CVE-2022-31226

Dell BIOS versions contain a Stack-based Buffer Overflow vulnerability. A local authenticated malicious user could potentially exploit this vulnerability by sending excess data to a function in order to gain arbitrary code execution on the system.
References
Link Resource
https://www.dell.com/support/kbdoc/000202196 Patch Vendor Advisory
https://www.dell.com/support/kbdoc/000202196 Patch Vendor Advisory
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:dell:chengming_3900_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:chengming_3900:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:dell:inspiron_14_plus_7420_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:inspiron_14_plus_7420:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:dell:inspiron_16_plus_7620_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:inspiron_16_plus_7620:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:dell:inspiron_3910_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:inspiron_3910:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:dell:inspiron_5320_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:inspiron_5320:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:o:dell:inspiron_5420_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:inspiron_5420:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
cpe:2.3:o:dell:inspiron_5620_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:inspiron_5620:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND
cpe:2.3:o:dell:inspiron_7420_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:inspiron_7420:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND
cpe:2.3:o:dell:inspiron_7620_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:inspiron_7620:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND
cpe:2.3:o:dell:optiplex_3000_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:optiplex_3000:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND
cpe:2.3:o:dell:optiplex_3000_thin_client_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:optiplex_3000_thin_client:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND
cpe:2.3:o:dell:optiplex_5000_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:optiplex_5000:-:*:*:*:*:*:*:*

Configuration 13 (hide)

AND
cpe:2.3:o:dell:optiplex_5400_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:optiplex_5400:-:*:*:*:*:*:*:*

Configuration 14 (hide)

AND
cpe:2.3:o:dell:optiplex_7000_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:optiplex_7000:-:*:*:*:*:*:*:*

Configuration 15 (hide)

AND
cpe:2.3:o:dell:optiplex_7000_oem_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:optiplex_7000_oem:-:*:*:*:*:*:*:*

Configuration 16 (hide)

AND
cpe:2.3:o:dell:optiplex_7400_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:optiplex_7400:-:*:*:*:*:*:*:*

Configuration 17 (hide)

AND
cpe:2.3:o:dell:precision_3460_small_form_factor_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:precision_3460_small_form_factor:-:*:*:*:*:*:*:*

Configuration 18 (hide)

AND
cpe:2.3:o:dell:precision_3660_tower_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:precision_3660_tower:-:*:*:*:*:*:*:*

Configuration 19 (hide)

AND
cpe:2.3:o:dell:precision_5770_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:precision_5770:-:*:*:*:*:*:*:*

Configuration 20 (hide)

AND
cpe:2.3:o:dell:vostro_3710_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:vostro_3710:-:*:*:*:*:*:*:*

Configuration 21 (hide)

AND
cpe:2.3:o:dell:vostro_3910_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:vostro_3910:-:*:*:*:*:*:*:*

Configuration 22 (hide)

AND
cpe:2.3:o:dell:vostro_5320_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:vostro_5320:-:*:*:*:*:*:*:*

Configuration 23 (hide)

AND
cpe:2.3:o:dell:vostro_5620_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:vostro_5620:-:*:*:*:*:*:*:*

Configuration 24 (hide)

AND
cpe:2.3:o:dell:vostro_7620_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:vostro_7620:-:*:*:*:*:*:*:*

Configuration 25 (hide)

AND
cpe:2.3:o:dell:xps_17_9720_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:xps_17_9720:-:*:*:*:*:*:*:*

History

21 Nov 2024, 07:04

Type Values Removed Values Added
References () https://www.dell.com/support/kbdoc/000202196 - Patch, Vendor Advisory () https://www.dell.com/support/kbdoc/000202196 - Patch, Vendor Advisory
CVSS v2 : unknown
v3 : 7.8
v2 : unknown
v3 : 7.1

Information

Published : 2022-09-12 19:15

Updated : 2024-11-21 07:04


NVD link : CVE-2022-31226

Mitre link : CVE-2022-31226

CVE.ORG link : CVE-2022-31226


JSON object : View

Products Affected

dell

  • inspiron_16_plus_7620
  • inspiron_5620
  • precision_3460_small_form_factor_firmware
  • optiplex_3000_thin_client
  • vostro_3710
  • precision_3660_tower_firmware
  • optiplex_5000_firmware
  • optiplex_7000_oem_firmware
  • chengming_3900_firmware
  • precision_5770
  • vostro_3710_firmware
  • inspiron_14_plus_7420_firmware
  • vostro_5320
  • vostro_3910
  • xps_17_9720
  • inspiron_7620
  • inspiron_14_plus_7420
  • precision_3460_small_form_factor
  • inspiron_7620_firmware
  • inspiron_5620_firmware
  • precision_5770_firmware
  • vostro_7620_firmware
  • vostro_7620
  • vostro_5620
  • xps_17_9720_firmware
  • optiplex_5000
  • optiplex_3000
  • optiplex_3000_thin_client_firmware
  • vostro_5320_firmware
  • inspiron_7420
  • optiplex_7000_oem
  • vostro_3910_firmware
  • inspiron_5320_firmware
  • inspiron_5320
  • inspiron_16_plus_7620_firmware
  • optiplex_7400_firmware
  • vostro_5620_firmware
  • inspiron_7420_firmware
  • inspiron_5420_firmware
  • optiplex_7000
  • inspiron_3910_firmware
  • precision_3660_tower
  • inspiron_3910
  • optiplex_5400_firmware
  • optiplex_3000_firmware
  • optiplex_7000_firmware
  • optiplex_5400
  • inspiron_5420
  • optiplex_7400
  • chengming_3900
CWE
CWE-121

Stack-based Buffer Overflow

CWE-787

Out-of-bounds Write