CVE-2022-26863

MEDIUM

Dell Alienware M15 R5 Firmware < 1.5.0 - Authenticated Security Control Bypass via SMI Input

Title source: llm

Description

Prior Dell BIOS versions contain an Input Validation vulnerability. A locally authenticated malicious user could potentially exploit this vulnerability by sending malicious input to an SMI in order to bypass security controls in SMM.

References (1)

Core 1

Core References

Vendor Advisory x_refsource_misc

https://www.dell.com/support/kbdoc/en-us/000200568/dsa-2022-096

Scores

CVSS v3 6.3

EPSS 0.0004

EPSS Percentile 11.1%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L

Details

CWE

CWE-20

Status published

Products (34)

dell/alienware_m15_r5_firmware < 1.5.0

dell/g15_5515_firmware < 1.6.0

dell/g5_se_5505_firmware < 1.11.0

dell/inspiron_14_5425_firmware < 1.2.1

dell/inspiron_27_7775_firmware < 2.16.1

dell/inspiron_3180_firmware < 1.4.4

dell/inspiron_3185_firmware < 1.4.4

dell/inspiron_3195_firmware < 1.4.1

dell/inspiron_3275_firmware < 1.9.0

dell/inspiron_3475_firmware < 1.9.0

... and 24 more

Published Jun 23, 2022

Tracked Since Feb 18, 2026