CVE-2022-27540 — HIGH (7.8)

Q: How severe is CVE-2022-27540?

CVE-2022-27540 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2022-27540?

Check the references section above for vendor advisories and patch information. Affected products include: Hp Dragonfly Folio 13.5 Inch G3 2-In-1 Notebook Pc Firmware, Hp Dragonfly Folio 13.5 Inch G3 2-In-1 Notebook Pc, Hp Elite Dragonfly Firmware, Hp Elite Dragonfly, Hp Elite Dragonfly 13.5 Inch G3 Notebook Pc Firmware.

Vulnerability Description

A potential Time-of-Check to Time-of Use (TOCTOU) vulnerability has been identified in the HP BIOS for certain HP PC products, which might allow arbitrary code execution, denial of service, and information disclosure. HP is releasing BIOS updates to mitigate the potential vulnerability.

CVSS Score

7.8

HIGH

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Hp	Dragonfly Folio 13.5 Inch G3 2-In-1 Notebook Pc Firmware	< 01.07.00
Hp	Dragonfly Folio 13.5 Inch G3 2-In-1 Notebook Pc	-
Hp	Elite Dragonfly Firmware	< 01.26.00
Hp	Elite Dragonfly	-
Hp	Elite Dragonfly 13.5 Inch G3 Notebook Pc Firmware	< 01.07.00
Hp	Elite Dragonfly 13.5 Inch G3 Notebook Pc	-
Hp	Elite Dragonfly G2 Firmware	< 01.11.00
Hp	Elite Dragonfly G2	-
Hp	Elite Dragonfly Max Firmware	< 01.11.00
Hp	Elite Dragonfly Max	-
Hp	Elite X2 1012 G1 Firmware	< 1.6
Hp	Elite X2 1012 G1	-
Hp	Elite X2 1012 G1 Tablet Firmware	1.6
Hp	Elite X2 1012 G1 Tablet	-
Hp	Elite X2 1012 G1 Tablet With Travel Keyboard Firmware	1.6
Hp	Elite X2 1012 G1 Tablet With Travel Keyboard	-
Hp	Elite X2 1012 G2 Firmware	1.48
Hp	Elite X2 1012 G2	-
Hp	Elite X2 1013 G3 Firmware	01.28.00
Hp	Elite X2 1013 G3	-

Related Weaknesses (CWE)

CWE-367

References

https://support.hp.com/us-en/document/ish_10810714-10810745-16/hpsbhf03948Vendor Advisory
https://support.hp.com/us-en/document/ish_10810714-10810745-16/hpsbhf03948Vendor Advisory

FAQ

What is CVE-2022-27540?

CVE-2022-27540 is a vulnerability with a CVSS score of 7.8 (HIGH). A potential Time-of-Check to Time-of Use (TOCTOU) vulnerability has been identified in the HP BIOS for certain HP PC products, which might allow arbitrary code execution, denial of service, and inform...

How severe is CVE-2022-27540?

CVE-2022-27540 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2022-27540?

Check the references section above for vendor advisories and patch information. Affected products include: Hp Dragonfly Folio 13.5 Inch G3 2-In-1 Notebook Pc Firmware, Hp Dragonfly Folio 13.5 Inch G3 2-In-1 Notebook Pc, Hp Elite Dragonfly Firmware, Hp Elite Dragonfly, Hp Elite Dragonfly 13.5 Inch G3 Notebook Pc Firmware.