CVE-2021-21572

HIGH

Dell Alienware M15 R6 Firmware < 1.3.3 - Out-of-Bounds Write

Title source: rule
STIX 2.1

Description

Dell BIOSConnect feature contains a buffer overflow vulnerability. An authenticated malicious admin user with local access to the system may potentially exploit this vulnerability to run arbitrary code and bypass UEFI restrictions.

References (1)

Core 1
Core References
Vendor Advisory x_refsource_misc
https://www.dell.com/support/kbdoc/en-us/000188682

Scores

CVSS v3 7.2
EPSS 0.0005
EPSS Percentile 13.8%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H

Details

CWE
CWE-122 CWE-787
Status published
Products (50)
dell/alienware_m15_r6_firmware < 1.3.3
dell/chengming_3990_firmware < 1.4.1
dell/chengming_3991_firmware < 1.4.1
dell/g15_5510_firmware < 1.4.0
dell/g15_5511_firmware < 1.3.3
dell/g3_3500_firmware < 1.9.0
dell/g5_5500_firmware < 1.9.0
dell/g7_7500_firmware < 1.9.0
dell/g7_7700_firmware < 1.9.0
dell/inspiron_14_5418_firmware < 2.1.0_a06
... and 40 more
Published Jun 24, 2021
Tracked Since Feb 18, 2026