CVE-2024-0158

MEDIUM

Dell Alienware and Chengming Firmware - Denial of Service and Privilege Escalation via UEFI Variable Modification

Title source: llm

Description

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with admin privileges may potentially exploit this vulnerability to modify a UEFI variable, leading to denial of service and escalation of privileges

References (1)

Core 1

Core References

Vendor Advisory vendor-advisory

https://www.dell.com/support/kbdoc/en-in/000220141/dsa-2024-030-security-update-for-dell-client-bios-for-an-improper-input-validation-vulnerability

Scores

CVSS v3 5.1

EPSS 0.0004

EPSS Percentile 14.1%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:L

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-20

Status published

Products (50)

dell/alienware_m15_r6_firmware < 1.28.0

dell/alienware_m15_r7_firmware < 1.28.0

dell/alienware_m16_r1_firmware < 1.15.0

dell/alienware_m18_r1_firmware < 1.15.0

dell/alienware_m18_r2_firmware < 1.2.1

dell/alienware_x14_r2_firmware < 1.12.1

dell/alienware_x16_r1_firmware < 1.12.1

dell/alienware_x16_r2_firmware < 1.2.0

dell/chengming_3900_firmware < 1.20.0

dell/chengming_3910_firmware < 1.12.0

... and 40 more

Published Jul 02, 2024

Tracked Since Feb 18, 2026