CVE-2022-26864

Prior Dell BIOS versions contain an Input Validation vulnerability. A locally authenticated malicious user could potentially exploit this vulnerability by sending malicious input to an SMI in order to bypass security controls in SMM.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.3 MEDIUM
LOCAL
LOW
HIGH
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L
dellCNA
6.3 MEDIUM
LOCAL
LOW
HIGH
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
VendorProductVersion
dellalienware_m15_r5_firmware
𝑥
< 1.5.0
dellg15_5515_firmware
𝑥
< 1.6.0
dellg5_se_5505_firmware
𝑥
< 1.11.0
dellinspiron_27_7775_firmware
𝑥
< 2.16.1
dellinspiron_14_5425_firmware
𝑥
< 1.2.1
dellinspiron_3275_firmware
𝑥
< 1.9.0
dellinspiron_3475_firmware
𝑥
< 1.9.0
dellinspiron_3180_firmware
𝑥
< 1.4.4
dellinspiron_3185_firmware
𝑥
< 1.4.4
dellinspiron_3195_firmware
𝑥
< 1.4.1
dellinspiron_3505_firmware
𝑥
< 1.6.0
dellinspiron_3515_firmware
𝑥
< 1.5.0
dellinspiron_3525_firmware
𝑥
< 1.3.0
dellinspiron_3585_firmware
𝑥
< 1.7.0
dellinspiron_3595_firmware
𝑥
< 1.3.0
dellinspiron_3785_firmware
𝑥
< 1.7.0
dellinspiron_5405_firmware
𝑥
< 1.7.0
dellinspiron_5415_firmware
𝑥
< 1.9.0
dellinspiron_5415_all-in-one_firmware
𝑥
< 1.5.0
dellinspiron_5485_firmware
𝑥
< 2.8.0
dellinspiron_5505_firmware
𝑥
< 1.7.0
dellinspiron_5515_firmware
𝑥
< 1.9.0
dellinspiron_5575_firmware
𝑥
< 1.6.0
dellinspiron_5585_firmware
𝑥
< 2.8.0
dellinspiron_7375_firmware
𝑥
< 1.7.0
dellinspiron_7405_firmware
𝑥
< 1.8.0
dellinspiron_7415_firmware
𝑥
< 1.9.0
dellinspiron_7425_firmware
𝑥
< 1.2.1
dellvostro_3405_firmware
𝑥
< 1.6.0
dellvostro_3515_firmware
𝑥
< 1.5.0
dellvostro_3525_firmware
𝑥
< 1.3.0
dellvostro_5415_firmware
𝑥
< 1.9.0
dellvostro_5515_firmware
𝑥
< 1.9.0
dellvostro_5625_firmware
𝑥
< 1.2.1
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.dell.com/support/kbdoc/en-us/000200568/dsa-2022-096
https://www.dell.com/support/kbdoc/en-us/000200568/dsa-2022-096