CVE-2022-34403

Name: CVE-2022-34403
Creator: NVD / NIST
Published: 2023-02-01T06:15:08.797+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

HIGHCVSS 8.8/10EPSS 0.17%

Last modified Jun 17, 2026

CVE-2022-34403 is a high-severity vulnerability rated 8.8/10 on the CVSS scale. Dell BIOS contains a Stack based buffer overflow vulnerability. A local authenticated attacker could potentially exploit this vulnerability by using an SMI to send larger than expected input to a parameter to gain arbitrary code execution in SMRAM. . EPSS estimates a 0.17% chance of exploitation in the next 30 days.

Description

Dell BIOS contains a Stack based buffer overflow vulnerability. A local authenticated attacker could potentially exploit this vulnerability by using an SMI to send larger than expected input to a parameter to gain arbitrary code execution in SMRAM.

Metrics

CVSS 3.1

8.8/10

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

EPSS Probability

0.17%

6.1th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

Vendor	Product	Versions
Dell	Alienware M15 R6 Firmware	< 1.17.0
Dell	Alienware M15 R7 Firmware	< 1.4.3
Dell	Alienware M15 Ryzen Edition R5 Firmware	< 1.8.0
Dell	Alienware M17 R5 Amd Firmware	< 1.4.3
Dell	G15 5510 Firmware	< 1.16.0
Dell	G15 5511 Firmware	< 1.18.0
Dell	G15 5515 Firmware	< 1.8.0
Dell	G15 5525 Firmware	< 1.4.3
Dell	G5 Se 5505 Firmware	< 1.13.0
Dell	Inspiron 14 5410 2-In-1 Firmware	< 2.15.2
Dell	Inspiron 15 3511 Firmware	< 1.18.2
Dell	Inspiron 3195 2-In-1 Firmware	< 1.6.0
Dell	Inspiron 3275 Firmware	< 1.9.2
Dell	Inspiron 3475 Firmware	< 1.9.2
Dell	Inspiron 3505 Firmware	< 1.9.0
Dell	Inspiron 3515 Firmware	< 1.9.0
Dell	Inspiron 3525 Firmware	< 1.5.0
Dell	Inspiron 3585 Firmware	< 1.10.0
Dell	Inspiron 3595 Firmware	< 1.5.0
Dell	Inspiron 3785 Firmware	< 1.10.0
Dell	Inspiron 3891 Firmware	< 1.12.0
Dell	Inspiron 5310 Firmware	< 2.15.0
Dell	Inspiron 5405 Firmware	< 1.9.0
Dell	Inspiron 5410 Firmware	< 2.14.0
Dell	Inspiron 5415 Firmware	< 1.13.0
Dell	Inspiron 5425 Firmware	< 1.5.0
Dell	Inspiron 5485 Firmware	< 2.11.0
Dell	Inspiron 5485 2-In-1 Firmware	< 2.11.0
Dell	Inspiron 5505 Firmware	< 1.9.0
Dell	Inspiron 5510 Firmware	< 2.15.2
Dell	Inspiron 5515 Firmware	< 1.13.0
Dell	Inspiron 5585 Firmware	< 2.11.0
Dell	Inspiron 7405 2-In-1 Firmware	< 1.10.1
Dell	Inspiron 7415 Firmware	< 1.13.0
Dell	Inspiron 7425 Firmware	< 1.5.0
Dell	Inspiron 7510 Firmware	< 1.12.0
Dell	Inspiron 7610 Firmware	< 1.12.0
Dell	Latitude 3320 Firmware	< 1.18.2
Dell	Latitude 3420 Firmware	< 1.23.2
Dell	Latitude 3520 Firmware	< 1.23.2
Dell	Latitude 5320 Firmware	< 1.24.3
Dell	Latitude 5420 Firmware	< 1.22.0
Dell	Latitude 5520 Firmware	< 1.24.3
Dell	Latitude 5521 Firmware	< 1.17.3
Dell	Latitude 7320 Firmware	< 1.20.0
Dell	Latitude 7320 Detachable Firmware	< 1.17.2
Dell	Latitude 7420 Firmware	< 1.20.0
Dell	Latitude 7520 Firmware	< 1.20.0
Dell	Latitude 9420 Firmware	< 1.16.2
Dell	Latitude 9520 Firmware	< 1.17.0

Showing 50 of 83 affected configurations. See NVD for the full list.

References

https://www.dell.com/support/kbdoc/000205716Vendor Advisory
https://www.dell.com/support/kbdoc/000205716Vendor Advisory

Timeline

Published: Feb 1, 2023
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2022-34403?

How severe is CVE-2022-34403?

CVE-2022-34403 has a CVSS score of 8.8/10 (HIGH severity). The EPSS model estimates a 0.17% probability of exploitation in the next 30 days.

How do I fix CVE-2022-34403?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2022-34403?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST