18/2023

Zuletzt geandert11/21/2024

Quellenvd

Honeypot-Sichtungen0

Betroffene Produkte

dell:alienware_m15_a6dell:alienware_m15_a6_firmwaredell:alienware_m15_ryzen_edition_r5dell:alienware_m15_ryzen_edition_r5_firmwaredell:alienware_m17_ryzen_edition_r5dell:alienware_m17_ryzen_edition_r5_firmwaredell:g15_5515dell:g15_5515_firmwaredell:g15_5525dell:g15_5525_firmwaredell:inspiron_3505dell:inspiron_3505_firmwaredell:inspiron_3515dell:inspiron_3515_firmwaredell:inspiron_3525dell:inspiron_3525_firmwaredell:inspiron_3585dell:inspiron_3585_firmwaredell:inspiron_3595dell:inspiron_3595_firmwaredell:inspiron_3785dell:inspiron_3785_firmwaredell:vostro_3405dell:vostro_3405_firmwaredell:vostro_3425dell:vostro_3425_firmwaredell:vostro_3515dell:vostro_3515_firmwaredell:vostro_3525dell:vostro_3525_firmware

Schwachen (CWE)

CWE-805CWE-119

Referenzen

https://www.dell.com/support/kbdoc/en-us/000205329/dsa-2022-317-dell-client-security-update-for-dell-client-bios(security_alert@emc.com)

https://www.dell.com/support/kbdoc/en-us/000205329/dsa-2022-317-dell-client-security-update-for-dell-client-bios(af854a3a-2127-422b-91ae-364da2661108)

IOC Korrelationen

Keine Korrelationen erfasst

This product uses data from the NVD API but is not endorsed or certified by the NVD.