CVE-2022-32486 HIGH

CVE-2022-32486

Vendor Dell

Product CPG BIOS

Weakness CWE-20 · Input validation

Published October 11, 2022

Last update May 16, 2025

View on NVD All CVEs

CVSS base score

7.5/10

Attack vector Local

Attack complexity High

Privileges required High

User interaction None

Confidentiality High

Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

What the vulnerability does

01Description

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM.

Key dates

02Disclosure timeline

October 11, 2022 CVE published

May 16, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2022-32486 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/20.html

Related vulnerabilities

04Related CVE

CVE-2026-47931 ColdFusion | Improper Input Validation (CWE-20) CVE-2019-9503 Broadcom brcmfmac driver is vulnerable to a frame validation bypass CVE-2019-1760 Cisco IOS XE Software Performance Routing Version 3 Denial of Service Vulnerability CVE-2022-35724 Denial of service while reading data in Avro Rust SDK CVE-2023-44183 Junos OS: QFX5000 Series, EX4600 Series: In a VxLAN scenario an adjacent attacker within the VxLAN sending genuine packets may cause a DMA memory leak to occur.