CVE-2021-36283

HIGH

Dell BIOS - Authenticated Arbitrary Code Execution in SMRAM via SMI

Title source: llm

Description

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM.

References (1)

Core 1

Core References

Patch, Vendor Advisory x_refsource_misc

https://www.dell.com/support/kbdoc/000191495/

Scores

CVSS v3 7.5

EPSS 0.0004

EPSS Percentile 12.2%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

Details

CWE

CWE-20

Status published

Products (50)

dell/chengming_3990_firmware < 1.3.1

dell/chengming_3991_firmware < 1.3.1

dell/g3_15_3500_firmware < 1.7.1

dell/g3_15_3590_firmware < 1.12.0

dell/g3_15_5500_firmware < 1.7.1

dell/inspiron_3493_firmware < 1.12.0

dell/inspiron_3501_firmware < 1.1.0

dell/inspiron_3593_firmware < 1.12.0

dell/inspiron_3793_firmware < 1.12.0

dell/inspiron_3880_firmware < 1.3.1

... and 40 more

Published Sep 28, 2021

Tracked Since Feb 18, 2026