CVE-2022-31640

high-risk

Published 2023-06-14

Potential vulnerabilities have been identified in the system BIOS of certain HP PC products, which might allow arbitrary code execution, escalation of privilege, denial of service, and information disclosure.

Do I need to act?

0.12% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 7.0/10 High

LOCAL / HIGH complexity

Affected Products (20)

Elite Dragonfly Firmware

Elite Dragonfly G3 Firmware

Elite X2 1012 G2 Firmware

Elite X2 1013 G3 Firmware

Elite X2 G4 Firmware

Elite X360 1040 G9 Firmware

Elite X360 830 G9 Firmware

Elitebook 1040 G9 Firmware

Elitebook 1040 G4 Firmware

Elitebook 1050 G1 Firmware

Elitebook 630 G9 Firmware

Elitebook 640 G9 Firmware

Elitebook 645 G9 Firmware

Elitebook 650 G9 Firmware

Elitebook 655 G9 Firmware

Elitebook 725 G4 Firmware

Elitebook 735 G5 Firmware

Elitebook 735 G6 Firmware

Elitebook 745 G4 Firmware

Elitebook 745 G5 Firmware

Affected Vendors

References (2)

Vendor Advisory https://support.hp.com/us-en/document/ish_6662920-6662944-16/hpsbhf03805

/ 100

high-risk

Severity 18/34 · Moderate

Exploitability 1/34 · Minimal

Exposure 33/34 · Critical