CVE-2022-34390

Summary

Dell BIOS contains a use of uninitialized variable vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM.

Affected Software

VendorProductVersion RangeStatus
DellCPG BIOSunspecified < 8 MSI Platformsaffected

Weaknesses

  • CWE-457: CWE-457: Use of Uninitialized Variable

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References