CVE-2022-24415

HIGH

Dell Alienware BIOS < 1.18.0 - Authenticated Arbitrary Code Execution via SMI

Title source: llm

Description

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution during SMM.

References (1)

Core 1

Core References

Vendor Advisory x_refsource_misc

https://www.dell.com/support/kbdoc/en-us/000197057/dsa-2022-053

Scores

CVSS v3 8.2

EPSS 0.0004

EPSS Percentile 12.6%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

Details

CWE

CWE-119

Status published

Products (46)

dell/alienware_13_r3_firmware < 1.16.1

dell/alienware_15_r3_firmware < 1.16.1

dell/alienware_15_r4_firmware < 1.17.0

dell/alienware_17_r4_firmware < 1.16.1

dell/alienware_17_r5_firmware < 1.17.0

dell/alienware_area_51m_r1_firmware < 1.18.0

dell/alienware_area_51m_r2_firmware < 1.13.0

dell/alienware_aurora_r8_firmware < 1.0.20

dell/alienware_m15_r2_firmware < 1.12.0

dell/alienware_m15_r3_firmware < 1.14.0

... and 36 more

Published Mar 11, 2022

Tracked Since Feb 18, 2026