CVE-2022-32490 HIGH

CVE-2022-32490

Vendor Dell

Product BIOS

Weakness CWE-20 · Input validation

Published January 18, 2023

Last update April 3, 2025

View on NVD All CVEs

CVSS base score

7.5/10

Attack vector Local

Attack complexity High

Privileges required High

User interaction None

Confidentiality High

Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

What the vulnerability does

01Description

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM.

Key dates

02Disclosure timeline

January 18, 2023 CVE published

April 3, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2022-32490

Related vulnerabilities

04Related CVE

CVE-2021-40127 Cisco Small Business 200, 300, and 500 Series Switches Web-Based Management Interface Denial of Service Vulnerability CVE-2023-32721 Stored XSS in Maps element CVE-2025-24074 Microsoft DWM Core Library Elevation of Privilege Vulnerability CVE-2026-21495 Division by Zero in iccDEV TIFF Image Reader CVE-2021-36030 Magento Commerce Improper Input Validation During Checkout Process Could Lead To Privilege Escalation