CVE-2022-34403

Dell BIOS contains a Stack based buffer overflow vulnerability. A local authenticated attacker could potentially exploit this vulnerability by using an SMI to send larger than expected input to a parameter to gain arbitrary code execution in SMRAM.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 HIGH
LOCAL
HIGH
HIGH
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
dellCNA
7.5 HIGH
LOCAL
HIGH
HIGH
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
CVEADP
---
---
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 8%
VendorProductVersion
dellalienware_m15_r6_firmware
𝑥
< 1.17.0
dellalienware_m15_r7_firmware
𝑥
< 1.4.3
dellalienware_m15_ryzen_edition_r5_firmware
𝑥
< 1.8.0
dellalienware_m17_r5_amd_firmware
𝑥
< 1.4.3
dellg15_5510_firmware
𝑥
< 1.16.0
dellg15_5511_firmware
𝑥
< 1.18.0
dellg15_5515_firmware
𝑥
< 1.8.0
dellg15_5525_firmware
𝑥
< 1.4.3
dellg5_se_5505_firmware
𝑥
< 1.13.0
dellinspiron_14_5410_2-in-1_firmware
𝑥
< 2.15.2
dellinspiron_15_3511_firmware
𝑥
< 1.18.2
dellinspiron_3195_2-in-1_firmware
𝑥
< 1.6.0
dellinspiron_3275_firmware
𝑥
< 1.9.2
dellinspiron_3475_firmware
𝑥
< 1.9.2
dellinspiron_3505_firmware
𝑥
< 1.9.0
dellinspiron_3515_firmware
𝑥
< 1.9.0
dellinspiron_3525_firmware
𝑥
< 1.5.0
dellinspiron_3585_firmware
𝑥
< 1.10.0
dellinspiron_3595_firmware
𝑥
< 1.5.0
dellinspiron_3785_firmware
𝑥
< 1.10.0
dellinspiron_3891_firmware
𝑥
< 1.12.0
dellinspiron_5310_firmware
𝑥
< 2.15.0
dellinspiron_5405_firmware
𝑥
< 1.9.0
dellinspiron_5410_firmware
𝑥
< 2.14.0
dellinspiron_5415_firmware
𝑥
< 1.13.0
dellinspiron_5425_firmware
𝑥
< 1.5.0
dellinspiron_5485_firmware
𝑥
< 2.11.0
dellinspiron_5485_2-in-1_firmware
𝑥
< 2.11.0
dellinspiron_5505_firmware
𝑥
< 1.9.0
dellinspiron_5510_firmware
𝑥
< 2.15.2
dellinspiron_5515_firmware
𝑥
< 1.13.0
dellinspiron_5585_firmware
𝑥
< 2.11.0
dellinspiron_7405_2-in-1_firmware
𝑥
< 1.10.1
dellinspiron_7415_firmware
𝑥
< 1.13.0
dellinspiron_7425_firmware
𝑥
< 1.5.0
dellinspiron_7510_firmware
𝑥
< 1.12.0
dellinspiron_7610_firmware
𝑥
< 1.12.0
delllatitude_3320_firmware
𝑥
< 1.18.2
delllatitude_3420_firmware
𝑥
< 1.23.2
delllatitude_3520_firmware
𝑥
< 1.23.2
delllatitude_5320_firmware
𝑥
< 1.24.3
delllatitude_5420_firmware
𝑥
< 1.22.0
delllatitude_5520_firmware
𝑥
< 1.24.3
delllatitude_5521_firmware
𝑥
< 1.17.3
delllatitude_7320_firmware
𝑥
< 1.20.0
delllatitude_7320_detachable_firmware
𝑥
< 1.17.2
delllatitude_7420_firmware
𝑥
< 1.20.0
delllatitude_7520_firmware
𝑥
< 1.20.0
delllatitude_9420_firmware
𝑥
< 1.16.2
delllatitude_9520_firmware
𝑥
< 1.17.0
delllatitude_rugged_5430_firmware
𝑥
< 1.12.0
delllatitude_rugged_7330_firmware
𝑥
< 1.12.0
delllatitude_5421_firmware
𝑥
< 1.15.0
delloptiplex_5090_firmware
𝑥
< 1.12.0
delloptiplex_5490_all-in-one_firmware
𝑥
< 1.15.0
delloptiplex_7090_tower_firmware
𝑥
< 1.12.0
delloptiplex_7090_ultra_firmware
𝑥
< 1.15.0
delloptiplex_7090_aio_firmware
𝑥
< 1.15.0
dellprecision_3450_firmware
𝑥
< 1.12.0
dellprecision_3560_firmware
𝑥
< 1.24.3
dellprecision_3561_firmware
𝑥
< 1.17.3
dellprecision_3650_tower_firmware
𝑥
< 1.16.0
dellprecision_5560_firmware
𝑥
< 1.15.2
dellprecision_5760_firmware
𝑥
< 1.15.2
dellprecision_7560_firmware
𝑥
< 1.16.0
dellprecision_7760_firmware
𝑥
< 1.16.0
dellvostro_3405_firmware
𝑥
< 1.9.0
dellvostro_3425_firmware
𝑥
< 1.5.0
dellvostro_3510_firmware
𝑥
< 1.18.2
dellvostro_3515_firmware
𝑥
< 1.9.0
dellvostro_3525_firmware
𝑥
< 1.5.0
dellvostro_3690_firmware
𝑥
< 1.12.0
dellvostro_3890_firmware
𝑥
< 1.12.0
dellvostro_5310_firmware
𝑥
< 2.15.0
dellvostro_5410_firmware
𝑥
< 2.15.2
dellvostro_5415_firmware
𝑥
< 1.13.0
dellvostro_5510_firmware
𝑥
< 2.15.2
dellvostro_5515_firmware
𝑥
< 1.13.0
dellvostro_5625_firmware
𝑥
< 1.5.0
dellvostro_5890_firmware
𝑥
< 1.12.0
dellvostro_7510_firmware
𝑥
< 1.12.0
dellxps_15_9510_firmware
𝑥
< 1.15.2
dellxps_17_9710_firmware
𝑥
< 1.15.2
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.dell.com/support/kbdoc/000205716
https://www.dell.com/support/kbdoc/000205716