CVE-2024-0158

MEDIUM

Dell Alienware M15 R6 Firmware < 1.28.0 - Improper Input Validation

Title source: rule

Description

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with admin privileges may potentially exploit this vulnerability to modify a UEFI variable, leading to denial of service and escalation of privileges

References (1)

Scores

CVSS v3 5.1
EPSS 0.0004
EPSS Percentile 13.6%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:L

Classification

CWE
CWE-20
Status published

Affected Products (50)

dell/alienware_m15_r6_firmware < 1.28.0
dell/alienware_m15_r7_firmware < 1.28.0
dell/alienware_m16_r1_firmware < 1.15.0
dell/alienware_m18_r1_firmware < 1.15.0
dell/alienware_m18_r2_firmware < 1.2.1
dell/alienware_x14_r2_firmware < 1.12.1
dell/alienware_x16_r1_firmware < 1.12.1
dell/alienware_x16_r2_firmware < 1.2.0
dell/chengming_3900_firmware < 1.20.0
dell/chengming_3910_firmware < 1.12.0
dell/chengming_3911_firmware < 1.12.0
dell/chengming_3990_firmware < 1.26.0
dell/chengming_3991_firmware < 1.26.0
dell/edge_gateway_5000_firmware < 1.27.0
dell/g15_5510_firmware < 1.23.0
... and 35 more

Timeline

Published Jul 02, 2024
Tracked Since Feb 18, 2026