CVE-2022-34399

CVSS V2 None CVSS V3 None
Description
Dell Alienware m17 R5 BIOS version prior to 1.2.2 contain a buffer access vulnerability. A malicious user with admin privileges could potentially exploit this vulnerability by sending input larger than expected in order to leak certain sections of SMRAM.
Overview
  • CVE ID
  • CVE-2022-34399
  • Assigner
  • security_alert@emc.com
  • Vulnerability Status
  • Analyzed
  • Published Version
  • 2023-01-18T12:15:10
  • Last Modified Date
  • 2023-01-26T15:51:32
Weakness Enumerations
CWE URL
CWE-119 http://cwe.mitre.org/data/definitions/119.html
CWE-805 http://cwe.mitre.org/data/definitions/805.html
CPE Configuration (Product)
CPE Vulnerable Operator Version Start Version End
AND
cpe:2.3:o:dell:alienware_m15_a6_firmware:*:*:*:*:*:*:*:* 1 OR 1.4.3
cpe:2.3:h:dell:alienware_m15_a6:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:dell:alienware_m15_ryzen_edition_r5_firmware:*:*:*:*:*:*:*:* 1 OR 1.8.0
cpe:2.3:h:dell:alienware_m15_ryzen_edition_r5:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:dell:alienware_m17_ryzen_edition_r5_firmware:*:*:*:*:*:*:*:* 1 OR 1.4.3
cpe:2.3:h:dell:alienware_m17_ryzen_edition_r5:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:dell:g15_5515_firmware:*:*:*:*:*:*:*:* 1 OR 1.8.0
cpe:2.3:h:dell:g15_5515:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:dell:g15_5525_firmware:*:*:*:*:*:*:*:* 1 OR 1.4.3
cpe:2.3:h:dell:g15_5525:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:dell:inspiron_3505_firmware:*:*:*:*:*:*:*:* 1 OR 1.9.0
cpe:2.3:h:dell:inspiron_3505:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:dell:inspiron_3515_firmware:*:*:*:*:*:*:*:* 1 OR 1.9.0
cpe:2.3:h:dell:inspiron_3515:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:dell:inspiron_3525_firmware:*:*:*:*:*:*:*:* 1 OR 1.5.0
cpe:2.3:h:dell:inspiron_3525:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:dell:inspiron_3585_firmware:*:*:*:*:*:*:*:* 1 OR 1.10.0
cpe:2.3:h:dell:inspiron_3585:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:dell:inspiron_3595_firmware:*:*:*:*:*:*:*:* 1 OR 1.5.0
cpe:2.3:h:dell:inspiron_3595:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:dell:inspiron_3785_firmware:*:*:*:*:*:*:*:* 1 OR 1.10.0
cpe:2.3:h:dell:inspiron_3785:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:dell:vostro_3405_firmware:*:*:*:*:*:*:*:* 1 OR 1.9.0
cpe:2.3:h:dell:vostro_3405:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:dell:vostro_3425_firmware:*:*:*:*:*:*:*:* 1 OR 1.5.0
cpe:2.3:h:dell:vostro_3425:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:dell:vostro_3515_firmware:*:*:*:*:*:*:*:* 1 OR 1.9.0
cpe:2.3:h:dell:vostro_3515:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:dell:vostro_3525_firmware:*:*:*:*:*:*:*:* 1 OR 1.5.0
cpe:2.3:h:dell:vostro_3525:-:*:*:*:*:*:*:* 0 OR
References
Reference URL Reference Tags
https://www.dell.com/support/kbdoc/en-us/000205329/dsa-2022-317-dell-client-security-update-for-dell-client-bios
Sources
Source Name Source URL
NIST https://nvd.nist.gov/vuln/detail/CVE-2022-34399
MITRE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34399
History
Created Old Value New Value Data Type Notes
2023-01-18 12:15:47 Added to TrackCVE
2023-01-18 12:15:48 Weakness Enumeration new
2023-01-18 14:15:44 2023-01-18T13:54:48 CVE Modified Date updated
2023-01-18 14:15:44 Received Awaiting Analysis Vulnerability Status updated
2023-01-25 14:13:21 Awaiting Analysis Undergoing Analysis Vulnerability Status updated
2023-01-26 18:13:55 2023-01-26T15:51:32 CVE Modified Date updated
2023-01-26 18:13:55 Undergoing Analysis Analyzed Vulnerability Status updated
2023-01-26 18:13:56 Weakness Enumeration update
2023-01-26 18:13:58 CPE Information updated