CVE-2022-27540

HIGH

HP EliteBook 836 G5 Firmware - Time-of-check Time-of-use Race Condition

Title source: llm

Description

A potential Time-of-Check to Time-of Use (TOCTOU) vulnerability has been identified in the HP BIOS for certain HP PC products, which might allow arbitrary code execution, denial of service, and information disclosure. HP is releasing BIOS updates to mitigate the potential vulnerability.

References (1)

Core 1

Core References

Vendor Advisory

https://support.hp.com/us-en/document/ish_10810714-10810745-16/hpsbhf03948

Scores

CVSS v3 7.8

EPSS 0.0013

EPSS Percentile 31.6%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-367

Status published

Products (50)

hp/dragonfly_folio_13.5_inch_g3_2-in-1_notebook_pc_firmware < 01.07.00

hp/elite_dragonfly_13.5_inch_g3_notebook_pc_firmware < 01.07.00

hp/elite_dragonfly_firmware < 01.26.00

hp/elite_dragonfly_g2_firmware < 01.11.00

hp/elite_dragonfly_max_firmware < 01.11.00

hp/elite_mini_600_g9_desktop_pc_firmware < 02.10.04

hp/elite_mini_800_g9_desktop_pc_firmware < 02.10.04

hp/elite_mt645_g7_mobile_thin_client_firmware < 01.10.01

hp/elite_sff_600_g9_desktop_pc_firmware < 02.10.05

hp/elite_sff_800_g9_desktop_pc_firmware < 02.10.05

... and 40 more

Published Jun 28, 2024

Tracked Since Feb 18, 2026