CVE-2022-27540
Last modified
CVE-2022-27540 is a high-severity vulnerability rated 7.8/10 on the CVSS scale. A potential Time-of-Check to Time-of Use (TOCTOU) vulnerability has been identified in the HP BIOS for certain HP PC products, which might allow arbitrary code execution, denial of service, and information disclosure. HP is releasing BIOS updates to mitigate the potential vulnerability.. EPSS estimates a 0.12% chance of exploitation in the next 30 days.
Description
A potential Time-of-Check to Time-of Use (TOCTOU) vulnerability has been identified in the HP BIOS for certain HP PC products, which might allow arbitrary code execution, denial of service, and information disclosure. HP is releasing BIOS updates to mitigate the potential vulnerability.
Metrics
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Hp | Elitebook 745 G4 Firmware | < 1.45 |
| Hp | Elitebook 745 G5 Firmware | < 01.26.01 |
| Hp | Elitebook 745 G6 Firmware | < 01.26.00 |
| Hp | Elitebook 755 G4 Firmware | < 1.45 |
| Hp | Elitebook 755 G5 Firmware | < 01.26.01 |
| Hp | Elitebook 820 G3 Firmware | < 1.6 |
| Hp | Elitebook 820 G4 Firmware | < 1.48 |
| Hp | Elitebook 828 G3 Firmware | < 1.6 |
| Hp | Elitebook 828 G4 Firmware | < 1.48 |
| Hp | Elitebook 830 13.3 Inch G9 Notebook Pc Firmware | < 01.07.00 |
| Hp | Elitebook 830 G5 Firmware | < 01.28.00 |
| Hp | Elitebook 830 G6 Firmware | < 01.26.00 |
| Hp | Elitebook 830 G7 Firmware | < 01.14.00 |
| Hp | Elitebook 830 G8 Firmware | < 01.15.02 |
| Hp | Elitebook 835 13 Inch G9 Notebook Pc Firmware | < 01.05.01 |
| Hp | Elitebook 735 G6 Firmware | < 01.26.00 |
| Hp | Elitebook 735 G5 Firmware | < 01.26.01 |
| Hp | Elitebook 725 G4 Firmware | < 1.45 |
| Hp | Elitebook 650 15.6 Inch G9 Notebook Pc Firmware | < 01.07.00 |
| Hp | Elitebook 640 14 Inch G9 Notebook Pc Firmware | < 01.07.00 |
| Hp | Elitebook 630 13 Inch G9 Notebook Pc Firmware | < 01.07.00 |
| Hp | Elitebook 1050 G1 Firmware | < 01.28.00 |
| Hp | Elitebook 1040 G4 Firmware | < 1.5 |
| Hp | Elitebook 1040 G3 Firmware | < 1.6 |
| Hp | Elitebook 1040 14 Inch G9 Notebook Pc Firmware | < 01.07.00 |
| Hp | Elitebook 1030 G1 Firmware | < 1.6 |
| Hp | Elite X360 1040 14 Inch G9 2-In-1 Notebook Pc Firmware | < 01.07.00 |
| Hp | Elite X2 G8 Tablet Firmware | < 01.11.00 |
| Hp | Elite X2 G4 Firmware | 01.26.0 |
| Hp | Elite X2 1013 G3 Firmware | 01.28.00 |
| Hp | Elite X2 1012 G2 Firmware | 1.48 |
| Hp | Elite X2 1012 G1 Tablet With Travel Keyboard Firmware | 1.6 |
| Hp | Elite X2 1012 G1 Tablet Firmware | 1.6 |
| Hp | Elite X2 1012 G1 Firmware | < 1.6 |
| Hp | Elite Dragonfly Max Firmware | < 01.11.00 |
| Hp | Elite Dragonfly G2 Firmware | < 01.11.00 |
| Hp | Elite Dragonfly 13.5 Inch G3 Notebook Pc Firmware | < 01.07.00 |
| Hp | Elite Dragonfly Firmware | < 01.26.00 |
| Hp | Dragonfly Folio 13.5 Inch G3 2-In-1 Notebook Pc Firmware | < 01.07.00 |
| Hp | Elitebook 835 G7 Firmware | < 01.14.00 |
| Hp | Proone 440 G6 24 All-In-One Pc Firmware | < 02.16.00 |
| Hp | Proone 480 G3 20-Inch Non-Touch All-In One Pc Firmware | < 2.48 |
| Hp | Proone 600 G3 21.5-Inch Non-Touch All-In-One Pc Firmware | < 2.48 |
| Hp | Proone 600 G4 21.5-Inch Touch All-In-One Business Pc Firmware | < 02.29.01 |
| Hp | Proone 600 G5 21.5-In All-In-One Business Pc Firmware | < 02.19.00 |
| Hp | Proone 600 G6 22 All-In-One Pc Firmware | < 02.16.00 |
| Hp | Z1 Entry Tower G6 Firmware | < 02.16.00 |
| Hp | Z1 G8 Tower Desktop Pc Firmware | < 02.10.00 |
| Hp | Z1 G9 Tower Desktop Pc Firmware | < 02.10.05 |
| Hp | Zhan 66 Pro G3 22 All-In-One Pc Firmware | < 02.16.00 |
Showing 50 of 354 affected configurations. See NVD for the full list.
References
Timeline
- Published
- Last Modified
- Status
- Analyzed
Frequently Asked Questions
What is CVE-2022-27540?
How severe is CVE-2022-27540?
How do I fix CVE-2022-27540?
Are you affected by CVE-2022-27540?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST