25 matches found
CVE-2024-52541
CVE-2024-52541 affects Dell Client Platform BIOS. The vulnerability is a weak authentication flaw that could allow a high-privilege attacker with local access to achieve Elevation of Privileges. The connected sources confirm the issue but do not provide public exploit details or concrete remediat...
CVE-2022-24416
CVE-2022-24416 affects Dell BIOS firmware; the vulnerability arises from improper input validation in the BIOS SMM path, allowing a local authenticated attacker to trigger an SMI and gain arbitrary code execution in SMM. Affected Dell BIOS components and models include multiple Dell lines; remedi...
CVE-2022-24420
Dell BIOS CVE-2022-24420 involves an improper input validation vulnerability that allows a local authenticated attacker to execute arbitrary code in the System Management Mode (SMM) using an SMI. Affected Dell products include several Dell BIOS-bearing systems (e.g., Inspiron, Vostro, XPS, Alienw...
CVE-2022-24419
Dell BIOS contains an improper input validation vulnerability that can be exploited locally by an authenticated attacker using an SMI to gain arbitrary code execution in System Management Mode (SMM). Affected are Dell BIOS firmware components across several systems (e.g., Inspiron, Vostro, XPS, A...
CVE-2022-24421
Dell BIOS contains an improper input validation vulnerability that allows a local authenticated attacker to trigger arbitrary code execution in System Management Mode (SMM) via an SMI. Affected Dell products include Inspiron, Vostro, XPS, Alienware, and Edge Gateway 3000 Series. The root cause is...
CVE-2022-26858
Dell BIOS CVE-2022-26858 is an Improper Authentication vulnerability affecting Dell BIOS versions. A locally authenticated user can potentially bypass security controls by sending malicious input to an SMI. The issue is commonly discussed alongside related BIOS vulnerabilities (DSA-2022-224) and ...
CVE-2022-24415
Dell BIOS contains an improper input validation vulnerability that can be exploited by a local authenticated attacker using an SMI to gain arbitrary code execution during System Management Mode (SMM). Several sources describe this family of flaws (CVE-2022-24415) as affecting Dell BIOS across mul...
CVE-2022-34398
Dell BIOS is affected by a Time-of-check Time-of-use (TOCTTOU) vulnerability. A local authenticated user could exploit a specifically timed DMA transaction during an SMI to gain arbitrary code execution. The documents do not provide a specific patched version or remediation details; monitor for u...
CVE-2023-28075
Dell BIOS TOCTOU vulnerability (CVE-2023-28075) allows a locally authenticated user with physical access to trigger a specifically timed DMA operation during an SMI to gain arbitrary code execution. Affected component is the Dell BIOS; root cause is a Time‑of‑check Time‑of‑use flaw enabling TOCTO...
CVE-2024-47238
CVE-2024-47238 affects Dell Client Platform BIOS. Vulnerability: Improper Input Validation in an externally developed component. Attack scenario: a high-privilege attacker with local access could potentially execute arbitrary code. Documents indicate the issue involves a local attacker, with high...
CVE-2022-32483
CVE-2022-32483 : Dell BIOS contains an improper input validation vulnerability that allows a local, authenticated attacker with admin privileges to modify a UEFI variable. Several sources corroborate that exploitation requires access to the System Management Interface (SMI) to act within SMRAM, e...
CVE-2022-32489
CVE-2022-32489 affects Dell BIOS. The vulnerability arises from improper input validation, enabling a local authenticated attacker to use an SMI to execute arbitrary code in SMRAM. Impact is high (confidentiality, integrity, and availability) per multiple sources. Exploitation requires access to ...
CVE-2022-26859
CVE-2022-26859 describes a race condition in Dell BIOS that can be triggered by a local attacker sending malicious input via System Management Interrupt (SMI) to bypass security checks during System Management Mode (SMM). The vulnerability affects Dell BIOS and enables potential interception or c...
CVE-2022-32485
The CVE-2022-32485 entry refers to a Dell BIOS vulnerability caused by improper input validation. A local authenticated attacker could use a System Management Interrupt (SMI) to execute arbitrary code in SMRAM. Documents consistently identify Dell BIOS as the affected component and SMRAM as the t...
CVE-2022-32487
Dell BIOS contains an input validation weakness that can be triggered by a local, authenticated attacker using an SMI to execute code in SMRAM. Public sources consistently describe the vulnerability as affecting Dell BIOS embedded firmware and enabling arbitrary code execution when an SMI is used...
CVE-2022-32493
CVE-2022-32493: Dell BIOS contains a stack-based buffer overflow that can be exploited by a local, authenticated attacker using an SMI to execute code in SMRAM. This affects Dell BIOS (embedded firmware on motherboard memory) and results in arbitrary code execution with high impact on confidentia...
CVE-2024-0158
CVE-2024-0158 relates to Dell BIOS, where an improper input validation flaw could let a locally authenticated administrator modify a UEFI variable, causing denial of service and privilege escalation. Affected software is the Dell BIOS (details on exact versions are not consistently specified acro...
CVE-2024-22429
CVE-2024-22429 affects Dell BIOS with an Improper Input Validation vulnerability. A locally authenticated user with admin privileges could exploit the flaw to achieve arbitrary code execution on the host, per the provided descriptions. The root cause is described as input validation errors within...
CVE-2022-32488
Dell BIOS contains an improper input validation vulnerability (CVE-2022-32488). A local authenticated attacker could use an SMI to gain arbitrary code execution in SMRAM, with high impact on confidentiality/integrity/availability. Affected component is the BIOS firmware on Dell systems; exploitat...
CVE-2023-24571
CVE-2023-24571 concerns Dell BIOS with an Improper Input Validation flaw. A locally authenticated attacker with administrator privileges could potentially execute arbitrary code, as described in the Dell BIOS/DSA-2023-046 context. The root cause is input validation failure in the BIOS component; ...
CVE-2022-26860
CVE-2022-26860 describes a stack-based buffer overflow in Dell BIOS. A local attacker can trigger it via System Management Interrupt (SMI), bypass security checks, and achieve arbitrary code execution in System Management Mode (SMM). Affected: Dell BIOS versions; vulnerability is local with low a...
CVE-2022-26861
Dell BIOS firmware contains an Insecure Automated Optimization vulnerability (CVE-2022-26861) that allows a locally authenticated attacker to trigger arbitrary code execution during System Management Mode (SMM) by sending malicious input via SMI. The issue is tied to the BIOS/SMM trust boundary, ...
CVE-2022-32491
Dell Client BIOS contains a buffer overflow vulnerability that can be triggered by a locally authenticated user manipulating an SMI to cause an arbitrary write in SMRAM during SMM. Affected: Dell Client BIOS. Root cause: buffer overflow in BIOS. Impact: high confidentiality, integrity, and availa...
CVE-2022-32484
Dell BIOS firmware contains an input validation error that can be exploited by a locally authenticated administrator to modify UEFI variables. The issue is documented as CVE-2022-32484 and is supported by multiple sources (Dell KB, NCSC advisory) noting local access via an admin user and the risk...
CVE-2022-32490
Dell BIOS is affected by an improper input validation vulnerability (CVE-2022-32490). A local authenticated attacker can use an SMI to gain arbitrary code execution in SMRAM. Affected component is Dell BIOS; the root cause is input validation weaknesses enabling SMI-based exploitation with high i...