CVE-2022-22567

MEDIUM

Dell Alienware and G-Series Firmware - Authenticated BIOS Firmware Modification via Insufficient Verification

Title source: llm

Description

Select Dell Client Commercial and Consumer platforms are vulnerable to an insufficient verification of data authenticity vulnerability. An authenticated malicious user may exploit this vulnerability in order to install modified BIOS firmware.

References (1)

Core 1

Core References

Vendor Advisory x_refsource_misc

https://www.dell.com/support/kbdoc/en-us/000195905/dsa-2022-028

Scores

CVSS v3 4.7

EPSS 0.0002

EPSS Percentile 6.6%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:L

Details

CWE

CWE-345

Status published

Products (50)

dell/alienware_area_51m_r1_firmware < 1.16.0

dell/alienware_area_51m_r2_firmware < 1.11.0

dell/alienware_m15_r3_firmware < 1.12.0

dell/alienware_m15_r4_firmware < 1.6.2

dell/alienware_m15_r6_firmware < 1.6.0

dell/alienware_m17_r3_firmware < 1.12.0

dell/alienware_m17_r4_firmware < 1.6.2

dell/chengming_3990_firmware < 1.6.0

dell/chengming_3991_firmware < 1.6.0

dell/g15_5510_firmware < 1.8.0

... and 40 more

Published Feb 09, 2022

Tracked Since Feb 18, 2026