CVE-2024-22448 | ByteOS Network

Vulnerability Details :

CVE-2024-22448

Assigner-dell

Assigner Org ID-c550e75a-17ff-4988-97f0-544cde3820fe

Published At-10 Apr, 2024 | 07:30

Updated At-01 Aug, 2024 | 22:43

Dell BIOS contains an Out-of-Bounds Write vulnerability. A local authenticated malicious user with admin privileges could potentially exploit this vulnerability, leading to denial of service.

EPSS History

Score

Latest Score

-

N/A

Percentile

Latest Percentile

-

N/A

▼Common Vulnerabilities and Exposures (CVE)

Assigner:dell

Assigner Org ID:c550e75a-17ff-4988-97f0-544cde3820fe

Published At:10 Apr, 2024 | 07:30

Updated At:01 Aug, 2024 | 22:43

▼CVE Numbering Authority (CNA)

Dell BIOS contains an Out-of-Bounds Write vulnerability. A local authenticated malicious user with admin privileges could potentially exploit this vulnerability, leading to denial of service.

Affected Products

Vendor

Product

Default Status

unaffected

Versions

Affected

From N/A before 1.29.0 (semver)
From N/A before 1.16.0 (semver)
From N/A before 1.13.0 (semver)
From N/A before 1.28.0 (semver)
From N/A before 1.14.0 (semver)
From N/A before 1.31.0 (semver)
From N/A before 1.31.1 (semver)
From N/A before 1.31.2 (semver)
From N/A before 1.31.3 (semver)
From N/A before 1.31.4 (semver)
From N/A before 1.31.5 (semver)
From N/A before 1.31.6 (semver)
From N/A before 1.31.7 (semver)
From N/A before 1.31.8 (semver)
From N/A before 1.31.9 (semver)
From N/A before 1.31.10 (semver)
From N/A before 1.31.11 (semver)
From N/A before 1.31.12 (semver)
From N/A before 1.31.13 (semver)
From N/A before 1.31.14 (semver)
From N/A before 1.31.15 (semver)
From N/A before 1.31.16 (semver)

Problem Types

Type	CWE ID	Description
CWE	CWE-787	CWE-787: Out-of-bounds Write

Type: CWE

CWE ID: CWE-787

Description: CWE-787: Out-of-bounds Write

Metrics

Version	Base score	Base severity	Vector
3.1	4.7	MEDIUM	CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:H

Version: 3.1

Base score: 4.7

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:H

Credits

finder

Dell Technologies would like to thank Eason for reporting this issue.

References

Hyperlink	Resource
https://www.dell.com/support/kbdoc/en-us/000221744/dsa-2024-066	vendor-advisory

Hyperlink: https://www.dell.com/support/kbdoc/en-us/000221744/dsa-2024-066

Resource:

vendor-advisory

▼Authorized Data Publishers (ADP)

1. CISA ADP Vulnrichment

Affected Products

Vendor

Product

alienware_16_r1

CPEs

cpe:2.3:a:dell:alienware_16_r1:-:*:*:*:*:*:*:*

Default Status

unknown

Versions

Affected

From 0 before 1.13.0 (semver)

Vendor

Product

alienware_15_r6

CPEs

cpe:2.3:a:dell:alienware_15_r6:-:*:*:*:*:*:*:*

Default Status

unknown

Versions

Affected

From 0 before 1.29.0 (semver)

Vendor

Product

alienware_18_r1

CPEs

cpe:2.3:a:dell:alienware_18_r1:-:*:*:*:*:*:*:*

Default Status

unknown

Versions

Affected

From 0 before 1.16.0 (semver)

Vendor

Product

alienware_14_r2

CPEs

cpe:2.3:a:dell:alienware_14_r2:-:*:*:*:*:*:*:*

Default Status

unknown

Versions

Affected

From 0 before 1.13.0 (semver)

Vendor

Product

CPEs

cpe:2.3:h:dell:g15_5511:-:*:*:*:*:*:*:*

Default Status

unknown

Versions

Affected

From 0 before 1.28.0 (semver)

