CVE-2022-31226

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2022-31226
Dell BIOS versions contain a Stack-based Buffer Overflow vulnerability. A local authenticated malicious user could potentially exploit this vulnerability by sending excess data to a function in order to gain arbitrary code execution on the system.

7.8 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://www.dell.com/support/kbdoc/000202196 Patch Vendor Advisory
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:dell:chengming_3900_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:chengming_3900:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:dell:inspiron_14_plus_7420_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:inspiron_14_plus_7420:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:dell:inspiron_16_plus_7620_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:inspiron_16_plus_7620:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:dell:inspiron_3910_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:inspiron_3910:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:dell:inspiron_5320_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:inspiron_5320:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:o:dell:inspiron_5420_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:inspiron_5420:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
cpe:2.3:o:dell:inspiron_5620_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:inspiron_5620:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND
cpe:2.3:o:dell:inspiron_7420_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:inspiron_7420:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND
cpe:2.3:o:dell:inspiron_7620_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:inspiron_7620:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND
cpe:2.3:o:dell:optiplex_3000_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:optiplex_3000:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND
cpe:2.3:o:dell:optiplex_3000_thin_client_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:optiplex_3000_thin_client:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND
cpe:2.3:o:dell:optiplex_5000_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:optiplex_5000:-:*:*:*:*:*:*:*

Configuration 13 (hide)

AND
cpe:2.3:o:dell:optiplex_5400_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:optiplex_5400:-:*:*:*:*:*:*:*

Configuration 14 (hide)

AND
cpe:2.3:o:dell:optiplex_7000_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:optiplex_7000:-:*:*:*:*:*:*:*

Configuration 15 (hide)

AND
cpe:2.3:o:dell:optiplex_7000_oem_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:optiplex_7000_oem:-:*:*:*:*:*:*:*

Configuration 16 (hide)

AND
cpe:2.3:o:dell:optiplex_7400_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:optiplex_7400:-:*:*:*:*:*:*:*

Configuration 17 (hide)

AND
cpe:2.3:o:dell:precision_3460_small_form_factor_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:precision_3460_small_form_factor:-:*:*:*:*:*:*:*

Configuration 18 (hide)

AND
cpe:2.3:o:dell:precision_3660_tower_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:precision_3660_tower:-:*:*:*:*:*:*:*

Configuration 19 (hide)

AND
cpe:2.3:o:dell:precision_5770_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:precision_5770:-:*:*:*:*:*:*:*

Configuration 20 (hide)

AND
cpe:2.3:o:dell:vostro_3710_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:vostro_3710:-:*:*:*:*:*:*:*

Configuration 21 (hide)

AND
cpe:2.3:o:dell:vostro_3910_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:vostro_3910:-:*:*:*:*:*:*:*

Configuration 22 (hide)

AND
cpe:2.3:o:dell:vostro_5320_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:vostro_5320:-:*:*:*:*:*:*:*

Configuration 23 (hide)

AND
cpe:2.3:o:dell:vostro_5620_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:vostro_5620:-:*:*:*:*:*:*:*

Configuration 24 (hide)

AND
cpe:2.3:o:dell:vostro_7620_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:vostro_7620:-:*:*:*:*:*:*:*

Configuration 25 (hide)

AND
cpe:2.3:o:dell:xps_17_9720_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:xps_17_9720:-:*:*:*:*:*:*:*
History

