BIOS
by Dell
CVEs (117)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2020-5361 | Med | 0.33 | 5.1 | 0.00 | Jan 4, 2021 | Select Dell Client Commercial and Consumer platforms support a BIOS password reset capability that is designed to assist authorized customers who forget their passwords. Dell is aware of unauthorized password generation tools that can generate BIOS recovery passwords. The tools,… | ||
| CVE-2024-28970 | Med | 0.31 | 4.7 | 0.00 | Jun 12, 2024 | Dell Client BIOS contains an Out-of-bounds Write vulnerability. A local authenticated malicious user with admin privileges could potentially exploit this vulnerability, leading to platform denial of service. | ||
| CVE-2024-22448 | Med | 0.31 | 4.7 | 0.00 | Apr 10, 2024 | Dell BIOS contains an Out-of-Bounds Write vulnerability. A local authenticated malicious user with admin privileges could potentially exploit this vulnerability, leading to denial of service. | ||
| CVE-2022-22567 | Med | 0.31 | 4.7 | 0.00 | Feb 9, 2022 | Select Dell Client Commercial and Consumer platforms are vulnerable to an insufficient verification of data authenticity vulnerability. An authenticated malicious user may exploit this vulnerability in order to install modified BIOS firmware. | ||
| CVE-2023-32453 | Med | 0.30 | 4.6 | 0.00 | Aug 16, 2023 | Dell BIOS contains an improper authentication vulnerability. A malicious user with physical access to the system may potentially exploit this vulnerability in order to modify a security-critical UEFI variable without knowledge of the BIOS administrator. | ||
| CVE-2022-46752 | Med | 0.30 | 4.6 | 0.00 | Mar 8, 2023 | Dell BIOS contains an Improper Authorization vulnerability. An unauthenticated physical attacker may potentially exploit this vulnerability, leading to denial of service. | ||
| CVE-2022-32491 | Med | 0.27 | 4.1 | 0.00 | Oct 12, 2022 | Dell Client BIOS contains a Buffer Overflow vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by manipulating an SMI to cause an arbitrary write during SMM. | ||
| CVE-2024-32855 | Low | 0.25 | 3.8 | 0.00 | Jun 25, 2024 | Dell Client Platform BIOS contains an Out-of-bounds Write vulnerability in an externally developed component. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Information tampering. | ||
| CVE-2023-28064 | Low | 0.23 | 3.5 | 0.00 | Jun 23, 2023 | Dell BIOS contains an Out-of-bounds Write vulnerability. An unauthenticated physical attacker may potentially exploit this vulnerability, leading to denial of service. | ||
| CVE-2022-31225 | Low | 0.20 | 3.0 | 0.00 | Sep 12, 2022 | Dell BIOS versions contain an Unchecked Return Value vulnerability. A local authenticated administrator user could potentially exploit this vulnerability in order to change the state of the system or cause unexpected failures. | ||
| CVE-2022-31220 | Low | 0.20 | 3.0 | 0.00 | Sep 12, 2022 | Dell BIOS versions contain an Unchecked Return Value vulnerability. A local authenticated administrator user could potentially exploit this vulnerability in order to change the state of the system or cause unexpected failures. | ||
| CVE-2022-31223 | Low | 0.15 | 2.3 | 0.00 | Sep 12, 2022 | Dell BIOS versions contain an Improper Neutralization of Null Byte vulnerability. A local authenticated administrator user could potentially exploit this vulnerability by sending unexpected null bytes in order to read memory on the system. | ||
| CVE-2022-31222 | Low | 0.15 | 2.3 | 0.00 | Sep 12, 2022 | Dell BIOS versions contain a Missing Release of Resource after Effective Lifetime vulnerability. A local authenticated administrator user could potentially exploit this vulnerability by consuming excess memory in order to cause the application to crash. | ||
| CVE-2022-31221 | Low | 0.15 | 2.3 | 0.00 | Sep 12, 2022 | Dell BIOS versions contain an Information Exposure vulnerability. A local authenticated administrator user could potentially exploit this vulnerability in order access sensitive state information on the system. | ||
| CVE-2020-5387 | Low | 0.15 | 2.3 | 0.00 | Oct 1, 2020 | Dell XPS 13 9370 BIOS versions prior to 1.13.1 contains an Improper Exception Handling vulnerability. A local attacker with physical access could exploit this vulnerability to prevent the system from booting until the exploited boot device is removed. | ||
| CVE-2022-31224 | Low | 0.13 | 2.0 | 0.00 | Sep 12, 2022 | Dell BIOS versions contain an Improper Protection Against Voltage and Clock Glitches vulnerability. An attacker with physical access to the system could potentially exploit this vulnerability by triggering a fault condition in order to change the behavior of the system. | ||
| CVE-2013-3582 | 0.00 | — | 0.03 | Aug 28, 2013 | Buffer overflow in Dell BIOS on Dell Latitude D###, E####, XT2, and Z600 devices, and Dell Precision M#### devices, allows local users to bypass intended BIOS signing requirements and install arbitrary BIOS images by leveraging administrative privileges and providing a crafted… |
- risk 0.33cvss 5.1epss 0.00
Select Dell Client Commercial and Consumer platforms support a BIOS password reset capability that is designed to assist authorized customers who forget their passwords. Dell is aware of unauthorized password generation tools that can generate BIOS recovery passwords. The tools,…
- risk 0.31cvss 4.7epss 0.00
Dell Client BIOS contains an Out-of-bounds Write vulnerability. A local authenticated malicious user with admin privileges could potentially exploit this vulnerability, leading to platform denial of service.
