CVE-2022-27541

CWE-3673 documents3 sources

Severity

7.8HIGH

EPSS

0.2%

top 61.18%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

388

HP Dragonfly Folio 13.5 Inch G3 2-in-1 Notebook PC Firmware HP Elite Dragonfly 13.5 Inch G3 Notebook PC Firmware HP Elite Dragonfly Firmware +385 more

Timeline

PublishedJun 12

Description

Potential Time-of-Check to Time-of Use (TOCTOU) vulnerabilities have been identified in the HP BIOS for certain HP PC products which may allow arbitrary code execution, denial of service, and information disclosure.

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:HExploitability: 1.1 | Impact: 6.0

Affected Packages388 packages

▶CVEListV5hp_inc./hp_pc_biosSee HP Security Bulletin reference for affected versions.

▶NVDhp/elite_slice2.58

▶NVDhp/elite_slice_firmware2.58

▶NVDhp/elite_x2_g4_firmware01.21.01

▶NVDhp/zbook_15_g3_firmware1.57

🔴Vulnerability Details

GHSA

GHSA-jrjp-vpcv-wvm5: Potential Time-of-Check to Time-of Use (TOCTOU) vulnerabilities have been identified in the HP BIOS for certain HP PC products which may allow arbitra↗2023-06-12

▶

CVEList

CVE-2022-27541: Potential Time-of-Check to Time-of Use (TOCTOU) vulnerabilities have been identified in the HP BIOS for certain HP PC products which may allow arbitra↗2023-06-12

▶