Vendor

Product

CPEs

cpe:2.3:h:dell:g15_5530:-:*:*:*:*:*:*:*

Default Status

unknown

Versions

Affected

From 0 before 1.14.0 (semver)

Vendor

Product

CPEs

cpe:2.3:h:dell:g16_7620:-:*:*:*:*:*:*:*

Default Status

unknown

Versions

Affected

From 0 before 1.14.0 (semver)

Vendor

Product

CPEs

cpe:2.3:h:dell:g3_3500:-:*:*:*:*:*:*:*

Default Status

unknown

Versions

Affected

From 0 before 1.29.0 (semver)

Vendor

Product

CPEs

cpe:2.3:h:dell:g5_5500:-:*:*:*:*:*:*:*

Default Status

unknown

Versions

Affected

From 0 before 1.29.0 (semver)

Vendor

Product

CPEs

cpe:2.3:h:dell:g7_7500:-:*:*:*:*:*:*:*

Default Status

unknown

Versions

Affected

From 0 before 1.31.0 (semver)

Vendor

Product

CPEs

cpe:2.3:h:dell:g7_7700:-:*:*:*:*:*:*:*

Default Status

unknown

Versions

Affected

From 0 before 1.31.0 (semver)

Vendor

Product

inspiron_13_5330

CPEs

cpe:2.3:h:dell:inspiron_13_5330:-:*:*:*:*:*:*:*

Default Status

unknown

Versions

Affected

From 0 before 1.14.0 (semver)

Vendor

Product

inspiron_15_3530

CPEs

cpe:2.3:a:dell:inspiron_15_3530:-:*:*:*:*:*:*:*

Default Status

unknown

Versions

Affected

From 0 before 1.10.0 (semver)

Vendor

Product

CPEs

cpe:2.3:a:dell:inspiron_3030s:-:*:*:*:*:*:*:*

Default Status

unknown

Versions

Affected

From 0 before 1.3.0 (semver)

Vendor

Product

CPEs

cpe:2.3:h:dell:inspiron_5301:-:*:*:*:*:*:*:*

Default Status

unknown

Versions

Affected

From 0 before 1.32.0 (semver)

Vendor

Product

CPEs

cpe:2.3:h:dell:inspiron_5400:-:*:*:*:*:*:*:*

Default Status

unknown

Versions

Affected

From 0 before 1.27.0 (semver)

Vendor

Product

CPEs

cpe:2.3:h:dell:inspiron_5401:-:*:*:*:*:*:*:*

Default Status

unknown

Versions

Affected

From 0 before 1.27.0 (semver)

Vendor

Product

CPEs

cpe:2.3:h:dell:inspiron_5402:-:*:*:*:*:*:*:*

Default Status

unknown

Versions

Affected

From 0 before 1.29.0 (semver)

Vendor

Product

CPEs

cpe:2.3:h:dell:inspiron_5409:-:*:*:*:*:*:*:*

Default Status

unknown

Versions

Affected

From 0 before 1.29.0 (semver)

Vendor

Product

CPEs

cpe:2.3:h:dell:inspiron_5502:-:*:*:*:*:*:*:*

Default Status

unknown

Versions

Affected

From 0 before 1.29.0 (semver)

Vendor

Product

CPEs

cpe:2.3:h:dell:inspiron_5509:-:*:*:*:*:*:*:*

Default Status

unknown

Versions

Affected

From 0 before 1.29.0 (semver)

Vendor

Product

CPEs

cpe:2.3:h:dell:inspiron_7300:-:*:*:*:*:*:*:*

Default Status

unknown

Versions

Affected

From - before 1.32.0 (semver)

Vendor

Product

CPEs

cpe:2.3:h:dell:inspiron_7400:-:*:*:*:*:*:*:*

Default Status

unknown

Versions

Affected

From 0 before 1.32.0 (semver)

Vendor

Product

inspiron_7700_aio

CPEs

cpe:2.3:h:dell:inspiron_7700_aio:-:*:*:*:*:*:*:*

Default Status

unknown

Versions

Affected

From 0 before 1.27.0 (semver)

