CVE-2022-27540

high-risk

Published 2024-06-28

A potential Time-of-Check to Time-of Use (TOCTOU) vulnerability has been identified in the HP BIOS for certain HP PC products, which might allow arbitrary code execution, denial of service, and information disclosure. HP is releasing BIOS updates to mitigate the potential vulnerability.

Do I need to act?

0.17% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 7.8/10 High

LOCAL / HIGH complexity

Affected Products (20)

Dragonfly Folio 13.5 Inch G3 2-In-1 Notebook Pc Firmware

Elite Dragonfly Firmware

Elite Dragonfly 13.5 Inch G3 Notebook Pc Firmware

Elite Dragonfly G2 Firmware

Elite Dragonfly Max Firmware

Elite X2 1012 G1 Firmware

Elite X2 1012 G1 Tablet Firmware

Elite X2 1012 G1 Tablet With Travel Keyboard Firmware

Elite X2 1012 G2 Firmware

Elite X2 1013 G3 Firmware

Elite X2 G4 Firmware

Elite X2 G8 Tablet Firmware

Elite X360 1040 14 Inch G9 2-In-1 Notebook Pc Firmware

Elitebook 1030 G1 Firmware

Elitebook 1040 14 Inch G9 Notebook Pc Firmware

Elitebook 1040 G3 Firmware

Elitebook 1040 G4 Firmware

Elitebook 1050 G1 Firmware

Elitebook 630 13 Inch G9 Notebook Pc Firmware

Elitebook 640 14 Inch G9 Notebook Pc Firmware

Affected Vendors

References (2)

Vendor Advisory https://support.hp.com/us-en/document/ish_10810714-10810745-16/hpsbhf03948

/ 100

high-risk

Severity 20/34 · Moderate

Exploitability 1/34 · Minimal

Exposure 33/34 · Critical