CVE-2022-31645 — Race Condition in INC HP PC Bios

CWE-362 — Race Condition3 documents3 sources

Severity

7.8HIGHNVD

EPSS

0.1%

top 68.07%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

328

HP INC HP PC Bios HP Dragonfly Folio G3 2-in-1 Firmware HP Elite Dragonfly Firmware +325 more

Timeline

PublishedJun 14

Description

Potential vulnerabilities have been identified in the system BIOS of certain HP PC products, which might allow arbitrary code execution, escalation of privilege, denial of service, and information disclosure.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages328 packages

▶CVEListV5hp_inc/hp_pc_biosSee HP Security Bulletin reference for affected versions.

▶NVDhp/mp9_g2_retail_system_firmware2.59

▶NVDhp/mp9_g4_retail_system_firmware02.21.00

▶NVDhp/rp9_g1_retail_system_firmware2.59

▶NVDhp/engage_one_aio_system_firmware2.44

🔴Vulnerability Details

CVEList

CVE-2022-31645: Potential vulnerabilities have been identified in the system BIOS of certain HP PC products, which might allow arbitrary code execution, escalation of↗2023-06-14

▶

GHSA

GHSA-qwmr-wx3q-pqfq: Potential vulnerabilities have been identified in the system BIOS of certain HP PC products, which might allow arbitrary code execution, escalation of↗2023-06-14

▶