CVE-2022-34399 - Vulnerability Details

Dell Alienware m17 R5 BIOS version prior to 1.2.2 contain a buffer access vulnerability. A malicious user with admin privileges could potentially exploit this vulnerability by sending input larger than expected in order to leak certain sections of SMRAM.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact Low

Integrity Impact High

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00052.

Exploitation none

Automatable no

Technical Impact partial

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Dell

CPG BIOS

unaffected

Version	Status	Constraints
`0`	affected	< 1.2.2

Configuration 1 [-]

AND

cpe:2.3:o:dell:alienware_m15_a6_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:alienware_m15_a6:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:dell:alienware_m15_ryzen_edition_r5_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:alienware_m15_ryzen_edition_r5:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:dell:alienware_m17_ryzen_edition_r5_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:alienware_m17_ryzen_edition_r5:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:dell:g15_5515_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:g15_5515:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:dell:g15_5525_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:g15_5525:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND

cpe:2.3:o:dell:inspiron_3505_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:inspiron_3505:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND

cpe:2.3:o:dell:inspiron_3515_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:inspiron_3515:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND

cpe:2.3:o:dell:inspiron_3525_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:inspiron_3525:-:*:*:*:*:*:*:*

Configuration 9 [-]

AND

cpe:2.3:o:dell:inspiron_3585_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:inspiron_3585:-:*:*:*:*:*:*:*

Configuration 10 [-]

AND

cpe:2.3:o:dell:inspiron_3595_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:inspiron_3595:-:*:*:*:*:*:*:*

Configuration 11 [-]

AND

cpe:2.3:o:dell:inspiron_3785_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:inspiron_3785:-:*:*:*:*:*:*:*

Configuration 12 [-]

AND

cpe:2.3:o:dell:vostro_3405_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:vostro_3405:-:*:*:*:*:*:*:*

Configuration 13 [-]

AND

cpe:2.3:o:dell:vostro_3425_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:vostro_3425:-:*:*:*:*:*:*:*

Configuration 14 [-]

AND

cpe:2.3:o:dell:vostro_3515_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:vostro_3515:-:*:*:*:*:*:*:*

Configuration 15 [-]

AND

cpe:2.3:o:dell:vostro_3525_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:vostro_3525:-:*:*:*:*:*:*:*

No data.

Project Subscriptions

Vendors	Products
Dell Subscribe	Alienware M15 A6 Subscribe Alienware M15 A6 Firmware Subscribe Alienware M15 Ryzen Edition R5 Subscribe Alienware M15 Ryzen Edition R5 Firmware Subscribe Alienware M17 Ryzen Edition R5 Subscribe Alienware M17 Ryzen Edition R5 Firmware Subscribe G15 5515 Subscribe G15 5515 Firmware Subscribe G15 5525 Subscribe G15 5525 Firmware Subscribe Inspiron 3505 Subscribe Inspiron 3505 Firmware Subscribe Inspiron 3515 Subscribe Inspiron 3515 Firmware Subscribe Inspiron 3525 Subscribe Inspiron 3525 Firmware Subscribe Inspiron 3585 Subscribe Inspiron 3585 Firmware Subscribe Inspiron 3595 Subscribe Inspiron 3595 Firmware Subscribe Inspiron 3785 Subscribe Inspiron 3785 Firmware Subscribe Vostro 3405 Subscribe Vostro 3405 Firmware Subscribe Vostro 3425 Subscribe Vostro 3425 Firmware Subscribe Vostro 3515 Subscribe Vostro 3515 Firmware Subscribe Vostro 3525 Subscribe Vostro 3525 Firmware Subscribe

Advisories

Source	ID	Title
EUVD	EUVD-2022-37354	Dell Alienware m17 R5 BIOS version prior to 1.2.2 contain a buffer access vulnerability. A malicious user with admin privileges could potentially exploit this vulnerability by sending input larger than expected in order to leak certain sections of SMRAM.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://www.dell.com/support/kbdoc/en-us/000205329/dsa-2022-317-dell-client-security-update-for-dell-client-bios

History

Thu, 03 Apr 2025 18:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Projects

Sign in to view the affected projects.

MITRE

Status: PUBLISHED

Assigner: dell

Published: 2023-01-18T11:20:21.705Z

Updated: 2025-04-03T18:06:10.706Z

Reserved: 2022-06-23T18:55:17.098Z

Link: CVE-2022-34399

Vulnrichment

Updated: 2024-08-03T09:07:16.347Z

NVD

Status : Modified

Published: 2023-01-18T12:15:10.297

Modified: 2024-11-21T07:09:26.500

Link: CVE-2022-34399

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact Low

Integrity Impact High

Availability Impact None

User Interaction None

Exploitation none

Automatable no

Technical Impact partial

Project Subscriptions

Projects

JSON object

JSON object

JSON object

JSON object

JSON object