CVSS: 7.5EPSS: 0%CPEs: 482EXPL: 0CVE-2022-34398
https://notcve.org/view.php?id=CVE-2022-34398
Dell BIOS contains a Time-of-check Time-of-use vulnerability. A local authenticated malicious user could\u00a0potentially exploit this vulnerability by using a specifically timed DMA transaction during an SMI to gain arbitrary code execution on the system. • https://www.dell.com/support/kbdoc/000206038 • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •
CVSS: 7.5EPSS: 0%CPEs: 671EXPL: 0CVE-2021-36343
https://notcve.org/view.php?id=CVE-2021-36343
Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM. Dell BIOS contiene una vulnerabilidad de comprobación de entrada inapropiada. Un usuario local malicioso y autenticado podría explotar esta vulnerabilidad al usar un SMI para conseguir una ejecución de código arbitrario en la SMRAM • https://www.dell.com/support/kbdoc/en-us/000193321/dsa-2021-240 • CWE-20: Improper Input Validation CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •