CVE-2022-34398
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
01/02/2023
Last modified:
19/12/2024
Description
<br />
Dell BIOS contains a Time-of-check Time-of-use vulnerability. A local authenticated malicious user could\u00a0potentially exploit this vulnerability by using a specifically timed DMA transaction during an SMI to gain arbitrary code execution on the system.<br />
<br />
<br />
<br />
<br />
<br />
Impact
Base Score 3.x
7.50
Severity 3.x
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:dell:alienware_area_51m_r1_firmware:*:*:*:*:*:*:*:* | 1.22.2 (excluding) | |
| cpe:2.3:h:dell:alienware_area_51m_r1:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:dell:alienware_area_51m_r2_firmware:*:*:*:*:*:*:*:* | 1.19.0 (excluding) | |
| cpe:2.3:h:dell:alienware_area_51m_r2:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:dell:alienware_aurora_r10_firmware:*:*:*:*:*:*:*:* | 2.3.2 (excluding) | |
| cpe:2.3:h:dell:alienware_aurora_r10:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:dell:alienware_aurora_r11_firmware:*:*:*:*:*:*:*:* | 1.0.17 (excluding) | |
| cpe:2.3:h:dell:alienware_aurora_r11:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:dell:alienware_aurora_r12_firmware:*:*:*:*:*:*:*:* | 1.1.17 (excluding) | |
| cpe:2.3:h:dell:alienware_aurora_r12:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:dell:alienware_aurora_r13_firmware:*:*:*:*:*:*:*:* | 1.7.0 (excluding) | |
| cpe:2.3:h:dell:alienware_aurora_r13:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:dell:alienware_aurora_r8_firmware:*:*:*:*:*:*:*:* | 1.0.26 (excluding) | |
| cpe:2.3:h:dell:alienware_aurora_r8:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:dell:alienware_aurora_r9_firmware:*:*:*:*:*:*:*:* | 1.0.22 (excluding) |
To consult the complete list of CPE names with products and versions, see this page