CVE-2022-24420 | Severity.io

Description

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution during SMM.

Related CPE's

alienware_13_r3_firmware

Vulnerable

alienware_13_r3

alienware_15_r3_firmware

Vulnerable

alienware_15_r3

alienware_15_r4_firmware

Vulnerable

alienware_15_r4

alienware_17_r4_firmware

Vulnerable

alienware_17_r4

alienware_17_r5_firmware

Vulnerable

alienware_17_r5

alienware_area_51m_r1_firmware

Vulnerable

alienware_area_51m_r1

alienware_area_51m_r2_firmware

Vulnerable

alienware_area_51m_r2

alienware_aurora_r8_firmware

Vulnerable

alienware_aurora_r8

alienware_m15_r2_firmware

Vulnerable

alienware_m15_r2

alienware_m15_r3_firmware

Vulnerable

alienware_m15_r3

alienware_m15_r4_firmware

Vulnerable

alienware_m15_r4

alienware_m17_r2_firmware

Vulnerable

alienware_m17_r2

alienware_m17_r3_firmware

Vulnerable

alienware_m17_r3

alienware_m17_r4_firmware

Vulnerable

alienware_m17_r4

alienware_x15_r1_firmware

Vulnerable

alienware_x15_r1

alienware_x17_r1_firmware

Vulnerable

alienware_x17_r1

edge_gateway_3000_firmware

Vulnerable

edge_gateway_3000

edge_gateway_5000_firmware

Vulnerable

edge_gateway_5000

edge_gateway_5100_firmware

Vulnerable

edge_gateway_5100

embedded_box_pc_3000_firmware

Vulnerable

embedded_box_pc_3000

embedded_box_pc_5000_firmware

Vulnerable

embedded_box_pc_5000

inspiron_14_3473_firmware

Vulnerable

inspiron_14_3473

inspiron_15_3573_firmware

Vulnerable

inspiron_15_3573

inspiron_15_5566_firmware

Vulnerable

inspiron_15_5566

inspiron_3277_firmware

Vulnerable

inspiron_3465_firmware

Vulnerable

inspiron_3477_firmware

Vulnerable

inspiron_3482_firmware

Vulnerable

inspiron_3502_firmware

Vulnerable

inspiron_3510_firmware

Vulnerable

inspiron_3565_firmware

Vulnerable

inspiron_3582_firmware

Vulnerable

inspiron_3782_firmware

Vulnerable

latitude_3379_firmware

Vulnerable

vostro_14_5468_firmware

Vulnerable

vostro_15_5568_firmware

Vulnerable

vostro_3267_firmware

Vulnerable

vostro_3268_firmware

Vulnerable

vostro_3572_firmware

Vulnerable

vostro_3582_firmware

Vulnerable

vostro_3660_firmware

Vulnerable

vostro_3667_firmware

Vulnerable

vostro_3668_firmware

Vulnerable

vostro_3669_firmware

Vulnerable

wyse_7040_thin_client_firmware

Vulnerable

wyse_7040_thin_client

xps_8930_firmware

Vulnerable

References

https://www.dell.com/support/kbdoc/en-us/000197057/dsa-2022-053

Vendor Advisory

Weaknesses

[email protected]

Primary

CWE-119

[email protected]

Secondary

CWE-119

CVSS impact metrics

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.8 · High

CVSS V3.1
CVSS V3.0
CVSS V2.0

Information

Source identifier

[email protected]

Vulnerability status

Analyzed

Published

2022-03-11T22:15:13.547

3 years ago

Last modified

2023-06-30T18:41:12.827

2 years ago