CVE-2022-34403

CVSS V2 None CVSS V3 None

Description

Dell BIOS contains a Stack based buffer overflow vulnerability. A local authenticated attacker could potentially exploit this vulnerability by using an SMI to send larger than expected input to a parameter to gain arbitrary code execution in SMRAM.

Overview

CVE ID
CVE-2022-34403

Assigner
security_alert@emc.com

Vulnerability Status
Analyzed

Published Version
2023-02-01T06:15:08

Last Modified Date
2023-02-09T20:31:08

Weakness Enumerations

CWE	URL
CWE-787	http://cwe.mitre.org/data/definitions/787.html
CWE-121	http://cwe.mitre.org/data/definitions/121.html

CPE Configuration (Product)

CPE	Vulnerable	Operator	Version End
		AND
cpe:2.3:o:dell:alienware_m15_r6_firmware::::::::	1	OR	1.17.0
cpe:2.3:h:dell:alienware_m15_r6:-:::::::*	0	OR
		AND
cpe:2.3:o:dell:alienware_m15_r7_firmware::::::::	1	OR	1.4.3
cpe:2.3:h:dell:alienware_m15_r7:-:::::::*	0	OR
		AND
cpe:2.3:o:dell:alienware_m15_ryzen_edition_r5_firmware::::::::	1	OR	1.8.0
cpe:2.3:h:dell:alienware_m15_ryzen_edition_r5:-:::::::*	0	OR
		AND
cpe:2.3:o:dell:alienware_m17_r5_amd_firmware::::::::	1	OR	1.4.3
cpe:2.3:h:dell:alienware_m17_r5_amd:-:::::::*	0	OR
		AND
cpe:2.3:o:dell:g15_5510_firmware::::::::	1	OR	1.16.0
cpe:2.3:h:dell:g15_5510:-:::::::*	0	OR
		AND
cpe:2.3:o:dell:g15_5511_firmware::::::::	1	OR	1.18.0
cpe:2.3:h:dell:g15_5511:-:::::::*	0	OR
		AND
cpe:2.3:o:dell:g15_5515_firmware::::::::	1	OR	1.8.0
cpe:2.3:h:dell:g15_5515:-:::::::*	0	OR
		AND
cpe:2.3:o:dell:g15_5525_firmware::::::::	1	OR	1.4.3
cpe:2.3:h:dell:g15_5525:-:::::::*	0	OR
		AND
cpe:2.3:o:dell:g5_se_5505_firmware::::::::	1	OR	1.13.0
cpe:2.3:h:dell:g5_se_5505:-:::::::*	0	OR
		AND
cpe:2.3:o:dell:inspiron_14_5410_2-in-1_firmware::::::::	1	OR	2.15.2
cpe:2.3:h:dell:inspiron_14_5410_2-in-1:-:::::::*	0	OR
		AND
cpe:2.3:o:dell:inspiron_15_3511_firmware::::::::	1	OR	1.18.2
cpe:2.3:h:dell:inspiron_15_3511:-:::::::*	0	OR
		AND
cpe:2.3:o:dell:inspiron_3195_2-in-1_firmware::::::::	1	OR	1.6.0
cpe:2.3:h:dell:inspiron_3195_2-in-1:-:::::::*	0	OR
		AND
cpe:2.3:o:dell:inspiron_3275_firmware::::::::	1	OR	1.9.2
cpe:2.3:h:dell:inspiron_3275:-:::::::*	0	OR
		AND
cpe:2.3:o:dell:inspiron_3475_firmware::::::::	1	OR	1.9.2
cpe:2.3:h:dell:inspiron_3475:-:::::::*	0	OR
		AND
cpe:2.3:o:dell:inspiron_3505_firmware::::::::	1	OR	1.9.0
cpe:2.3:h:dell:inspiron_3505:-:::::::*	0	OR
		AND
cpe:2.3:o:dell:inspiron_3515_firmware::::::::	1	OR	1.9.0
cpe:2.3:h:dell:inspiron_3515:-:::::::*	0	OR
		AND
cpe:2.3:o:dell:inspiron_3525_firmware::::::::	1	OR	1.5.0
