CVE-2022-31635

Name: CVE-2022-31635
Creator: NVD / NIST
Published: 2023-06-13T17:15:12.567+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

HIGHCVSS 7.8/10EPSS 0.14%

Last modified Jun 17, 2026

CVE-2022-31635 is a high-severity vulnerability rated 7.8/10 on the CVSS scale. Potential time-of-check to time-of-use (TOCTOU) vulnerabilities have been identified in the BIOS for certain HP PC products, which might allow arbitrary code execution, escalation of privilege, denial of service, and information disclosure.. EPSS estimates a 0.14% chance of exploitation in the next 30 days.

Description

Potential time-of-check to time-of-use (TOCTOU) vulnerabilities have been identified in the BIOS for certain HP PC products, which might allow arbitrary code execution, escalation of privilege, denial of service, and information disclosure.

Metrics

CVSS 3.1

7.8/10

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

EPSS Probability

0.14%

3.6th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

Vendor	Product	Versions
Hp	Zcentral 4r Workstation Firmware	<= 1.24
Hp	Z1 All-In-One G3 Workstation Firmware	<= 1.33
Hp	Elitebook 725 G4 Firmware	<= 1.42
Hp	Elitebook 745 G4 Firmware	<= 1.42
Hp	Elitebook 755 G4 Firmware	<= 1.42
Hp	Probook 645 G3 Firmware	<= 1.42
Hp	Probook 655 G3 Firmware	<= 1.42
Hp	Mt43 Mobile Thin Client Firmware	<= 1.42
Hp	Elite X2 1012 G2 Firmware	<= 1.43
Hp	Elitebook 1040 G4 Firmware	<= 1.43
Hp	Elitebook 820 G4 Firmware	<= 1.43
Hp	Elitebook 828 G4 Firmware	<= 1.43
Hp	Elitebook 840 G4 Firmware	<= 1.43
Hp	Elitebook 848 G4 Firmware	<= 1.43
Hp	Elitebook 850 G4 Firmware	<= 1.43
Hp	Elitebook X360 1020 G2 Firmware	<= 1.43
Hp	Elitebook X360 1030 G2 Firmware	<= 1.43
Hp	Pro X2 612 G2 Firmware	<= 1.43
Hp	Probook 455 G4 Firmware	<= 1.43
Hp	Probook 640 G3 Firmware	<= 1.43
Hp	Probook 650 G3 Firmware	<= 1.43
Hp	Zbook 14u G4 Firmware	<= 1.43
Hp	Zbook 15 G4 Firmware	<= 1.43
Hp	Zbook 15u G4 Firmware	<= 1.43
Hp	Zbook 17 G4 Firmware	<= 1.43
Hp	Zbook Studio G4 Firmware	<= 1.43
Hp	Zbook X2 G4 Firmware	<= 1.43
Hp	Probook X360 11 G2 Ee Firmware	<= 1.45
Hp	Elitebook 725 G3 Firmware	<= 1.55
Hp	Elitebook 745 G3 Firmware	<= 1.55
Hp	Elitebook 755 G3 Firmware	<= 1.55
Hp	Probook 455 G3 Firmware	<= 1.55
Hp	Probook 645 G2 Firmware	<= 1.55
Hp	Probook 655 G2 Firmware	<= 1.55
Hp	Elite X2 1012 G1 Firmware	<= 1.57
Hp	Elite X2 1012 G1 Tablet Firmware	<= 1.57
Hp	Elite X2 1012 G1 Tablet With Travel Keyboard Firmware	<= 1.57
Hp	Elitebook 1030 G1 Firmware	<= 1.57
Hp	Elitebook 1040 G3 Firmware	<= 1.57
Hp	Elitebook 820 G3 Firmware	<= 1.57
Hp	Elitebook 828 G3 Firmware	<= 1.57
Hp	Elitebook 840 G3 Firmware	<= 1.57
Hp	Elitebook 848 G3 Firmware	<= 1.57
Hp	Elitebook 850 G3 Firmware	<= 1.57
Hp	Elitebook Folio G1 Firmware	<= 1.57
Hp	Probook 11 Ee G2 Firmware	<= 1.57
Hp	Probook 430 G3 Firmware	<= 1.57
Hp	Probook 440 G3 Firmware	<= 1.57
Hp	Probook 446 G3 Firmware	<= 1.57
Hp	Probook 450 G3 Firmware	<= 1.57

Showing 50 of 403 affected configurations. See NVD for the full list.

References

https://support.hp.com/us-en/document/ish_7149996-7150021-16/hpsbhf03814Broken Link, Vendor Advisory
https://support.hp.com/us-en/document/ish_7149996-7150021-16/hpsbhf03814Broken Link, Vendor Advisory

Timeline

Published: Jun 13, 2023
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2022-31635?

How severe is CVE-2022-31635?

CVE-2022-31635 has a CVSS score of 7.8/10 (HIGH severity). The EPSS model estimates a 0.14% probability of exploitation in the next 30 days.

How do I fix CVE-2022-31635?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2022-31635?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST