CVE-2021-3809

HIGH

HP PC BIOS - Arbitrary Code Execution in UEFI Firmware

Title source: manual

Description

Potential security vulnerabilities have been identified in the BIOS (UEFI Firmware) for certain HP PC products, which might allow arbitrary code execution. HP is releasing firmware updates to mitigate these potential vulnerabilities.

References (1)

Core 1

Core References

Vendor Advisory

https://support.hp.com/us-en/document/ish_6184733-6184761-16/hpsbhf03788

Scores

CVSS v3 7.8

EPSS 0.0006

EPSS Percentile 19.2%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-269

Status published

Products (50)

hp/elite_dragonfly_firmware 01.12.00

hp/elite_slice_firmware 2.55

hp/elite_slice_g2_firmware 2.55

hp/elite_x2_1012_g2_firmware 1.41

hp/elite_x2_1013_g3_firmware 01.19.00

hp/elite_x2_g4_firmware 01.12.00

hp/elitebook_1040_g4_firmware 1.41

hp/elitebook_1050_g1_firmware 01.19.00

hp/elitebook_725_g4_firmware 1.4

hp/elitebook_735_g5_firmware 01.20.00

... and 40 more

Published Feb 01, 2023

Tracked Since Feb 18, 2026