Vulnerability Description
Potential vulnerabilities have been identified in UEFI firmware (BIOS) for some PC products which may allow escalation of privilege and arbitrary code execution.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Hp | Elite Dragonfly Firmware | < 01.12.00 |
| Hp | Elite Dragonfly | - |
| Hp | Elite Dragonfly G2 Firmware | < 01.08.00 |
| Hp | Elite Dragonfly G2 | - |
| Hp | Elite Dragonfly Max Firmware | < 01.08.00 |
| Hp | Elite Dragonfly Max | - |
| Hp | Elite X2 1013 G3 Firmware | < 01.19.00 |
| Hp | Elite X2 1013 G3 | - |
| Hp | Elite X2 G4 Firmware | < 01.12.00 |
| Hp | Elite X2 G4 | - |
| Hp | Elite X2 G8 Tablet Firmware | < 01.08.00 |
| Hp | Elite X2 G8 Tablet | - |
| Hp | Elitebook 1050 G1 Firmware | < 01.19.00 |
| Hp | Elitebook 1050 G1 | - |
| Hp | Elitebook 830 G5 Firmware | < 01.19.00 |
| Hp | Elitebook 830 G5 | - |
| Hp | Elitebook 830 G6 Firmware | < 01.12.00 |
| Hp | Elitebook 830 G6 | - |
| Hp | Elitebook 830 G7 Firmware | < 01.08.00 |
| Hp | Elitebook 830 G7 | - |
References
- https://support.hp.com/us-en/document/ish_5661066-5661090-16PatchVendor Advisory
- https://support.hp.com/us-en/document/ish_5661066-5661090-16PatchVendor Advisory
FAQ
What is CVE-2021-39299?
CVE-2021-39299 is a vulnerability with a CVSS score of 8.8 (HIGH). Potential vulnerabilities have been identified in UEFI firmware (BIOS) for some PC products which may allow escalation of privilege and arbitrary code execution.
How severe is CVE-2021-39299?
CVE-2021-39299 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-39299?
Check the references section above for vendor advisories and patch information. Affected products include: Hp Elite Dragonfly Firmware, Hp Elite Dragonfly, Hp Elite Dragonfly G2 Firmware, Hp Elite Dragonfly G2, Hp Elite Dragonfly Max Firmware.