15 Sep 2022, 19:25

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 7.8
CWE CWE-787
References (MISC) https://www.dell.com/support/kbdoc/000202196 - (MISC) https://www.dell.com/support/kbdoc/000202196 - Patch, Vendor Advisory
CPE cpe:2.3:h:dell:xps_17_9720:-:*:*:*:*:*:*:*
cpe:2.3:h:dell:inspiron_7620:-:*:*:*:*:*:*:*
cpe:2.3:o:dell:vostro_7620_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:dell:inspiron_7620_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:dell:inspiron_16_plus_7620_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:dell:optiplex_7400_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:inspiron_5420:-:*:*:*:*:*:*:*
cpe:2.3:h:dell:optiplex_7000:-:*:*:*:*:*:*:*
cpe:2.3:o:dell:optiplex_3000_thin_client_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:precision_3460_small_form_factor:-:*:*:*:*:*:*:*
cpe:2.3:h:dell:inspiron_16_plus_7620:-:*:*:*:*:*:*:*
cpe:2.3:h:dell:optiplex_3000:-:*:*:*:*:*:*:*
cpe:2.3:h:dell:optiplex_5400:-:*:*:*:*:*:*:*
cpe:2.3:h:dell:optiplex_7000_oem:-:*:*:*:*:*:*:*
cpe:2.3:h:dell:precision_3660_tower:-:*:*:*:*:*:*:*
cpe:2.3:o:dell:precision_3660_tower_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:vostro_3710:-:*:*:*:*:*:*:*
cpe:2.3:o:dell:inspiron_7420_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:inspiron_7420:-:*:*:*:*:*:*:*
cpe:2.3:o:dell:vostro_5620_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:inspiron_14_plus_7420:-:*:*:*:*:*:*:*
cpe:2.3:o:dell:precision_3460_small_form_factor_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:dell:vostro_5320_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:dell:xps_17_9720_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:optiplex_7400:-:*:*:*:*:*:*:*
cpe:2.3:o:dell:optiplex_3000_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:vostro_5320:-:*:*:*:*:*:*:*
cpe:2.3:o:dell:optiplex_7000_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:dell:optiplex_5400_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:dell:chengming_3900_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:dell:inspiron_5620_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:chengming_3900:-:*:*:*:*:*:*:*
cpe:2.3:h:dell:vostro_7620:-:*:*:*:*:*:*:*
cpe:2.3:h:dell:precision_5770:-:*:*:*:*:*:*:*
cpe:2.3:o:dell:inspiron_14_plus_7420_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:inspiron_5320:-:*:*:*:*:*:*:*
cpe:2.3:o:dell:vostro_3710_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:optiplex_5000:-:*:*:*:*:*:*:*
cpe:2.3:h:dell:inspiron_3910:-:*:*:*:*:*:*:*
cpe:2.3:o:dell:inspiron_5320_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:dell:optiplex_5000_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:dell:precision_5770_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:inspiron_5620:-:*:*:*:*:*:*:*
cpe:2.3:o:dell:inspiron_5420_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:optiplex_3000_thin_client:-:*:*:*:*:*:*:*
cpe:2.3:o:dell:inspiron_3910_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:dell:vostro_3910_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:vostro_3910:-:*:*:*:*:*:*:*
cpe:2.3:o:dell:optiplex_7000_oem_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:vostro_5620:-:*:*:*:*:*:*:*
First Time Dell precision 3660 Tower Firmware
Dell inspiron 16 Plus 7620 Firmware
Dell optiplex 7000 Oem
Dell vostro 3710
Dell vostro 5320 Firmware
Dell vostro 3910
Dell chengming 3900
Dell inspiron 7620
Dell vostro 7620 Firmware
Dell optiplex 7400
Dell precision 3460 Small Form Factor Firmware
Dell optiplex 5000
Dell inspiron 5620 Firmware
Dell inspiron 7620 Firmware
Dell vostro 3910 Firmware
Dell inspiron 14 Plus 7420
Dell precision 5770
Dell inspiron 16 Plus 7620
Dell optiplex 7400 Firmware
Dell inspiron 3910 Firmware
Dell inspiron 5620
Dell vostro 5620
Dell precision 5770 Firmware
Dell optiplex 3000 Thin Client
Dell optiplex 3000 Firmware
Dell optiplex 5400
Dell inspiron 5420
Dell precision 3460 Small Form Factor
Dell xps 17 9720 Firmware
Dell optiplex 3000 Thin Client Firmware
Dell vostro 5320
Dell optiplex 7000 Oem Firmware
Dell chengming 3900 Firmware
Dell optiplex 5000 Firmware
Dell
Dell inspiron 5320 Firmware
Dell vostro 3710 Firmware
Dell inspiron 7420 Firmware
Dell precision 3660 Tower
Dell optiplex 7000 Firmware
Dell xps 17 9720
Dell optiplex 7000
Dell inspiron 14 Plus 7420 Firmware
Dell inspiron 5420 Firmware
Dell vostro 7620
Dell optiplex 5400 Firmware
Dell vostro 5620 Firmware
Dell optiplex 3000
Dell inspiron 3910
Dell inspiron 5320
Dell inspiron 7420

12 Sep 2022, 19:15

Type Values Removed Values Added
New CVE
Information

Published : 2022-09-12 19:15

Updated : 2023-12-10 14:35

NVD link : CVE-2022-31226

Mitre link : CVE-2022-31226

CVE.ORG link : CVE-2022-31226

JSON object : View

Products Affected

dell

  • vostro_3910_firmware
  • vostro_5620
  • vostro_5620_firmware
  • vostro_7620_firmware
  • inspiron_5420_firmware
  • optiplex_3000_thin_client_firmware
  • optiplex_7400_firmware
  • chengming_3900_firmware
  • chengming_3900
  • inspiron_3910_firmware
  • precision_3660_tower
  • inspiron_7620
  • optiplex_3000_thin_client
  • inspiron_14_plus_7420
  • inspiron_5320_firmware
  • inspiron_5420
  • precision_5770_firmware
  • vostro_3710
  • optiplex_5400
  • vostro_5320
  • vostro_3710_firmware
  • optiplex_7000_firmware
  • optiplex_5000_firmware
  • xps_17_9720
  • optiplex_7000_oem_firmware
  • vostro_5320_firmware
  • precision_3660_tower_firmware
  • vostro_3910
  • inspiron_7620_firmware
  • inspiron_7420
  • inspiron_5320
  • precision_3460_small_form_factor_firmware
  • optiplex_5000
  • inspiron_5620_firmware
  • optiplex_3000
  • inspiron_7420_firmware
  • precision_3460_small_form_factor
  • inspiron_3910
  • inspiron_16_plus_7620_firmware
  • inspiron_5620
  • inspiron_16_plus_7620
  • optiplex_7000_oem
  • optiplex_5400_firmware
  • optiplex_7000
  • vostro_7620
  • xps_17_9720_firmware
  • optiplex_7400
  • optiplex_3000_firmware
  • precision_5770
  • inspiron_14_plus_7420_firmware
CWE
CWE-787

Out-of-bounds Write

CWE-121

Stack-based Buffer Overflow