cpe:2.3:h:dell:inspiron_3525:-:::::::*	0	OR
		AND
cpe:2.3:o:dell:inspiron_3585_firmware::::::::	1	OR	1.10.0
cpe:2.3:h:dell:inspiron_3585:-:::::::*	0	OR
		AND
cpe:2.3:o:dell:inspiron_3595_firmware::::::::	1	OR	1.5.0
cpe:2.3:h:dell:inspiron_3595:-:::::::*	0	OR
		AND
cpe:2.3:o:dell:inspiron_3785_firmware::::::::	1	OR	1.10.0
cpe:2.3:h:dell:inspiron_3785:-:::::::*	0	OR
		AND
cpe:2.3:o:dell:inspiron_3891_firmware::::::::	1	OR	1.12.0
cpe:2.3:h:dell:inspiron_3891:-:::::::*	0	OR
		AND
cpe:2.3:o:dell:inspiron_5310_firmware::::::::	1	OR	2.15.0
cpe:2.3:h:dell:inspiron_5310:-:::::::*	0	OR
		AND
cpe:2.3:o:dell:inspiron_5405_firmware::::::::	1	OR	1.9.0
cpe:2.3:h:dell:inspiron_5405:-:::::::*	0	OR
		AND
cpe:2.3:o:dell:inspiron_5410_firmware::::::::	1	OR	2.14.0
cpe:2.3:h:dell:inspiron_5410:-:::::::*	0	OR
		AND
cpe:2.3:o:dell:inspiron_5415_firmware::::::::	1	OR	1.13.0
cpe:2.3:h:dell:inspiron_5415:-:::::::*	0	OR
		AND
cpe:2.3:o:dell:inspiron_5425_firmware::::::::	1	OR	1.5.0
cpe:2.3:h:dell:inspiron_5425:-:::::::*	0	OR
		AND
cpe:2.3:o:dell:inspiron_5485_firmware::::::::	1	OR	2.11.0
cpe:2.3:h:dell:inspiron_5485:-:::::::*	0	OR
		AND
cpe:2.3:o:dell:inspiron_5485_2-in-1_firmware::::::::	1	OR	2.11.0
cpe:2.3:h:dell:inspiron_5485_2-in-1:-:::::::*	0	OR
		AND
cpe:2.3:o:dell:inspiron_5505_firmware::::::::	1	OR	1.9.0
cpe:2.3:h:dell:inspiron_5505:-:::::::*	0	OR
		AND
cpe:2.3:o:dell:inspiron_5510_firmware::::::::	1	OR	2.15.2
cpe:2.3:h:dell:inspiron_5510:-:::::::*	0	OR
		AND
cpe:2.3:o:dell:inspiron_5515_firmware::::::::	1	OR	1.13.0
cpe:2.3:h:dell:inspiron_5515:-:::::::*	0	OR
		AND
cpe:2.3:o:dell:inspiron_5585_firmware::::::::	1	OR	2.11.0
cpe:2.3:h:dell:inspiron_5585:-:::::::*	0	OR
		AND
cpe:2.3:o:dell:inspiron_7405_2-in-1_firmware::::::::	1	OR	1.10.1
cpe:2.3:h:dell:inspiron_7405_2-in-1:-:::::::*	0	OR
		AND
cpe:2.3:o:dell:inspiron_7415_firmware::::::::	1	OR	1.13.0
cpe:2.3:h:dell:inspiron_7415:-:::::::*	0	OR
		AND
cpe:2.3:o:dell:inspiron_7425_firmware::::::::	1	OR	1.5.0
cpe:2.3:h:dell:inspiron_7425:-:::::::*	0	OR
		AND
cpe:2.3:o:dell:inspiron_7510_firmware::::::::	1	OR	1.12.0
cpe:2.3:h:dell:inspiron_7510:-:::::::*	0	OR
		AND
cpe:2.3:o:dell:inspiron_7610_firmware::::::::	1	OR	1.12.0
cpe:2.3:h:dell:inspiron_7610:-:::::::*	0	OR
		AND
cpe:2.3:o:dell:latitude_3320_firmware::::::::	1	OR	1.18.2
cpe:2.3:h:dell:latitude_3320:-:::::::*	0	OR
		AND
cpe:2.3:o:dell:latitude_3420_firmware::::::::	1	OR	1.23.2
cpe:2.3:h:dell:latitude_3420:-:::::::*	0	OR
		AND
cpe:2.3:o:dell:latitude_3520_firmware::::::::	1	OR	1.23.2
cpe:2.3:h:dell:latitude_3520:-:::::::*	0	OR
		AND
