CVE-2022-31637

CWE-3673 documents3 sources

Severity

7.8HIGH

EPSS

0.2%

top 61.18%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

404

HP Dragonfly Folio 13.5 Inch G3 2-in-1 Notebook PC Firmware HP Elite Dragonfly 13.5 Inch G3 Notebook PC Firmware HP Elite Dragonfly Firmware +401 more

Timeline

PublishedJun 13

Description

Potential time-of-check to time-of-use (TOCTOU) vulnerabilities have been identified in the BIOS for certain HP PC products, which might allow arbitrary code execution, escalation of privilege, denial of service, and information disclosure.

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:HExploitability: 1.1 | Impact: 6.0

Affected Packages404 packages

▶CVEListV5hp_inc./hp_pc_biosSee HP Security Bulletin reference for affected versions.

▶NVDhp/elite_slice2.58

▶NVDhp/elite_slice_firmware2.58

▶NVDhp/elite_x2_g4_firmware01.21.01

▶NVDhp/zbook_15_g3_firmware1.57

🔴Vulnerability Details

CVEList

CVE-2022-31637: Potential time-of-check to time-of-use (TOCTOU) vulnerabilities have been identified in the BIOS for certain HP PC products, which might allow arbitra↗2023-06-13

▶

GHSA

GHSA-hwpq-66qg-m4hh: Potential time-of-check to time-of-use (TOCTOU) vulnerabilities have been identified in the BIOS for certain HP PC products, which might allow arbitra↗2023-06-13

▶