What is CVE-2022-31645?

CVE-2022-31645 is a high-severity vulnerability in Hp Dragonfly_folio_g3_2-in-1, classified under Concurrent Execution using Shared Resource with Improper Synchronization (Race Condition). CVSS score: 7.8/10. Published 2023-06-14.

How severe is CVE-2022-31645?

High severity. CVSS v3 base score is 7.8 out of 10.

Vulnerability in Hp Dragonfly_folio_g3_2-in-1

CVE-2022-31645

Potential vulnerabilities have been identified in the system BIOS of certain HP PC products, which might allow arbitrary code execution, escalation of privilege, denial of service, and information disclosure.

Vulnerability class: Race Condition

EPSS: 0.002 (10.0th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.8 (High). Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H.

Affected products

Hp Dragonfly_folio_g3_2-in-1
Hp Dragonfly_folio_g3_2-in-1_firmware — versions 01.01.03
Hp Elitebook_1030_g1
Hp Elitebook_1030_g1_firmware — versions 1.57
Hp Elitebook_1040_g3
Hp Elitebook_1040_g3_firmware — versions 1.57
Hp Elitebook_1040_g4
Hp Elitebook_1040_g4_firmware — versions 1.44
Hp Elitebook_1040_g9
Hp Elitebook_1040_g9_firmware — versions 01.03.01

Weakness classification (CWE)

CWE-362 — Concurrent Execution using Shared Resource with Improper Synchronization (Race Condition)

References

hp-security-alert@hp.com (Vendor Advisory)

Frequently asked questions

What is CVE-2022-31645?: CVE-2022-31645 is a high-severity vulnerability in Hp Dragonfly_folio_g3_2-in-1, classified under Concurrent Execution using Shared Resource with Improper Synchronization (Race Condition). CVSS score: 7.8/10. Published 2023-06-14.
How severe is CVE-2022-31645?: High severity. CVSS v3 base score is 7.8 out of 10.