CVE-2022-22566

MEDIUM

Dell Alienware and G-Series Firmware - Authenticated Arbitrary Code Execution via DMA

Title source: llm

Description

Select Dell Client Commercial and Consumer platforms contain a pre-boot direct memory access (DMA) vulnerability. An authenticated attacker with physical access to the system may potentially exploit this vulnerability in order to execute arbitrary code on the device.

References (1)

Core 1

Core References

Vendor Advisory x_refsource_misc

https://www.dell.com/support/kbdoc/en-us/000195905/dsa-2022-028

Scores

CVSS v3 6.9

EPSS 0.0004

EPSS Percentile 12.9%

Attack Vector PHYSICAL

CVSS:3.1/AV:P/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

Details

CWE

CWE-1190

Status published

Products (50)

dell/alienware_area_51m_r1_firmware < 1.16.0

dell/alienware_area_51m_r2_firmware < 1.11.0

dell/alienware_m15_r3_firmware < 1.12.0

dell/alienware_m15_r4_firmware < 1.6.2

dell/alienware_m15_r6_firmware < 1.6.0

dell/alienware_m17_r3_firmware < 1.12.0

dell/alienware_m17_r4_firmware < 1.6.2

dell/chengming_3990_firmware < 1.6.0

dell/chengming_3991_firmware < 1.6.0

dell/g15_5510_firmware < 1.8.0

... and 40 more

Published Feb 09, 2022

Tracked Since Feb 18, 2026