Vulnerability in Hp Dragonfly_folio_13.5_inch_g3_2-in-1_notebook_pc
CVE-2022-31639
Potential time-of-check to time-of-use (TOCTOU) vulnerabilities have been identified in the BIOS for certain HP PC products, which might allow arbitrary code execution, escalation of privilege, denial of service, and information disclosure.
Vulnerability class: TOCTOU (Time-of-Check to Time-of-Use)
EPSS: 0.001 (3.5th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 7.8 (High). Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H.
Affected products
- Hp Dragonfly_folio_13.5_inch_g3_2-in-1_notebook_pc
- Hp Dragonfly_folio_13.5_inch_g3_2-in-1_notebook_pc_firmware
- Hp Elitebook_1030_g1
- Hp Elitebook_1030_g1_firmware
- Hp Elitebook_1040_14_inch_g9_notebook_pc
- Hp Elitebook_1040_14_inch_g9_notebook_pc_firmware
- Hp Elitebook_1040_g3
- Hp Elitebook_1040_g3_firmware
- Hp Elitebook_1040_g4
- Hp Elitebook_1040_g4_firmware
Weakness classification (CWE)
References
- hp-security-alert@hp.com (Broken Link, Vendor Advisory)
Frequently asked questions
- What is CVE-2022-31639?
- CVE-2022-31639 is a high-severity vulnerability in Hp Dragonfly_folio_13.5_inch_g3_2-in-1_notebook_pc, classified under Time-of-check Time-of-use (TOCTOU) Race Condition. CVSS score: 7.8/10. Published 2023-06-13.
- How severe is CVE-2022-31639?
- High severity. CVSS v3 base score is 7.8 out of 10.