Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM.





Metrics

No CVSS v4.0

Attack Vector Local

Attack Complexity High

Privileges Required High

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00028.

Exploitation none

Automatable no

Technical Impact total

Affected Vendors & Products

Vendors Products
Dell
  • G5 Se 5505
  • G5 Se 5505 Firmware
  • Inspiron 27 7775
  • Inspiron 27 7775 Firmware
  • Inspiron 3180
  • Inspiron 3180 Firmware
  • Inspiron 3185
  • Inspiron 3185 Firmware
  • Inspiron 3195 2-in-1
  • Inspiron 3195 2-in-1 Firmware
  • Inspiron 3275
  • Inspiron 3275 Firmware
  • Inspiron 3475
  • Inspiron 3475 Firmware
  • Inspiron 3505
  • Inspiron 3505 Firmware
  • Inspiron 3515
  • Inspiron 3515 Firmware
  • Inspiron 3585
  • Inspiron 3585 Firmware
  • Inspiron 3595
  • Inspiron 3595 Firmware
  • Inspiron 3785
  • Inspiron 3785 Firmware
  • Inspiron 5405
  • Inspiron 5405 Firmware
  • Inspiron 5415
  • Inspiron 5415 Firmware
  • Inspiron 5485
  • Inspiron 5485 2-in-1
  • Inspiron 5485 2-in-1 Firmware
  • Inspiron 5485 Firmware
  • Inspiron 5505
  • Inspiron 5505 Firmware
  • Inspiron 5515
  • Inspiron 5515 Firmware
  • Inspiron 5585
  • Inspiron 5585 Firmware
  • Inspiron 7375
  • Inspiron 7375 Firmware
  • Inspiron 7405 2-in-1
  • Inspiron 7405 2-in-1 Firmware
  • Inspiron 7415
  • Inspiron 7415 Firmware
  • Vostro 3405
  • Vostro 3405 Firmware
  • Vostro 3515
  • Vostro 3515 Firmware
  • Vostro 5415
  • Vostro 5415 Firmware
  • Vostro 5515
  • Vostro 5515 Firmware

Configuration 1 [-]

AND
cpe:2.3:o:dell:g5_se_5505_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:g5_se_5505:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND
cpe:2.3:o:dell:inspiron_27_7775_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:inspiron_27_7775:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND
cpe:2.3:o:dell:inspiron_3180_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:inspiron_3180:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND
cpe:2.3:o:dell:inspiron_3185_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:inspiron_3185:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND
cpe:2.3:o:dell:inspiron_3195_2-in-1_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:inspiron_3195_2-in-1:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND
cpe:2.3:o:dell:inspiron_3275_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:inspiron_3275:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND
cpe:2.3:o:dell:inspiron_3475_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:inspiron_3475:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND
cpe:2.3:o:dell:inspiron_3505_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:inspiron_3505:-:*:*:*:*:*:*:*

Configuration 9 [-]

AND
cpe:2.3:o:dell:inspiron_3515_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:inspiron_3515:-:*:*:*:*:*:*:*

Configuration 10 [-]

AND
cpe:2.3:o:dell:inspiron_3585_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:inspiron_3585:-:*:*:*:*:*:*:*

Configuration 11 [-]

AND
cpe:2.3:o:dell:inspiron_3595_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:inspiron_3595:-:*:*:*:*:*:*:*

Configuration 12 [-]

AND
cpe:2.3:o:dell:inspiron_3785_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:inspiron_3785:-:*:*:*:*:*:*:*

Configuration 13 [-]

AND
cpe:2.3:o:dell:inspiron_5405_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:inspiron_5405:-:*:*:*:*:*:*:*

Configuration 14 [-]

AND
cpe:2.3:o:dell:inspiron_5415_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:inspiron_5415:-:*:*:*:*:*:*:*

Configuration 15 [-]

AND
cpe:2.3:o:dell:inspiron_5485_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:inspiron_5485:-:*:*:*:*:*:*:*

Configuration 16 [-]

AND
cpe:2.3:o:dell:inspiron_5485_2-in-1_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:inspiron_5485_2-in-1:-:*:*:*:*:*:*:*

Configuration 17 [-]

AND
cpe:2.3:o:dell:inspiron_5505_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:inspiron_5505:-:*:*:*:*:*:*:*

Configuration 18 [-]

AND
cpe:2.3:o:dell:inspiron_5515_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:inspiron_5515:-:*:*:*:*:*:*:*

Configuration 19 [-]

AND
cpe:2.3:o:dell:inspiron_5585_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:inspiron_5585:-:*:*:*:*:*:*:*

Configuration 20 [-]

AND
cpe:2.3:o:dell:inspiron_7375_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:inspiron_7375:-:*:*:*:*:*:*:*

Configuration 21 [-]

AND
cpe:2.3:o:dell:inspiron_7405_2-in-1_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:inspiron_7405_2-in-1:-:*:*:*:*:*:*:*

Configuration 22 [-]

AND
cpe:2.3:o:dell:inspiron_7415_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:inspiron_7415:-:*:*:*:*:*:*:*

Configuration 23 [-]

AND
cpe:2.3:o:dell:vostro_3405_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:vostro_3405:-:*:*:*:*:*:*:*

Configuration 24 [-]

AND
cpe:2.3:o:dell:vostro_3515_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:vostro_3515:-:*:*:*:*:*:*:*

Configuration 25 [-]

AND
cpe:2.3:o:dell:vostro_5415_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:vostro_5415:-:*:*:*:*:*:*:*

Configuration 26 [-]

AND
cpe:2.3:o:dell:vostro_5515_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:vostro_5515:-:*:*:*:*:*:*:*

No data.

No data.

Advisories
Source ID Title
EUVD EUVD EUVD-2022-37348 Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM.
Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References
Link Providers
https://www.dell.com/support/kbdoc/000204686 cve-icon cve-icon
History

Thu, 03 Apr 2025 20:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}
cve-icon MITRE

Status: PUBLISHED

Assigner: dell

Published:

Updated: 2025-04-03T19:38:19.876Z

Reserved: 2022-06-23T18:55:17.093Z

Link: CVE-2022-34393

cve-icon Vulnrichment

Updated: 2024-08-03T09:07:16.287Z

cve-icon NVD

Status : Modified

Published: 2023-01-18T06:15:11.413

Modified: 2024-11-21T07:09:25.563

Link: CVE-2022-34393

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.