Buffer Access with Incorrect Length Value

CVE-2022-34399

Medium

5.1/10

Summary

Dell Alienware m17 R5 BIOS version prior to 1.2.2 contain a buffer access vulnerability. A malicious user with admin privileges could potentially exploit this vulnerability by sending input larger than expected in order to leak certain sections of SMRAM.

Attack Complexity: LOW
Attack Vector: LOCAL
Integrity Impact: HIGH
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: HIGH
Confidentiality Impact: LOW
Availability Impact: NONE

CWE-805 - Buffer Access with Incorrect Length Value

The software uses a sequential operation to read or write a buffer, but it uses an incorrect length value that causes it to access memory that is outside of the bounds of the buffer.

References

Advisory Timeline

Published Jan 18, 2023

Buffer Access with Incorrect Length Value

CVE-2022-34399

Summary

CWE-805 - Buffer Access with Incorrect Length Value

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS