CVE-2022-27537

HIGH

HP Elite and Dragonfly Firmware - Arbitrary Code Execution

Title source: llm

Description

Potential vulnerabilities have been identified in the system BIOS of certain HP PC products, which might allow arbitrary code execution, escalation of privilege, denial of service, and information disclosure. HP is releasing BIOS updates to mitigate these potential vulnerabilities.

References (1)

Core 1

Core References

Vendor Advisory

https://support.hp.com/us-en/document/ish_6664419-6664458-16/hpsbhf03806

Scores

CVSS v3 7.8

EPSS 0.0020

EPSS Percentile 41.9%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-94

Status published

Products (50)

hp/dragonfly_folio_g3_2-in-1_firmware 01.01.03

hp/elite_dragonfly_firmware 01.21.01

hp/elite_dragonfly_g2_firmware 01.10.00

hp/elite_dragonfly_g3_firmware 01.03.01

hp/elite_dragonfly_max_firmware 01.10.00

hp/elite_folio_2-in-1_firmware not_impacted

hp/elite_mini_600_g9_firmware 02.05.00

hp/elite_mini_800_g9_firmware 02.05.00

hp/elite_sff_600_g9_firmware 02.05.01

hp/elite_sff_800_g9_firmware 02.05.01

... and 40 more

Published Feb 01, 2023

Tracked Since Feb 18, 2026