CVE-2022-31638

HIGH

HP EliteBook 850 G3 Firmware < 1.43 - Time-of-check Time-of-use Race Condition

Title source: llm

Description

Potential time-of-check to time-of-use (TOCTOU) vulnerabilities have been identified in the BIOS for certain HP PC products, which might allow arbitrary code execution, escalation of privilege, denial of service, and information disclosure.

References (1)

Core 1

Core References

Broken Link, Vendor Advisory

https://support.hp.com/us-en/document/ish_7149996-7150021-16/hpsbhf03814

Scores

CVSS v3 7.8

EPSS 0.0017

EPSS Percentile 38.4%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-367

Status published

Products (50)

hp/dragonfly_folio_13.5_inch_g3_2-in-1_notebook_pc_firmware < 0.10.103

hp/elite_dragonfly_13.5_inch_g3_notebook_pc_firmware < 01.03.01

hp/elite_dragonfly_firmware < 01.21.01

hp/elite_dragonfly_g2_firmware < 01.09.10

hp/elite_dragonfly_max_firmware < 01.09.10

hp/elite_mini_600_g9_desktop_pc_firmware < 02.05.00

hp/elite_mini_800_g9_desktop_pc_firmware < 02.05.00

hp/elite_sff_600_g9_desktop_pc_firmware < 02.05.01

hp/elite_sff_800_g9_desktop_pc_firmware < 02.05.01

hp/elite_slice_firmware < 2.58

... and 40 more

Published Jun 13, 2023

Tracked Since Feb 18, 2026