CVE-2022-34403

HIGH

Dell Alienware and Inspiron Firmware - Authenticated Stack-based Buffer Overflow via SMI Parameter

Title source: llm

Description

Dell BIOS contains a Stack based buffer overflow vulnerability. A local authenticated attacker could potentially exploit this vulnerability by using an SMI to send larger than expected input to a parameter to gain arbitrary code execution in SMRAM.

References (1)

Core 1

Core References

Vendor Advisory vendor-advisory

https://www.dell.com/support/kbdoc/000205716

Scores

CVSS v3 7.5

EPSS 0.0005

EPSS Percentile 16.4%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-121 CWE-787

Status published

Products (50)

dell/alienware_m15_r6_firmware < 1.17.0

dell/alienware_m15_r7_firmware < 1.4.3

dell/alienware_m15_ryzen_edition_r5_firmware < 1.8.0

dell/alienware_m17_r5_amd_firmware < 1.4.3

dell/g15_5510_firmware < 1.16.0

dell/g15_5511_firmware < 1.18.0

dell/g15_5515_firmware < 1.8.0

dell/g15_5525_firmware < 1.4.3

dell/g5_se_5505_firmware < 1.13.0

dell/inspiron_14_5410_2-in-1_firmware < 2.15.2

... and 40 more

Published Feb 01, 2023

Tracked Since Feb 18, 2026