CVE-2021-36342

Description

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM.

CVSS breakdown

CVSS 3.1

Attack Vector

Local

Attack Complexity

High

Privileges Required

High

User Interaction

None

Scope

Changed

Confidentiality

High

Integrity

High

Availability

High

Affected products

Dell / CPG BIOSunspecified – 1.14

References

MISChttps://www.dell.com/support/kbdoc/en-us/000193321/dsa-2021-240