Strix
26.1K

CVE-2022-27538

HIGHCVSS 7/10EPSS 0.14%

Last modified

CVE-2022-27538 is a high-severity vulnerability rated 7/10 on the CVSS scale. A potential Time-of-Check to Time-of-Use (TOCTOU) vulnerability has been identified in the BIOS for certain HP PC products which may allow arbitrary code execution, denial of service, and information disclosure. HP is releasing BIOS updates to mitigate the potential vulnerability.. EPSS estimates a 0.14% chance of exploitation in the next 30 days.

Description

A potential Time-of-Check to Time-of-Use (TOCTOU) vulnerability has been identified in the BIOS for certain HP PC products which may allow arbitrary code execution, denial of service, and information disclosure. HP is releasing BIOS updates to mitigate the potential vulnerability.

Metrics

CVSS 3.1
7/10

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Probability
0.14%

3.6th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
HpDragonfly Folio G3 2-In-1 Firmware< 01.03.01
HpElite Dragonfly Firmware< 01.22.00
HpElite Dragonfly G3 Firmware< 01.04.00
HpElite Dragonfly G2 Firmware< 01.11.00
HpElite Dragonfly Max Firmware< 01.11.00
HpElite X2 1013 G3 Firmware< 01.22.00
HpElite X2 G4 Firmware< 01.22.00
HpElite X2 G8 Tablet Firmware< 01.11.00
HpElite X360 1040 G9 2-In-1 Firmware< 01.04.02
HpElitebook 1040 G9 Firmware< 01.04.02
HpElitebook 1050 G1 Firmware< 01.22.00
HpElitebook 630 G9 Firmware< 01.05.00
HpElitebook 640 G9 Firmware< 01.05.00
HpElitebook 645 G9 Firmware< 01.09.00
HpElitebook 650 G9 Firmware< 01.05.00
HpElitebook 655 G9 Firmware< 01.09.00
HpElitebook 735 G5 Firmware< 01.22.00
HpElitebook 735 G6 Firmware< 01.22.00
HpElitebook 745 G5 Firmware< 01.22.00
HpElitebook 745 G6 Firmware< 01.22.00
HpElitebook 755 G5 Firmware< 01.22.00
HpElitebook 830 G9 Firmware< 01.04.02
HpElitebook 830 G5 Firmware< 01.22.00
HpElitebook 830 G6 Firmware< 01.22.00
HpElitebook 830 G7 Firmware< 01.11.00
HpElitebook 830 G8 Firmware< 01.11.00
HpElitebook 835 G9 Firmware< 01.03.01
HpElitebook 835 G7 Firmware< 01.11.00
HpElitebook 835 G8 Firmware< 01.11.00
HpElitebook 836 G5 Firmware< 01.22.00
HpElitebook 836 G6 Firmware< 01.22.00
HpElitebook 840 G9 Firmware< 01.04.02
HpElitebook 840 Aero G8 Firmware< 01.11.00
HpElitebook 840 G5 Firmware< 01.22.00
HpElitebook 840 G5 Healthcare Edition Firmware< 01.22.00
HpElitebook 840 G6 Firmware< 01.22.00
HpElitebook 840 G6 Healthcare Edition Firmware< 01.22.00
HpElitebook 840 G7 Firmware< 01.11.00
HpElitebook 840 G8 Firmware< 01.11.00
HpElitebook 840r G4 Firmware< 01.22.00
HpElitebook 845 G9 Firmware< 01.03.01
HpElitebook 845 G7 Firmware< 01.11.00
HpElitebook 845 G8 Firmware< 01.11.00
HpElitebook 846 G5 Firmware< 01.22.00
HpElitebook 850 G5 Firmware< 01.22.00
HpElitebook 850 G6 Firmware< 01.22.00
HpElitebook 850 G7 Firmware< 01.11.00
HpElitebook 850 G8 Firmware< 01.11.00
HpElitebook 855 G7 Firmware< 01.11.00
HpElitebook 855 G8 Firmware< 01.11.00

Showing 50 of 317 affected configurations. See NVD for the full list.

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2022-27538?
A potential Time-of-Check to Time-of-Use (TOCTOU) vulnerability has been identified in the BIOS for certain HP PC products which may allow arbitrary code execution, denial of service, and information disclosure. HP is releasing BIOS updates to mitigate the potential vulnerability.
How severe is CVE-2022-27538?
CVE-2022-27538 has a CVSS score of 7/10 (HIGH severity). The EPSS model estimates a 0.14% probability of exploitation in the next 30 days.
How do I fix CVE-2022-27538?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2022-27538?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST