Strix
26.1K

CVE-2022-22566

HIGHCVSS 7.2/10EPSS 0.25%

Last modified

CVE-2022-22566 is a high-severity vulnerability rated 7.2/10 on the CVSS scale. Select Dell Client Commercial and Consumer platforms contain a pre-boot direct memory access (DMA) vulnerability. An authenticated attacker with physical access to the system may potentially exploit this vulnerability in order to execute arbitrary code on the device.. EPSS estimates a 0.25% chance of exploitation in the next 30 days.

Description

Select Dell Client Commercial and Consumer platforms contain a pre-boot direct memory access (DMA) vulnerability. An authenticated attacker with physical access to the system may potentially exploit this vulnerability in order to execute arbitrary code on the device.

Metrics

CVSS 3.1
7.2/10

CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

EPSS Probability
0.25%

15.9th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
DellAlienware Area 51m R1 Firmware< 1.16.0
DellAlienware Area 51m R2 Firmware< 1.11.0
DellAlienware M15 R3 Firmware< 1.12.0
DellAlienware M15 R4 Firmware< 1.6.2
DellAlienware M15 R6 Firmware< 1.6.0
DellAlienware M15 R6 Firmware> 1.6.0, < 1.8.0
DellAlienware M17 R3 Firmware< 1.12.0
DellAlienware M17 R4 Firmware< 1.6.2
DellChengming 3990 Firmware< 1.6.0
DellChengming 3991 Firmware< 1.6.0
DellG15 5510 Firmware< 1.8.0
DellG15 5511 Firmware< 1.9.0
DellG3 3500 Firmware< 1.12.0
DellG3 3590 Firmware< 1.14.0
DellG5 5000 Firmware< 1.4.0
DellG5 5500 Firmware< 1.12.0
DellG7 7500 Firmware< 1.11.1
DellG7 7700 Firmware< 1.11.1
DellInspiron 14 5410 Firmware< 2.6.1
DellInspiron 14 5418 Firmware< 2.6.1
DellInspiron 15 5510 Firmware< 2.6.1
DellInspiron 15 5518 Firmware< 2.6.1
DellInspiron 3490 Firmware< 1.15.0
DellInspiron 3493 Firmware< 1.18.0
DellInspiron 3501 Firmware< 1.11.0
DellInspiron 3511 Firmware< 1.8.0
DellInspiron 3590 Firmware< 1.15.0
DellInspiron 3593 Firmware< 1.18.0
DellInspiron 3790 Firmware< 1.15.0
DellInspiron 3793 Firmware< 1.18.0
DellInspiron 3880 Firmware< 1.6.0
DellInspiron 3881 Firmware< 1.6.0
DellInspiron 3891 Firmware< 1.4.1
DellInspiron 5300 Firmware< 1.10.0
DellInspiron 5301 Firmware< 1.12.0
DellInspiron 5310 Firmware< 2.6.1
DellInspiron 5390 Firmware< 1.14.0
DellInspiron 5391 Firmware< 1.15.0
DellInspiron 5400 2-In-1 Firmware< 1.10.0
DellInspiron 5400 Aio Firmware< 1.6.0
DellInspiron 5401 Firmware< 1.10.0
DellInspiron 5401 Aio Firmware< 1.6.0
DellInspiron 5402 Firmware< 1.9.0
DellInspiron 5406 2-In-1 Firmware< 1.9.0
DellInspiron 5408 Firmware< 1.10.0
DellInspiron 5409 Firmware< 1.9.0
DellInspiron 5410 Firmware< 2.6.1
DellInspiron 5490 Firmware< 1.16.1
DellInspiron 5490 Aio Firmware< 1.11.0
DellInspiron 5491 2-In-1 Firmware< 1.12.1

Showing 50 of 216 affected configurations. See NVD for the full list.

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2022-22566?
Select Dell Client Commercial and Consumer platforms contain a pre-boot direct memory access (DMA) vulnerability. An authenticated attacker with physical access to the system may potentially exploit this vulnerability in order to execute arbitrary code on the device.
How severe is CVE-2022-22566?
CVE-2022-22566 has a CVSS score of 7.2/10 (HIGH severity). The EPSS model estimates a 0.25% probability of exploitation in the next 30 days.
How do I fix CVE-2022-22566?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2022-22566?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST