CVE-2022-27540

CWE-3673 documents3 sources

Severity

7.8HIGH

EPSS

0.2%

top 62.26%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

354

HP Dragonfly Folio 13.5 Inch G3 2-in-1 Notebook PC Firmware HP Elite Dragonfly 13.5 Inch G3 Notebook PC Firmware HP Elite Dragonfly Firmware +351 more

Timeline

PublishedJun 28

Latest updateJun 29

Description

A potential Time-of-Check to Time-of Use (TOCTOU) vulnerability has been identified in the HP BIOS for certain HP PC products, which might allow arbitrary code execution, denial of service, and information disclosure. HP is releasing BIOS updates to mitigate the potential vulnerability.

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:HExploitability: 1.1 | Impact: 6.0

Affected Packages354 packages

▶CVEListV5hp_inc./hp_pc_biosSee HP Security Bulletin reference for affected versions.

▶NVDhp/zbook_15_g3_firmware< 1.6

▶NVDhp/zbook_15_g4_firmware< 1.48

▶NVDhp/zbook_15_g5_firmware< 01.28.00

▶NVDhp/zbook_15_g6_firmware< 01.26.00

🔴Vulnerability Details

GHSA

GHSA-gfx2-f362-7f24: A potential Time-of-Check to Time-of Use (TOCTOU) vulnerability has been identified in the HP BIOS for certain HP PC products, which might allow arbit↗2024-06-29

▶

CVEList

CVE-2022-27540: A potential Time-of-Check to Time-of Use (TOCTOU) vulnerability has been identified in the HP BIOS for certain HP PC products, which might allow arbit↗2024-06-28

▶