CVSS: 8.8EPSS: 0%CPEs: 166EXPL: 0CVE-2022-34403
https://notcve.org/view.php?id=CVE-2022-34403
Dell BIOS contains a Stack based buffer overflow vulnerability. A local authenticated attacker could potentially exploit this vulnerability by using an SMI to send larger than expected input to a parameter to gain arbitrary code execution in SMRAM. • https://www.dell.com/support/kbdoc/000205716 • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 7.1EPSS: 0%CPEs: 166EXPL: 0CVE-2022-34400
https://notcve.org/view.php?id=CVE-2022-34400
Dell BIOS contains a heap buffer overflow vulnerability. A local attacker with admin privileges could potentially exploit this vulnerability to perform an arbitrary write to SMRAM during SMM. • https://www.dell.com/support/kbdoc/en-us/000205716/dsa-2022-327 • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 5.1EPSS: 0%CPEs: 30EXPL: 0CVE-2022-34399
https://notcve.org/view.php?id=CVE-2022-34399
Dell Alienware m17 R5 BIOS version prior to 1.2.2 contain a buffer access vulnerability. A malicious user with admin privileges could potentially exploit this vulnerability by sending input larger than expected in order to leak certain sections of SMRAM. Las versiones de BIOS Dell Alienware m17 R5 anteriores a 1.2.2 contienen una vulnerabilidad de acceso al búfer. Un usuario malintencionado con privilegios de administrador podría explotar esta vulnerabilidad enviando entradas mayores a las esperadas para filtrar ciertas secciones de SMRAM. • https://www.dell.com/support/kbdoc/en-us/000205329/dsa-2022-317-dell-client-security-update-for-dell-client-bios • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-805: Buffer Access with Incorrect Length Value •
CVSS: 7.8EPSS: 0%CPEs: 52EXPL: 0CVE-2022-34460
https://notcve.org/view.php?id=CVE-2022-34460
Prior Dell BIOS versions contain an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM. Las versiones anteriores del BIOS de Dell contienen una vulnerabilidad de validación de entrada incorrecta. Un usuario malicioso que se haya autenticado en local puede explotar esta vulnerabilidad utilizando un SMI para obtener la ejecución de código arbitrario en SMRAM. • https://www.dell.com/support/kbdoc/000204686 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 52EXPL: 0CVE-2022-34393
https://notcve.org/view.php?id=CVE-2022-34393
Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM. Dell BIOS contiene una vulnerabilidad de validación de entrada incorrecta. Un usuario malicioso autenticado local podría explotar esta vulnerabilidad utilizando un SMI para obtener la ejecución de código arbitrario en SMRAM. • https://www.dell.com/support/kbdoc/000204686 • CWE-20: Improper Input Validation •