Search

Find a vulnerability

Search criteria

    36 vulnerabilities found for z8_g4_workstation_firmware by hp

    CVE-2022-27540 (GCVE-0-2022-27540)

    Vulnerability from nvd – Published: 2024-06-28 19:00 – Updated: 2024-08-22 14:52
    VLAI
    Summary
    A potential Time-of-Check to Time-of Use (TOCTOU) vulnerability has been identified in the HP BIOS for certain HP PC products, which might allow arbitrary code execution, denial of service, and information disclosure. HP is releasing BIOS updates to mitigate the potential vulnerability.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-367 - Time-of-check Time-of-use (TOCTOU) Race Condition
    Assigner
    hp
    Impacted products
    Vendor Product Version
    HP Inc. HP PC BIOS Affected: See HP Security Bulletin reference for affected versions.
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T05:32:59.640Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.hp.com/us-en/document/ish_10810714-10810745-16/hpsbhf03948"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "HIGH",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "LOW",
                  "scope": "CHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-27540",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-07-09T15:47:15.827287Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-367",
                    "description": "CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-08-22T14:52:53.925Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "HP PC BIOS",
              "vendor": "HP Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "See HP Security Bulletin reference for affected versions."
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A potential Time-of-Check to Time-of Use (TOCTOU) vulnerability has been identified in the HP BIOS for certain HP PC products, which might allow arbitrary code execution, denial of service, and information disclosure. HP is releasing BIOS updates to mitigate the potential vulnerability."
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-06-28T19:00:28.307Z",
            "orgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
            "shortName": "hp"
          },
          "references": [
            {
              "url": "https://support.hp.com/us-en/document/ish_10810714-10810745-16/hpsbhf03948"
            }
          ],
          "x_generator": {
            "engine": "cveClient/1.0.15"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
        "assignerShortName": "hp",
        "cveId": "CVE-2022-27540",
        "datePublished": "2024-06-28T19:00:28.307Z",
        "dateReserved": "2022-03-21T21:15:05.750Z",
        "dateUpdated": "2024-08-22T14:52:53.925Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-31639 (GCVE-0-2022-31639)

    Vulnerability from nvd – Published: 2023-06-13 16:14 – Updated: 2025-01-03 18:08
    VLAI
    Summary
    Potential time-of-check to time-of-use (TOCTOU) vulnerabilities have been identified in the BIOS for certain HP PC products, which might allow arbitrary code execution, escalation of privilege, denial of service, and information disclosure.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-367 - Time-of-check Time-of-use (TOCTOU) Race Condition
    Assigner
    hp
    Impacted products
    Vendor Product Version
    HP Inc. HP PC BIOS Affected: See HP Security Bulletin reference for affected versions.
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T07:26:01.085Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.hp.com/us-en/document/ish_7149996-7150021-16/hpsbhf03814"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "HIGH",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "LOW",
                  "scope": "CHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-31639",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-03T18:08:26.345369Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-367",
                    "description": "CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-03T18:08:37.396Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "HP PC BIOS",
              "vendor": "HP Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "See HP Security Bulletin reference for affected versions."
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Potential time-of-check to time-of-use (TOCTOU) vulnerabilities have been identified in the BIOS for certain HP PC products, which might allow arbitrary code execution, escalation of privilege, denial of service, and information disclosure."
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-06-13T16:14:12.282Z",
            "orgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
            "shortName": "hp"
          },
          "references": [
            {
              "url": "https://support.hp.com/us-en/document/ish_7149996-7150021-16/hpsbhf03814"
            }
          ],
          "x_generator": {
            "engine": "cveClient/1.0.13"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
        "assignerShortName": "hp",
        "cveId": "CVE-2022-31639",
        "datePublished": "2023-06-13T16:14:12.282Z",
        "dateReserved": "2022-05-25T21:05:10.867Z",
        "dateUpdated": "2025-01-03T18:08:37.396Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-31638 (GCVE-0-2022-31638)

