CVE-2022-34390

Dell BIOS contains a use of uninitialized variable vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM.

CVSS v3 7.8 HIGH

7.8^/10

CVSS v3 : HIGH

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://www.dell.com/support/kbdoc/000203882	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:dell:alienware_area-51_r5_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:alienware_area-51_r5:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:dell:alienware_area-51_r4_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:alienware_area-51_r4:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2022-10-12 20:15

Updated : 2024-02-28 19:29

NVD link : CVE-2022-34390

Mitre link : CVE-2022-34390

CVE.ORG link : CVE-2022-34390

JSON object : View

Products Affected

dell

alienware_area-51_r4
alienware_area-51_r5
alienware_area-51_r5_firmware
alienware_area-51_r4_firmware

CWE

CWE-908

Use of Uninitialized Resource

CWE-457

Use of Uninitialized Variable

{"id": "CVE-2022-34390", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}, {"type": "Secondary", "source": "security_alert@emc.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 6.0, "exploitabilityScore": 0.8}]}, "published": "2022-10-12T20:15:11.117", "references": [{"url": "https://www.dell.com/support/kbdoc/000203882", "tags": ["Vendor Advisory"], "source": "security_alert@emc.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-908"}]}, {"type": "Secondary", "source": "security_alert@emc.com", "description": [{"lang": "en", "value": "CWE-457"}]}], "descriptions": [{"lang": "en", "value": "Dell BIOS contains a use of uninitialized variable vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM."}, {"lang": "es", "value": "Dell BIOS contiene una vulnerabilidad de uso de variables no inicializadas. Un usuario malicioso autenticado localmente puede explotar potencialmente esta vulnerabilidad al usar una SMI para conseguir una ejecuci\u00f3n de c\u00f3digo arbitrario en la SMRAM"}], "lastModified": "2022-10-13T18:25:59.807", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:dell:alienware_area-51_r5_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1EA2C555-09DA-414E-8D45-EC918C8810BE", "versionEndExcluding": "2.0.6"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:dell:alienware_area-51_r5:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "2C06505A-EA9C-4F4A-8361-D115AE143358"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:dell:alienware_area-51_r4_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "111F8269-8B83-41C1-8884-7888EDD0BF2E", "versionEndExcluding": "2.0.6"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:dell:alienware_area-51_r4:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "776E24AF-9F3A-48B4-87D2-277616AFD21E"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "security_alert@emc.com"}