CVE-2022-34390

Dell BIOS contains a use of uninitialized variable vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM.

CVSS v3 7.8 HIGH

7.8^/10

CVSS v3 : HIGH

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://www.dell.com/support/kbdoc/000203882	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:dell:alienware_area-51_r5_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:alienware_area-51_r5:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:dell:alienware_area-51_r4_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:alienware_area-51_r4:-:*:*:*:*:*:*:*

History

13 Oct 2022, 18:25

Type	Values Removed	Values Added
CPE		cpe:2.3:o:dell:alienware_area-51_r4_firmware:::::::: cpe:2.3:o:dell:alienware_area-51_r5_firmware:::::::: cpe:2.3:h:dell:alienware_area-51_r4:-:::::::* cpe:2.3:h:dell:alienware_area-51_r5:-:::::::*
References	~~(MISC) https://www.dell.com/support/kbdoc/000203882 -~~	(MISC) https://www.dell.com/support/kbdoc/000203882 - Vendor Advisory
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 7.8
CWE		CWE-908
First Time		Dell alienware Area-51 R5 Dell alienware Area-51 R4 Dell alienware Area-51 R5 Firmware Dell Dell alienware Area-51 R4 Firmware

12 Oct 2022, 20:21

Type	Values Removed	Values Added
New CVE

Information

Published : 2022-10-12 20:15

Updated : 2023-12-10 14:35

NVD link : CVE-2022-34390

Mitre link : CVE-2022-34390

CVE.ORG link : CVE-2022-34390

JSON object : View

Products Affected

dell

alienware_area-51_r5
alienware_area-51_r4
alienware_area-51_r5_firmware
alienware_area-51_r4_firmware

CWE

CWE-908

Use of Uninitialized Resource

CWE-457

Use of Uninitialized Variable

{"id": "CVE-2022-34390", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}, {"type": "Secondary", "source": "security_alert@emc.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 6.0, "exploitabilityScore": 0.8}]}, "published": "2022-10-12T20:15:11.117", "references": [{"url": "https://www.dell.com/support/kbdoc/000203882", "tags": ["Vendor Advisory"], "source": "security_alert@emc.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-908"}]}, {"type": "Secondary", "source": "security_alert@emc.com", "description": [{"lang": "en", "value": "CWE-457"}]}], "descriptions": [{"lang": "en", "value": "Dell BIOS contains a use of uninitialized variable vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM."}, {"lang": "es", "value": "Dell BIOS contiene una vulnerabilidad de uso de variables no inicializadas. Un usuario malicioso autenticado localmente puede explotar potencialmente esta vulnerabilidad al usar una SMI para conseguir una ejecuci\u00f3n de c\u00f3digo arbitrario en la SMRAM"}], "lastModified": "2022-10-13T18:25:59.807", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:dell:alienware_area-51_r5_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1EA2C555-09DA-414E-8D45-EC918C8810BE", "versionEndExcluding": "2.0.6"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:dell:alienware_area-51_r5:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "2C06505A-EA9C-4F4A-8361-D115AE143358"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:dell:alienware_area-51_r4_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "111F8269-8B83-41C1-8884-7888EDD0BF2E", "versionEndExcluding": "2.0.6"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:dell:alienware_area-51_r4:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "776E24AF-9F3A-48B4-87D2-277616AFD21E"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "security_alert@emc.com"}