Cyber Resilience

CVE-2022-34403

High

Published: 01 February 2023

Published
01 February 2023
Modified
21 November 2024
KEV Added
Patch
CVSS Score v3.1 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
EPSS Score 0.0005 16.7th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2022-34403 is a high-severity Stack-based Buffer Overflow (CWE-121) vulnerability in Dell Alienware M15 R6 Firmware. Its CVSS base score is 7.5 (High).

Operationally, ranked at the 16.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

EU & UK References

Vulnerability details

Dell BIOS contains a Stack based buffer overflow vulnerability. A local authenticated attacker could potentially exploit this vulnerability by using an SMI to send larger than expected input to a parameter to gain arbitrary code execution in SMRAM.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

dell
alienware m15 r6 firmware
≤ 1.17.0
dell
alienware m15 r7 firmware
≤ 1.4.3
dell
alienware m15 ryzen edition r5 firmware
≤ 1.8.0
dell
alienware m17 r5 amd firmware
≤ 1.4.3
dell
g15 5510 firmware
≤ 1.16.0
dell
g15 5511 firmware
≤ 1.18.0
dell
g15 5515 firmware
≤ 1.8.0
dell
g15 5525 firmware
≤ 1.4.3
dell
g5 se 5505 firmware
≤ 1.13.0
dell
inspiron 14 5410 2-in-1 firmware
≤ 2.15.2
+73 more product configuration(s) — see NVD for full list

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-787

Out-of-bounds writes that corrupt control flow or inject shellcode are rendered non-executable by the same memory protections.

References