Vendor

Product

CPEs

cpe:2.3:h:dell:latitude_5310:-:*:*:*:*:*:*:*

Default Status

unknown

Versions

Affected

From 0 before 1.23.0 (semver)

Vendor

Product

latitude_5310_2_in_1

CPEs

cpe:2.3:h:dell:latitude_5310_2_in_1:-:*:*:*:*:*:*:*

Default Status

unknown

Versions

Affected

From 0 before 1.23.0 (semver)

Vendor

Product

CPEs

cpe:2.3:h:dell:latitude_5330:-:*:*:*:*:*:*:*

Default Status

unknown

Versions

Affected

From 0 before 1.321.0 (semver)

Vendor

Product

CPEs

cpe:2.3:a:dell:latitude_5340:-:*:*:*:*:*:*:*

Default Status

unknown

Versions

Affected

From 0 before 1.12.0 (semver)

Vendor

Product

CPEs

cpe:2.3:h:dell:latitude_5531:-:*:*:*:*:*:*:*

Default Status

unknown

Versions

Affected

From - before 1.22.0 (semver)

Vendor

Product

CPEs

cpe:2.3:a:dell:latitude_5540:-:*:*:*:*:*:*:*

Default Status

unknown

Versions

Affected

From 0 before 1.12.0 (semver)

Vendor

Product

CPEs

cpe:2.3:h:dell:latitude_7320:-:*:*:*:*:*:*:*

Default Status

unknown

Versions

Affected

From - before 1.34.0 (semver)

Vendor

Product

CPEs

cpe:2.3:a:dell:latitude_7340:-:*:*:*:*:*:*:*

Default Status

unknown

Versions

Affected

From 0 before 1.13.0 (semver)

Vendor

Product

CPEs

cpe:2.3:h:dell:latitude_7420:-:*:*:*:*:*:*:*

Default Status

unknown

Versions

Affected

From - before 1.34.0 (semver)

Vendor

Product

CPEs

cpe:2.3:h:dell:latitude_7520:-:*:*:*:*:*:*:*

Default Status

unknown

Versions

Affected

From 0 before 1.34.0 (semver)

Vendor

Product

CPEs

cpe:2.3:h:dell:latitude_9330:-:*:*:*:*:*:*:*

Default Status

unknown

Versions

Affected

From 0 before 1.19.0 (semver)

Vendor

Product

CPEs

cpe:2.3:h:dell:latitude_9420:-:*:*:*:*:*:*:*

Default Status

unknown

Versions

Affected

From 0 before 1.29.0 (semver)

Vendor

Product

CPEs

cpe:2.3:h:dell:latitude_9430:-:*:*:*:*:*:*:*

Default Status

unknown

Versions

Affected

From - before 1.22.0 (semver)

Vendor

Product

latitude_9440_2in1

CPEs

cpe:2.3:a:dell:latitude_9440_2in1:-:*:*:*:*:*:*:*

Default Status

unknown

Versions

Affected

From 0 before 1.10.0 (semver)

Vendor

Product

optiplex_micro_7010

CPEs

cpe:2.3:h:dell:optiplex_micro_7010:-:*:*:*:*:*:*:*

Default Status

unknown

Versions

Affected

From 0 before 1.13.1 (semver)

Vendor

Product

optiplex_small_form_factor_7010

CPEs

cpe:2.3:h:dell:optiplex_small_form_factor_7010:-:*:*:*:*:*:*:*

Default Status

unknown

Versions

Affected

From 0 before 1.13.1 (semver)

Vendor

Product

optiplex_tower_7010

CPEs

cpe:2.3:h:dell:optiplex_tower_7010:-:*:*:*:*:*:*:*

Default Status

unknown

Versions

Affected

From 0 before 1.13.1 (semver)

Vendor

Product

CPEs

cpe:2.3:h:dell:precision_3440:-:*:*:*:*:*:*:*

Default Status

unknown

Versions

Affected

From 0 before 1.25.0 (semver)

