CVE-2022-31226 - OpenCVE

Dell BIOS versions contain a Stack-based Buffer Overflow vulnerability. A local authenticated malicious user could potentially exploit this vulnerability by sending excess data to a function in order to gain arbitrary code execution on the system.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Dell	Chengming 3900 Chengming 3900 Firmware Inspiron 14 Plus 7420 Inspiron 14 Plus 7420 Firmware Inspiron 16 Plus 7620 Inspiron 16 Plus 7620 Firmware Inspiron 3910 Inspiron 3910 Firmware Inspiron 5320 Inspiron 5320 Firmware Inspiron 5420 Inspiron 5420 Firmware Inspiron 5620 Inspiron 5620 Firmware Inspiron 7420 Inspiron 7420 Firmware Inspiron 7620 Inspiron 7620 Firmware Optiplex 3000 Optiplex 3000 Firmware Optiplex 3000 Thin Client Optiplex 3000 Thin Client Firmware Optiplex 5000 Optiplex 5000 Firmware Optiplex 5400 Optiplex 5400 Firmware Optiplex 7000 Optiplex 7000 Firmware Optiplex 7000 Oem Optiplex 7000 Oem Firmware Optiplex 7400 Optiplex 7400 Firmware Precision 3460 Small Form Factor Precision 3460 Small Form Factor Firmware Precision 3660 Tower Precision 3660 Tower Firmware Precision 5770 Precision 5770 Firmware Vostro 3710 Vostro 3710 Firmware Vostro 3910 Vostro 3910 Firmware Vostro 5320 Vostro 5320 Firmware Vostro 5620 Vostro 5620 Firmware Vostro 7620 Vostro 7620 Firmware Xps 17 9720 Xps 17 9720 Firmware

Configuration 1 [-]

AND

cpe:2.3:o:dell:chengming_3900_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:chengming_3900:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:dell:inspiron_14_plus_7420_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:inspiron_14_plus_7420:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:dell:inspiron_16_plus_7620_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:inspiron_16_plus_7620:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:dell:inspiron_3910_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:inspiron_3910:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:dell:inspiron_5320_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:inspiron_5320:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND

cpe:2.3:o:dell:inspiron_5420_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:inspiron_5420:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND

cpe:2.3:o:dell:inspiron_5620_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:inspiron_5620:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND

cpe:2.3:o:dell:inspiron_7420_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:inspiron_7420:-:*:*:*:*:*:*:*

Configuration 9 [-]

AND

cpe:2.3:o:dell:inspiron_7620_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:inspiron_7620:-:*:*:*:*:*:*:*

Configuration 10 [-]

AND

cpe:2.3:o:dell:optiplex_3000_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:optiplex_3000:-:*:*:*:*:*:*:*

Configuration 11 [-]

AND

cpe:2.3:o:dell:optiplex_3000_thin_client_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:optiplex_3000_thin_client:-:*:*:*:*:*:*:*

Configuration 12 [-]

AND

cpe:2.3:o:dell:optiplex_5000_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:optiplex_5000:-:*:*:*:*:*:*:*

Configuration 13 [-]

AND

cpe:2.3:o:dell:optiplex_5400_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:optiplex_5400:-:*:*:*:*:*:*:*

Configuration 14 [-]

AND

cpe:2.3:o:dell:optiplex_7000_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:optiplex_7000:-:*:*:*:*:*:*:*

Configuration 15 [-]

AND

cpe:2.3:o:dell:optiplex_7000_oem_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:optiplex_7000_oem:-:*:*:*:*:*:*:*

Configuration 16 [-]

AND

cpe:2.3:o:dell:optiplex_7400_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:optiplex_7400:-:*:*:*:*:*:*:*

Configuration 17 [-]

AND

cpe:2.3:o:dell:precision_3460_small_form_factor_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:precision_3460_small_form_factor:-:*:*:*:*:*:*:*

Configuration 18 [-]

AND

cpe:2.3:o:dell:precision_3660_tower_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:precision_3660_tower:-:*:*:*:*:*:*:*

Configuration 19 [-]

AND

cpe:2.3:o:dell:precision_5770_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:precision_5770:-:*:*:*:*:*:*:*

Configuration 20 [-]

AND

cpe:2.3:o:dell:vostro_3710_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:vostro_3710:-:*:*:*:*:*:*:*

Configuration 21 [-]

AND

cpe:2.3:o:dell:vostro_3910_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:vostro_3910:-:*:*:*:*:*:*:*

Configuration 22 [-]

AND

cpe:2.3:o:dell:vostro_5320_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:vostro_5320:-:*:*:*:*:*:*:*

Configuration 23 [-]

AND

cpe:2.3:o:dell:vostro_5620_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:vostro_5620:-:*:*:*:*:*:*:*

Configuration 24 [-]

AND

cpe:2.3:o:dell:vostro_7620_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:vostro_7620:-:*:*:*:*:*:*:*

Configuration 25 [-]

AND

cpe:2.3:o:dell:xps_17_9720_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:xps_17_9720:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://www.dell.com/support/kbdoc/000202196

History

No history.

MITRE

Status: PUBLISHED

Assigner: dell

Published: 2022-09-12T18:35:22.684202Z

Updated: 2024-09-16T23:05:44.241Z

Reserved: 2022-05-19T00:00:00

Link: CVE-2022-31226

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2022-09-12T19:15:09.390

Modified: 2022-09-15T19:25:34.703

Link: CVE-2022-31226

Redhat

No data.

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact High

User Interaction None

Affected Vendors & Products

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact High

User Interaction None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object