cpe:2.3:o:dell:latitude_5320_firmware::::::::	1	OR	1.24.3
cpe:2.3:h:dell:latitude_5320:-:::::::*	0	OR
		AND
cpe:2.3:o:dell:latitude_5420_firmware::::::::	1	OR	1.22.0
cpe:2.3:h:dell:latitude_5420:-:::::::*	0	OR
		AND
cpe:2.3:o:dell:latitude_5520_firmware::::::::	1	OR	1.24.3
cpe:2.3:h:dell:latitude_5520:-:::::::*	0	OR
		AND
cpe:2.3:o:dell:latitude_5521_firmware::::::::	1	OR	1.17.3
cpe:2.3:h:dell:latitude_5521:-:::::::*	0	OR
		AND
cpe:2.3:o:dell:latitude_7320_firmware::::::::	1	OR	1.20.0
cpe:2.3:h:dell:latitude_7320:-:::::::*	0	OR
		AND
cpe:2.3:o:dell:latitude_7320_detachable_firmware::::::::	1	OR	1.17.2
cpe:2.3:h:dell:latitude_7320_detachable:-:::::::*	0	OR
		AND
cpe:2.3:o:dell:latitude_7420_firmware::::::::	1	OR	1.20.0
cpe:2.3:h:dell:latitude_7420:-:::::::*	0	OR
		AND
cpe:2.3:o:dell:latitude_7520_firmware::::::::	1	OR	1.20.0
cpe:2.3:h:dell:latitude_7520:-:::::::*	0	OR
		AND
cpe:2.3:o:dell:latitude_9420_firmware::::::::	1	OR	1.16.2
cpe:2.3:h:dell:latitude_9420:-:::::::*	0	OR
		AND
cpe:2.3:o:dell:latitude_9520_firmware::::::::	1	OR	1.17.0
cpe:2.3:h:dell:latitude_9520:-:::::::*	0	OR
		AND
cpe:2.3:o:dell:latitude_rugged_5430_firmware::::::::	1	OR	1.12.0
cpe:2.3:h:dell:latitude_rugged_5430:-:::::::*	0	OR
		AND
cpe:2.3:o:dell:latitude_rugged_7330_firmware::::::::	1	OR	1.12.0
cpe:2.3:h:dell:latitude_rugged_7330:-:::::::*	0	OR
		AND
cpe:2.3:o:dell:latitude_5421_firmware::::::::	1	OR	1.15.0
cpe:2.3:h:dell:latitude_5421:-:::::::*	0	OR
		AND
cpe:2.3:o:dell:optiplex_5090_firmware::::::::	1	OR	1.12.0
cpe:2.3:h:dell:optiplex_5090:-:::::::*	0	OR
		AND
cpe:2.3:o:dell:optiplex_5490_all-in-one_firmware::::::::	1	OR	1.15.0
cpe:2.3:h:dell:optiplex_5490_all-in-one:-:::::::*	0	OR
		AND
cpe:2.3:o:dell:optiplex_7090_tower_firmware::::::::	1	OR	1.12.0
cpe:2.3:h:dell:optiplex_7090_tower:-:::::::*	0	OR
		AND
cpe:2.3:o:dell:optiplex_7090_ultra_firmware::::::::	1	OR	1.15.0
cpe:2.3:h:dell:optiplex_7090_ultra:-:::::::*	0	OR
		AND
cpe:2.3:o:dell:optiplex_7090_aio_firmware::::::::	1	OR	1.15.0
cpe:2.3:h:dell:optiplex_7090_aio:-:::::::*	0	OR
		AND
cpe:2.3:o:dell:precision_3450_firmware::::::::	1	OR	1.12.0
cpe:2.3:h:dell:precision_3450:-:::::::*	0	OR
		AND
cpe:2.3:o:dell:precision_3560_firmware::::::::	1	OR	1.24.3
cpe:2.3:h:dell:precision_3560:-:::::::*	0	OR
		AND
cpe:2.3:o:dell:precision_3561_firmware::::::::	1	OR	1.17.3
cpe:2.3:h:dell:precision_3561:-:::::::*	0	OR
		AND
cpe:2.3:o:dell:precision_3650_tower_firmware::::::::	1	OR	1.16.0
cpe:2.3:h:dell:precision_3650_tower:-:::::::*	0	OR
		AND
cpe:2.3:o:dell:precision_5560_firmware::::::::	1	OR	1.15.2
cpe:2.3:h:dell:precision_5560:-:::::::*	0	OR
		AND
cpe:2.3:o:dell:precision_5760_firmware::::::::	1	OR	1.15.2
cpe:2.3:h:dell:precision_5760:-:::::::*	0	OR
		AND
cpe:2.3:o:dell:precision_7560_firmware::::::::	1	OR	1.16.0
cpe:2.3:h:dell:precision_7560:-:::::::*	0	OR
		AND
cpe:2.3:o:dell:precision_7760_firmware::::::::	1	OR	1.16.0
cpe:2.3:h:dell:precision_7760:-:::::::*	0	OR
		AND
cpe:2.3:o:dell:vostro_3405_firmware::::::::	1	OR	1.9.0
cpe:2.3:h:dell:vostro_3405:-:::::::*	0	OR
		AND
cpe:2.3:o:dell:vostro_3425_firmware::::::::	1	OR	1.5.0
cpe:2.3:h:dell:vostro_3425:-:::::::*	0	OR
		AND
cpe:2.3:o:dell:vostro_3510_firmware::::::::	1	OR	1.18.2
cpe:2.3:h:dell:vostro_3510:-:::::::*	0	OR
		AND
cpe:2.3:o:dell:vostro_3515_firmware::::::::	1	OR	1.9.0
cpe:2.3:h:dell:vostro_3515:-:::::::*	0	OR
		AND
cpe:2.3:o:dell:vostro_3525_firmware::::::::	1	OR	1.5.0
cpe:2.3:h:dell:vostro_3525:-:::::::*	0	OR
		AND
cpe:2.3:o:dell:vostro_3690_firmware::::::::	1	OR	1.12.0
cpe:2.3:h:dell:vostro_3690:-:::::::*	0	OR
		AND
cpe:2.3:o:dell:vostro_3890_firmware::::::::	1	OR	1.12.0
cpe:2.3:h:dell:vostro_3890:-:::::::*	0	OR
		AND
cpe:2.3:o:dell:vostro_5310_firmware::::::::	1	OR	2.15.0
cpe:2.3:h:dell:vostro_5310:-:::::::*	0	OR
		AND
cpe:2.3:o:dell:vostro_5410_firmware::::::::	1	OR	2.15.2
cpe:2.3:h:dell:vostro_5410:-:::::::*	0	OR
		AND
cpe:2.3:o:dell:vostro_5415_firmware::::::::	1	OR	1.13.0
cpe:2.3:h:dell:vostro_5415:-:::::::*	0	OR
		AND
cpe:2.3:o:dell:vostro_5510_firmware::::::::	1	OR	2.15.2
cpe:2.3:h:dell:vostro_5510:-:::::::*	0	OR
		AND
cpe:2.3:o:dell:vostro_5515_firmware::::::::	1	OR	1.13.0
cpe:2.3:h:dell:vostro_5515:-:::::::*	0	OR
		AND
cpe:2.3:o:dell:vostro_5625_firmware::::::::	1	OR	1.5.0
cpe:2.3:h:dell:vostro_5625:-:::::::*	0	OR
		AND
cpe:2.3:o:dell:vostro_5890_firmware::::::::	1	OR	1.12.0
cpe:2.3:h:dell:vostro_5890:-:::::::*	0	OR
		AND
cpe:2.3:o:dell:vostro_7510_firmware::::::::	1	OR	1.12.0
cpe:2.3:h:dell:vostro_7510:-:::::::*	0	OR
		AND
cpe:2.3:o:dell:xps_15_9510_firmware::::::::	1	OR	1.15.2
cpe:2.3:h:dell:xps_15_9510:-:::::::*	0	OR
		AND
cpe:2.3:o:dell:xps_17_9710_firmware::::::::	1	OR	1.15.2
cpe:2.3:h:dell:xps_17_9710:-:::::::*	0	OR

References

Reference URL	Reference Tags
https://www.dell.com/support/kbdoc/000205716	Vendor Advisory

Sources

Source Name	Source URL
NIST	https://nvd.nist.gov/vuln/detail/CVE-2022-34403
MITRE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34403

History

Created	Old Value	New Value	Data Type	Notes
2023-04-17 07:02:27				Added to TrackCVE
2023-04-17 07:02:30			Weakness Enumeration	new