CVE-2023-28075
MEDIUMDell Alienware and Chengming Firmware - Authenticated Arbitrary Code Execution via DMA Transaction Timing
Title source: llmDescription
Dell BIOS contain a Time-of-check Time-of-use vulnerability in BIOS. A local authenticated malicious user with physical access to the system could potentially exploit this vulnerability by using a specifically timed DMA transaction during an SMI in order to gain arbitrary code execution on the system.
References (1)
Core 1
Core References
Vendor Advisory vendor-advisory
https://www.dell.com/support/kbdoc/en-us/000212817/dsa-2023-152-security-update-for-a-dell-client-bios-vulnerability
Scores
CVSS v3
6.9
EPSS
0.0004
EPSS Percentile
12.5%
Attack Vector
PHYSICAL
CVSS:3.1/AV:P/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-367
Status
published
Products (50)
dell/alienware_m15_r7_firmware
< 1.18.0
dell/alienware_m16_firmware
< 1.10.1
dell/alienware_m18_firmware
< 1.10.1
dell/chengming_3900_firmware
< 1.15.0
dell/chengming_3901_firmware
< 1.15.0
dell/chengming_3910_firmware
< 1.6.0
dell/chengming_3911_firmware
< 1.6.0
dell/chengming_3980_firmware
< 2.32.0
dell/chengming_3990_firmware
< 1.21.0
dell/chengming_3991_firmware
< 1.21.0
... and 40 more
Published
Aug 16, 2023
Tracked Since
Feb 18, 2026