- risk 0.31cvss 4.7epss 0.00
Dell BIOS contains an Out-of-Bounds Write vulnerability. A local authenticated malicious user with admin privileges could potentially exploit this vulnerability, leading to denial of service.
- risk 0.31cvss 4.7epss 0.00
Select Dell Client Commercial and Consumer platforms are vulnerable to an insufficient verification of data authenticity vulnerability. An authenticated malicious user may exploit this vulnerability in order to install modified BIOS firmware.
- risk 0.30cvss 4.6epss 0.00
Dell BIOS contains an improper authentication vulnerability. A malicious user with physical access to the system may potentially exploit this vulnerability in order to modify a security-critical UEFI variable without knowledge of the BIOS administrator.
- risk 0.30cvss 4.6epss 0.00
Dell BIOS contains an Improper Authorization vulnerability. An unauthenticated physical attacker may potentially exploit this vulnerability, leading to denial of service.
- risk 0.27cvss 4.1epss 0.00
Dell Client BIOS contains a Buffer Overflow vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by manipulating an SMI to cause an arbitrary write during SMM.
- risk 0.25cvss 3.8epss 0.00
Dell Client Platform BIOS contains an Out-of-bounds Write vulnerability in an externally developed component. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Information tampering.
- risk 0.23cvss 3.5epss 0.00
Dell BIOS contains an Out-of-bounds Write vulnerability. An unauthenticated physical attacker may potentially exploit this vulnerability, leading to denial of service.
- risk 0.20cvss 3.0epss 0.00
Dell BIOS versions contain an Unchecked Return Value vulnerability. A local authenticated administrator user could potentially exploit this vulnerability in order to change the state of the system or cause unexpected failures.
- risk 0.20cvss 3.0epss 0.00
Dell BIOS versions contain an Unchecked Return Value vulnerability. A local authenticated administrator user could potentially exploit this vulnerability in order to change the state of the system or cause unexpected failures.
- risk 0.15cvss 2.3epss 0.00
Dell BIOS versions contain an Improper Neutralization of Null Byte vulnerability. A local authenticated administrator user could potentially exploit this vulnerability by sending unexpected null bytes in order to read memory on the system.
- risk 0.15cvss 2.3epss 0.00
Dell BIOS versions contain a Missing Release of Resource after Effective Lifetime vulnerability. A local authenticated administrator user could potentially exploit this vulnerability by consuming excess memory in order to cause the application to crash.
- risk 0.15cvss 2.3epss 0.00
Dell BIOS versions contain an Information Exposure vulnerability. A local authenticated administrator user could potentially exploit this vulnerability in order access sensitive state information on the system.
- risk 0.15cvss 2.3epss 0.00
Dell XPS 13 9370 BIOS versions prior to 1.13.1 contains an Improper Exception Handling vulnerability. A local attacker with physical access could exploit this vulnerability to prevent the system from booting until the exploited boot device is removed.
- risk 0.13cvss 2.0epss 0.00
Dell BIOS versions contain an Improper Protection Against Voltage and Clock Glitches vulnerability. An attacker with physical access to the system could potentially exploit this vulnerability by triggering a fault condition in order to change the behavior of the system.
- CVE-2013-3582Aug 28, 2013risk 0.00cvss —epss 0.03
Buffer overflow in Dell BIOS on Dell Latitude D###, E####, XT2, and Z600 devices, and Dell Precision M#### devices, allows local users to bypass intended BIOS signing requirements and install arbitrary BIOS images by leveraging administrative privileges and providing a crafted…
Page 6 of 6