CVE-2023-28075

MEDIUM

Dell Alienware M15 R7 Firmware < 1.18.0 - TOCTOU Race Condition

Title source: rule

Description

Dell BIOS contain a Time-of-check Time-of-use vulnerability in BIOS. A local authenticated malicious user with physical access to the system could potentially exploit this vulnerability by using a specifically timed DMA transaction during an SMI in order to gain arbitrary code execution on the system.

References (1)

[Vendor Advisory] https://www.dell.com/support/kbdoc/en-us/000212817/dsa-2023-152-security-update-for-a-dell-client-bios-vulnerability

Scores

CVSS v3 6.9

EPSS 0.0003

EPSS Percentile 9.8%

Attack Vector PHYSICAL

CVSS:3.1/AV:P/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

Classification

CWE

CWE-367

Status published

Affected Products (50)

dell/alienware_m15_r7_firmware < 1.18.0

dell/alienware_m16_firmware < 1.10.1

dell/alienware_m18_firmware < 1.10.1

dell/chengming_3900_firmware < 1.15.0

dell/chengming_3901_firmware < 1.15.0

dell/chengming_3910_firmware < 1.6.0

dell/chengming_3911_firmware < 1.6.0

dell/chengming_3980_firmware < 2.32.0

dell/chengming_3990_firmware < 1.21.0

dell/chengming_3991_firmware < 1.21.0

dell/g15_5520_firmware < 1.18.0

dell/g16_7620_firmware < 1.18.0

dell/g3_3500_firmware < 1.26.0

dell/g5_15_5500_firmware < 1.26.0

dell/g5_15_5590_firmware < 1.26.0

... and 35 more

Timeline

Published Aug 16, 2023

Tracked Since Feb 18, 2026