high
8.2
CWE
119 20
Advisory Published
Updated

CVE-2022-24415: Buffer Overflow

First published: Thu Mar 10 2022(Updated: )

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution during SMM.

Credit: security_alert@emc.com

Affected SoftwareAffected VersionHow to fix
Dell Alienware 13 R3 Firmware<1.16.1
Dell Alienware 13 R3 Firmware
Dell Alienware 15 R3 Firmware<1.16.1
Dell Alienware 15 R3 Firmware
Dell Alienware 15 R4 Firmware<1.17.0
Dell Alienware 15 R4 Firmware
Dell Alienware M17xr4<1.16.1
Dell Alienware 17 R4 Firmware
Dell Alienware 17 R5<1.17.0
Dell Alienware m17 R5
Dell Alienware Area 51m R1 Firmware<1.18.0
Dell Alienware Area 51m R1 Firmware
Dell Alienware Area 51m R2 Firmware<1.13.0
Dell Alienware Area 51m R2 Firmware
Dell Alienware Aurora R8<1.0.20
Dell Alienware Aurora R8
Dell Alienware m15 R2 Firmware<1.12.0
Dell Alienware m15 R2 Firmware
Dell Alienware m15 R3 Firmware<1.14.0
Dell Alienware 15 R3
Dell Alienware M15 R4 Firmware<1.8.0
Dell Alienware M15 R4 Firmware
Dell Alienware m17 R2 firmware<1.12.0
Dell Alienware m17 R2 firmware
Dell Alienware m17 R3 firmware<1.14.0
Dell Alienware m17 R3 firmware
Dell Alienware M17xr4<1.8.0
Dell Alienware M17xr4
Dell Alienware x15 R1 Firmware<1.7.0
Dell Alienware x15 R1 Firmware
Dell Alienware X17 R1 Firmware<1.7.0
Dell Alienware X17 R1 Firmware
ETG3000 FactoryCast HMI Gateway Firmware<1.7.0
Dell Edge Gateway 3000
Dell Edge Gateway 5000 firmware<1.17.0
Dell Edge Gateway 5000 firmware
Dell Edge Gateway 5100<1.17.0
Dell Edge Gateway 5100 firmware
Dell Embedded Box PC 3000 Firmware<1.13.0
Dell Embedded Box PC 3000 Firmware
Dell Embedded Box PC 5000<1.14.0
Dell Embedded Box PC 5000
Dell Inspiron 14 3473 Firmware<1.14.0
Dell Inspiron 14 3473 Firmware
Dell Inspiron 15 3573 Firmware<1.14.0
Dell Inspiron 15 3573 Firmware
Dell Inspiron 5566 Firmware<1.18.0
Dell Inspiron 5566 Firmware
Dell Inspiron 3277 AIO Firmware<1.19.0
Dell Inspiron 3277 Firmware
Dell Inspiron 3465<1.12.0
Dell Inspiron 3465 Firmware
Dell Inspiron 3477 AIO Firmware<1.19.0
Dell Inspiron 3477 Firmware
Dell Inspiron 3482 Firmware<1.13.0
Dell Inspiron 3482 Firmware
Dell Inspiron 3502 Firmware<1.7.0
Dell Inspiron 3502 Firmware
Dell Inspiron 15 3510 Firmware<1.6.0
Dell Inspiron 15 3510
Dell Inspiron 3565 Firmware<1.12.0
Dell Inspiron 3565 Firmware
Dell Inspiron 3582 Firmware<1.13.0
Dell Inspiron 3582 Firmware
Dell Inspiron 3782 Firmware<1.13.0
Dell Inspiron 3782
Dell Latitude 3379 Firmware<1.0.34
Dell Latitude 3379 Firmware
Dell Vostro 14 5468<1.19.0
Dell Vostro 5468
Dell Vostro 15 5568 Firmware<1.19.0
Dell Vostro 15 5568 Firmware
Dell Vostro 3267 Firmware<1.20.0
Dell Vostro 3267 Firmware
Dell Vostro 3268 Firmware<1.20.0
Dell Vostro 3268 Firmware
Dell Vostro 3572 Firmware<1.14.0
Dell Vostro 3572 Firmware
Dell Vostro 3582 Firmware<1.13.0
Dell Vostro 3582 Firmware
Dell Vostro 3660 firmware<1.20.0
Dell Vostro 3660 firmware
Dell Vostro 3667 Firmware<1.20.0
Dell Vostro 3667 Firmware
Dell Vostro 3668 Firmware<1.20.0
Dell Vostro 3668 Firmware
Dell Vostro 3669 Firmware<1.20.0
Dell Vostro 3669 Firmware
Dell Wyse 7040 Thin Firmware<1.15.0
Dell Wyse 7040
Dell XPS 8930 Firmware<1.1.21
Dell XPS 8930 Firmware

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Frequently Asked Questions

  • What is the severity of CVE-2022-24415?

    CVE-2022-24415 is rated as a medium severity vulnerability.

  • How do I fix CVE-2022-24415?

    To fix CVE-2022-24415, update the affected Dell BIOS firmware to the latest available version.

  • Which Dell systems are affected by CVE-2022-24415?

    CVE-2022-24415 affects various Dell Alienware systems and some other Dell models with specific firmware versions.

  • Can CVE-2022-24415 lead to significant exploitation risks?

    Yes, CVE-2022-24415 could allow a local authenticated user to execute arbitrary code, posing serious security risks.

  • Is there a workaround for CVE-2022-24415 until the firmware is updated?

    Currently, there is no known workaround for CVE-2022-24415; updating firmware is the only mitigation.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2025 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203