CVE-2022-34393

HIGH

Dell G5 SE 5505 Firmware < 1.12.1 - Authenticated Arbitrary Code Execution in SMRAM via SMI

Title source: llm

Description

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM.

References (1)

Core 1

Core References

Vendor Advisory vendor-advisory

https://www.dell.com/support/kbdoc/000204686

Scores

CVSS v3 7.5

EPSS 0.0014

EPSS Percentile 32.8%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-20

Status published

Products (26)

dell/g5_se_5505_firmware < 1.12.1

dell/inspiron_27_7775_firmware < 2.17.0

dell/inspiron_3180_firmware < 1.5.0

dell/inspiron_3185_firmware < 1.5.0

dell/inspiron_3195_2-in-1_firmware < 1.5.0

dell/inspiron_3275_firmware < 1.9.1

dell/inspiron_3475_firmware < 1.9.1

dell/inspiron_3505_firmware < 1.8.0

dell/inspiron_3515_firmware < 1.7.0

dell/inspiron_3585_firmware < 1.9.0

... and 16 more

Published Jan 18, 2023

Tracked Since Feb 18, 2026