CVE-2022-37020

CWE-120 — Classic Buffer Overflow CWE-476 — NULL Pointer Dereference4 documents4 sources

Severity

6.8MEDIUM

EPSS

0.3%

top 44.84%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

HP Elite Slice Firmware HP Elite Slice FOR Meeting Rooms Firmware HP Elitebook 1040 G3 Firmware +24 more

Timeline

PublishedJun 10

Latest updateOct 7

Description

Potential vulnerabilities have been identified in the system BIOS for certain HP PC products, which might allow escalation of privileges and code execution. HP is releasing firmware updates to mitigate the potential vulnerabilities.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:LExploitability: 2.5 | Impact: 4.2

Affected Packages27 packages

▶NVDhp/mp9_g2_retail_system_firmware< 02.63

▶NVDhp/rp9_g1_retail_system_firmware< 02.64

▶NVDhp/elite_slice_firmware< 00.02.64

▶NVDhp/zbook_15_g3_firmware< 1.62

▶NVDhp/zbook_17_g3_firmware< 1.62

🔴Vulnerability Details

GHSA

GHSA-96w6-6hm2-2gpw: Potential vulnerabilities have been identified in the system BIOS for certain HP PC products, which might allow escalation of privileges and code exec↗2024-06-11

▶

CVEList

HP PC BIOS May 2024 Security Updates for Potential Stack Buffer Overflows↗2024-06-10

▶

📋Vendor Advisories

Red Hat

kernel: scsi: mpt3sas: Fix possible resource leaks in mpt3sas_transport_port_add()↗2025-10-07

▶