Vendor

Product

CPEs

cpe:2.3:h:dell:precision_3571:-:*:*:*:*:*:*:*

Default Status

unknown

Versions

Affected

From 0 before 1.22.0 (semver)

Vendor

Product

CPEs

cpe:2.3:a:dell:precision_3580:-:*:*:*:*:*:*:*

Default Status

unknown

Versions

Affected

From 0 before 1.12.0 (semver)

Vendor

Product

CPEs

cpe:2.3:h:dell:precision_3581:-:*:*:*:*:*:*:*

Default Status

unknown

Versions

Affected

From 0 before 1.12.0 (semver)

Vendor

Product

CPEs

cpe:2.3:h:dell:precision_3660:-:*:*:*:*:*:*:*

Default Status

unknown

Versions

Affected

From - before 2.13.0 (semver)

Vendor

Product

CPEs

cpe:2.3:h:dell:precision_5570:-:*:*:*:*:*:*:*

Default Status

unknown

Versions

Affected

From 0 before 1.22.0 (semver)

Vendor

Product

CPEs

cpe:2.3:h:dell:precision_5750:-:*:*:*:*:*:*:*

Default Status

unknown

Versions

Affected

From 0 before 1.29.0 (semver)

Vendor

Product

CPEs

cpe:2.3:h:dell:precision_5770:-:*:*:*:*:*:*:*

Default Status

unknown

Versions

Affected

From 0 before 1.24.0 (semver)

Vendor

Product

CPEs

cpe:2.3:h:dell:vostro_14_3430:-:*:*:*:*:*:*:*

Default Status

unknown

Versions

Affected

From 0 before 1.10.0 (semver)

Vendor

Product

CPEs

cpe:2.3:h:dell:vostro_15_3530:-:*:*:*:*:*:*:*

Default Status

unknown

Versions

Affected

From 0 before 1.10.0 (semver)

Vendor

Product

CPEs

cpe:2.3:h:dell:vostro_3030s:-:*:*:*:*:*:*:*

Default Status

unknown

Versions

Affected

From 0 before 1.3.0 (semver)

Vendor

Product

CPEs

cpe:2.3:h:dell:vostro_5301:-:*:*:*:*:*:*:*

Default Status

unknown

Versions

Affected

From 0 before 1.32.0 (semver)

Vendor

Product

CPEs

cpe:2.3:h:dell:vostro_5402:-:*:*:*:*:*:*:*

Default Status

unknown

Versions

Affected

From 0 before 1.29.0 (semver)

Vendor

Product

CPEs

cpe:2.3:h:dell:vostro_5502:-:*:*:*:*:*:*:*

Default Status

unknown

Versions

Affected

From - before 1.29.0 (semver)

Vendor

Product

CPEs

cpe:2.3:h:dell:vostro_5880:-:*:*:*:*:*:*:*

Default Status

unknown

Versions

Affected

From 0 before 1.25.0 (semver)

Vendor

Product

CPEs

cpe:2.3:h:dell:xps_17_9700:-:*:*:*:*:*:*:*

Default Status

unknown

Versions

Affected

From 0 before 1.24.0 (semver)

Vendor

Product

CPEs

cpe:2.3:h:dell:xps_17_9730:-:*:*:*:*:*:*:*

Default Status

unknown

Versions

Affected

From 0 before 1.11.0 (semver)

Vendor

Product

CPEs

cpe:2.3:h:dell:xps_9315_2in1:-:*:*:*:*:*:*:*

Default Status

unknown

Versions

Affected

From 0 before 1.15.0 (semver)

Metrics Other Info

2. CVE Program Container

References

Hyperlink	Resource
https://www.dell.com/support/kbdoc/en-us/000221744/dsa-2024-066	vendor-advisory x_transferred

Hyperlink: https://www.dell.com/support/kbdoc/en-us/000221744/dsa-2024-066

Resource:

vendor-advisory

x_transferred

▼National Vulnerability Database (NVD)

Source:security_alert@emc.com

Published At:10 Apr, 2024 | 08:15

Updated At:04 Feb, 2025 | 17:34

Dell BIOS contains an Out-of-Bounds Write vulnerability. A local authenticated malicious user with admin privileges could potentially exploit this vulnerability, leading to denial of service.

