What is CVE-2022-37020?

CVE-2022-37020 is a medium-severity vulnerability in Hp Elitebook_1040_g3, classified under Buffer Copy without Checking Size of Input (Classic Buffer Overflow). CVSS score: 6.8/10. Published 2024-06-10.

How severe is CVE-2022-37020?

Medium severity. CVSS v3 base score is 6.8 out of 10.

Buffer overflow in Hp Elitebook_1040_g3

CVE-2022-37020

Potential vulnerabilities have been identified in the system BIOS for certain HP PC products, which might allow escalation of privileges and code execution. HP is releasing firmware updates to mitigate the potential vulnerabilities.

Vulnerability class: Buffer Overflow

EPSS: 0.002 (7.4th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 6.8 (Medium). Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L.

Affected products

Weakness classification (CWE)

CWE-120 — Buffer Copy without Checking Size of Input (Classic Buffer Overflow)

References

hp-security-alert@hp.com (Vendor Advisory)

Frequently asked questions

What is CVE-2022-37020?: CVE-2022-37020 is a medium-severity vulnerability in Hp Elitebook_1040_g3, classified under Buffer Copy without Checking Size of Input (Classic Buffer Overflow). CVSS score: 6.8/10. Published 2024-06-10.
How severe is CVE-2022-37020?: Medium severity. CVSS v3 base score is 6.8 out of 10.