Risk | Low |
Patch available | YES |
Number of vulnerabilities | 4 |
CVE-ID | CVE-2023-22612 CVE-2023-22613 CVE-2023-22615 CVE-2022-24350 |
CWE-ID | CWE-119 |
Exploitation vector | Local |
Public exploit | N/A |
Vulnerable software Subscribe |
Dell G15 5515 Hardware solutions / Firmware Alienware m15 Ryzen Edition R5 Hardware solutions / Firmware |
Vendor | Dell |
Security Bulletin
This security bulletin contains information about 4 vulnerabilities.
EUVDB-ID: #VU75027
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-22612
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error within the Insyde BIOS code. A local user can trigger memory corruption and execute arbitrary code with elevated privileges.
Install update from vendor's website.
Vulnerable software versionsDell G15 5515: before 1.11.1
Alienware m15 Ryzen Edition R5: before 1.12.1
CPE2.3http://www.dell.com/support/kbdoc/nl-nl/000211895/dsa-2023-126
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU75025
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-22613
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error within the Insyde BIOS code. A local user can trigger memory corruption and execute arbitrary code with elevated privileges.
Install update from vendor's website.
Vulnerable software versionsDell G15 5515: before 1.11.1
Alienware m15 Ryzen Edition R5: before 1.12.1
CPE2.3http://www.dell.com/support/kbdoc/nl-nl/000211895/dsa-2023-126
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU75026
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-22615
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error within the Insyde BIOS code. A local user can trigger memory corruption and execute arbitrary code with elevated privileges.
Install update from vendor's website.
Vulnerable software versionsDell G15 5515: before 1.11.1
Alienware m15 Ryzen Edition R5: before 1.12.1
CPE2.3http://www.dell.com/support/kbdoc/nl-nl/000211895/dsa-2023-126
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU75028
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-24350
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error within the Insyde BIOS code. A local user can trigger memory corruption and execute arbitrary code with elevated privileges.
Install update from vendor's website.
Vulnerable software versionsDell G15 5515: before 1.11.1
Alienware m15 Ryzen Edition R5: before 1.12.1
CPE2.3http://www.dell.com/support/kbdoc/nl-nl/000211895/dsa-2023-126
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.