Metrics

Type	Version	Base score	Base severity	Vector
Secondary	3.1	4.7	MEDIUM	CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:H
Primary	3.1	4.4	MEDIUM	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

Type: Secondary

Version: 3.1

Base score: 4.7

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:H

Type: Primary

Version: 3.1

Base score: 4.4

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

CPE Matches

>>alienware_m15_r6_firmware>>Versions before 1.29.0(exclusive)

cpe:2.3:o:dell:alienware_m15_r6_firmware:*:*:*:*:*:*:*:*

>>alienware_m15_r6>>-

cpe:2.3:h:dell:alienware_m15_r6:-:*:*:*:*:*:*:*

>>alienware_m15_r7_firmware>>Versions before 1.24.0(exclusive)

cpe:2.3:o:dell:alienware_m15_r7_firmware:*:*:*:*:*:*:*:*

>>alienware_m15_r7>>-

cpe:2.3:h:dell:alienware_m15_r7:-:*:*:*:*:*:*:*

>>alienware_m16_r1_firmware>>Versions before 1.16.0(exclusive)

cpe:2.3:o:dell:alienware_m16_r1_firmware:*:*:*:*:*:*:*:*

>>alienware_m16_r1>>-

cpe:2.3:h:dell:alienware_m16_r1:-:*:*:*:*:*:*:*

>>alienware_m18_r1_firmware>>Versions before 1.16.0(exclusive)

cpe:2.3:o:dell:alienware_m18_r1_firmware:*:*:*:*:*:*:*:*

>>alienware_m18_r1>>-

cpe:2.3:h:dell:alienware_m18_r1:-:*:*:*:*:*:*:*

>>alienware_m18_r2_firmware>>Versions before 1.4.4(exclusive)

cpe:2.3:o:dell:alienware_m18_r2_firmware:*:*:*:*:*:*:*:*

>>alienware_m18_r2>>-

cpe:2.3:h:dell:alienware_m18_r2:-:*:*:*:*:*:*:*

>>alienware_x14_r2_firmware>>Versions before 1.13.0(exclusive)

cpe:2.3:o:dell:alienware_x14_r2_firmware:*:*:*:*:*:*:*:*

>>alienware_x14_r2>>-

cpe:2.3:h:dell:alienware_x14_r2:-:*:*:*:*:*:*:*

>>alienware_x16_r1_firmware>>Versions before 1.13.0(exclusive)

cpe:2.3:o:dell:alienware_x16_r1_firmware:*:*:*:*:*:*:*:*

>>alienware_x16_r1>>-

cpe:2.3:h:dell:alienware_x16_r1:-:*:*:*:*:*:*:*

>>alienware_x16_r2_firmware>>Versions before 1.2.0(exclusive)

cpe:2.3:o:dell:alienware_x16_r2_firmware:*:*:*:*:*:*:*:*

>>alienware_x16_r2>>-

cpe:2.3:h:dell:alienware_x16_r2:-:*:*:*:*:*:*:*

>>chengming_3900_firmware>>Versions before 1.22.0(exclusive)

cpe:2.3:o:dell:chengming_3900_firmware:*:*:*:*:*:*:*:*

>>chengming_3900>>-

cpe:2.3:h:dell:chengming_3900:-:*:*:*:*:*:*:*

>>chengming_3910_firmware>>Versions before 1.13.1(exclusive)

cpe:2.3:o:dell:chengming_3910_firmware:*:*:*:*:*:*:*:*

>>chengming_3910>>-

cpe:2.3:h:dell:chengming_3910:-:*:*:*:*:*:*:*

>>chengming_3911_firmware>>Versions before 1.13.1(exclusive)

