CVE-2022-27538

HIGH

HP Elite and Dragonfly Firmware - Time-of-Check Time-of-Use Race Condition

Title source: llm

Description

A potential Time-of-Check to Time-of-Use (TOCTOU) vulnerability has been identified in the BIOS for certain HP PC products which may allow arbitrary code execution, denial of service, and information disclosure. HP is releasing BIOS updates to mitigate the potential vulnerability.

References (1)

Core 1

Core References

Patch, Vendor Advisory

https://support.hp.com/us-en/document/ish_7387020-7387107-16/hpsbhf03827

Scores

CVSS v3 7.0

EPSS 0.0003

EPSS Percentile 9.5%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-367

Status published

Products (50)

hp/dragonfly_folio_g3_2-in-1_firmware < 01.03.01

hp/elite_dragonfly_firmware < 01.22.00

hp/elite_dragonfly_g2_firmware < 01.11.00

hp/elite_dragonfly_g3_firmware < 01.04.00

hp/elite_dragonfly_max_firmware < 01.11.00

hp/elite_mini_600_g9_firmware < 02.06.00

hp/elite_mini_800_g9_firmware < 02.06.00

hp/elite_sff_600_g9_firmware < 02.06.00

hp/elite_sff_800_g9_firmware < 02.06.00

hp/elite_slice_firmware < 02.59

... and 40 more

Published Feb 01, 2023

Tracked Since Feb 18, 2026