cpe:2.3:o:dell:chengming_3911_firmware:*:*:*:*:*:*:*:*

>>chengming_3911>>-

cpe:2.3:h:dell:chengming_3911:-:*:*:*:*:*:*:*

>>chengming_3990_firmware>>Versions before 1.27.0(exclusive)

cpe:2.3:o:dell:chengming_3990_firmware:*:*:*:*:*:*:*:*

>>chengming_3990>>-

cpe:2.3:h:dell:chengming_3990:-:*:*:*:*:*:*:*

>>chengming_3991_firmware>>Versions before 1.27.0(exclusive)

cpe:2.3:o:dell:chengming_3991_firmware:*:*:*:*:*:*:*:*

>>chengming_3991>>-

cpe:2.3:h:dell:chengming_3991:-:*:*:*:*:*:*:*

>>g15_5510_firmware>>Versions before 1.24.0(exclusive)

cpe:2.3:o:dell:g15_5510_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:g15_5510:-:*:*:*:*:*:*:*

>>g15_5511_firmware>>Versions before 1.28.0(exclusive)

cpe:2.3:o:dell:g15_5511_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:g15_5511:-:*:*:*:*:*:*:*

>>g15_5520_firmware>>Versions before 1.24.0(exclusive)

cpe:2.3:o:dell:g15_5520_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:g15_5520:-:*:*:*:*:*:*:*

>>g15_5530_firmware>>Versions before 1.14.0(exclusive)

cpe:2.3:o:dell:g15_5530_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:g15_5530:-:*:*:*:*:*:*:*

>>g16_7620_firmware>>Versions before 1.24.0(exclusive)

cpe:2.3:o:dell:g16_7620_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:g16_7620:-:*:*:*:*:*:*:*

>>g16_7630_firmware>>Versions before 1.14.0(exclusive)

cpe:2.3:o:dell:g16_7630_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:g16_7630:-:*:*:*:*:*:*:*

>>g3_3500_firmware>>Versions before 1.29.0(exclusive)

cpe:2.3:o:dell:g3_3500_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:g3_3500:-:*:*:*:*:*:*:*

>>g5_5500_firmware>>Versions before 1.29.0(exclusive)

cpe:2.3:o:dell:g5_5500_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:g5_5500:-:*:*:*:*:*:*:*

>>g7_7500_firmware>>Versions before 1.31.0(exclusive)

cpe:2.3:o:dell:g7_7500_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:g7_7500:-:*:*:*:*:*:*:*

>>g7_7700_firmware>>Versions before 1.31.0(exclusive)

cpe:2.3:o:dell:g7_7700_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:g7_7700:-:*:*:*:*:*:*:*

>>inspiron_13_5310_firmware>>Versions before 2.27.0(exclusive)

cpe:2.3:o:dell:inspiron_13_5310_firmware:*:*:*:*:*:*:*:*

>>inspiron_13_5310>>-

cpe:2.3:h:dell:inspiron_13_5310:-:*:*:*:*:*:*:*

>>inspiron_13_5320_firmware>>Versions before 1.18.0(exclusive)

cpe:2.3:o:dell:inspiron_13_5320_firmware:*:*:*:*:*:*:*:*

>>inspiron_13_5320>>-

cpe:2.3:h:dell:inspiron_13_5320:-:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-787	Secondary	security_alert@emc.com

CWE ID: CWE-787

Type: Secondary

Source: security_alert@emc.com

References

Hyperlink	Source	Resource
https://www.dell.com/support/kbdoc/en-us/000221744/dsa-2024-066	security_alert@emc.com	Vendor Advisory
https://www.dell.com/support/kbdoc/en-us/000221744/dsa-2024-066	af854a3a-2127-422b-91ae-364da2661108	Vendor Advisory

Hyperlink: https://www.dell.com/support/kbdoc/en-us/000221744/dsa-2024-066

Source: security_alert@emc.com

Resource:

Vendor Advisory

Hyperlink: https://www.dell.com/support/kbdoc/en-us/000221744/dsa-2024-066

Source: af854a3a-2127-422b-91ae-364da2661108

Resource:

Vendor Advisory