    Vulnerability from nvd – Published: 2023-06-13 16:13 – Updated: 2025-01-03 19:17
    VLAI
    Summary
    Potential time-of-check to time-of-use (TOCTOU) vulnerabilities have been identified in the BIOS for certain HP PC products, which might allow arbitrary code execution, escalation of privilege, denial of service, and information disclosure.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-367 - Time-of-check Time-of-use (TOCTOU) Race Condition
    Assigner
    hp
    Impacted products
    Vendor Product Version
    HP Inc. HP PC BIOS Affected: See HP Security Bulletin reference for affected versions.
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T07:26:01.046Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.hp.com/us-en/document/ish_7149996-7150021-16/hpsbhf03814"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "HIGH",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "LOW",
                  "scope": "CHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-31638",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-03T19:17:48.614804Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-367",
                    "description": "CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-03T19:17:57.621Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "HP PC BIOS",
              "vendor": "HP Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "See HP Security Bulletin reference for affected versions."
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Potential time-of-check to time-of-use (TOCTOU) vulnerabilities have been identified in the BIOS for certain HP PC products, which might allow arbitrary code execution, escalation of privilege, denial of service, and information disclosure."
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-06-13T16:13:39.000Z",
            "orgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
            "shortName": "hp"
          },
          "references": [
            {
              "url": "https://support.hp.com/us-en/document/ish_7149996-7150021-16/hpsbhf03814"
            }
          ],
          "x_generator": {
            "engine": "cveClient/1.0.13"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
        "assignerShortName": "hp",
        "cveId": "CVE-2022-31638",
        "datePublished": "2023-06-13T16:13:39.000Z",
        "dateReserved": "2022-05-25T21:05:10.867Z",
        "dateUpdated": "2025-01-03T19:17:57.621Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-31637 (GCVE-0-2022-31637)

    Vulnerability from nvd – Published: 2023-06-13 16:12 – Updated: 2025-01-03 19:21
    VLAI
    Summary
    Potential time-of-check to time-of-use (TOCTOU) vulnerabilities have been identified in the BIOS for certain HP PC products, which might allow arbitrary code execution, escalation of privilege, denial of service, and information disclosure.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-367 - Time-of-check Time-of-use (TOCTOU) Race Condition
    Assigner
    hp
    Impacted products
    Vendor Product Version
    HP Inc. HP PC BIOS Affected: See HP Security Bulletin reference for affected versions.
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T07:26:01.298Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.hp.com/us-en/document/ish_7149996-7150021-16/hpsbhf03814"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "HIGH",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "LOW",
                  "scope": "CHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-31637",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-03T19:21:08.662049Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-367",
                    "description": "CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-03T19:21:15.773Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "HP PC BIOS",
              "vendor": "HP Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "See HP Security Bulletin reference for affected versions."
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Potential time-of-check to time-of-use (TOCTOU) vulnerabilities have been identified in the BIOS for certain HP PC products, which might allow arbitrary code execution, escalation of privilege, denial of service, and information disclosure."
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-06-13T16:12:59.914Z",
            "orgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
            "shortName": "hp"
          },
          "references": [
            {
              "url": "https://support.hp.com/us-en/document/ish_7149996-7150021-16/hpsbhf03814"
            }
          ],
          "x_generator": {
            "engine": "cveClient/1.0.13"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
        "assignerShortName": "hp",
        "cveId": "CVE-2022-31637",
        "datePublished": "2023-06-13T16:12:59.914Z",
        "dateReserved": "2022-05-25T21:05:10.867Z",
        "dateUpdated": "2025-01-03T19:21:15.773Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-31636 (GCVE-0-2022-31636)

    Vulnerability from nvd – Published: 2023-06-13 16:11 – Updated: 2025-01-03 14:37
    VLAI
    Summary
    Potential time-of-check to time-of-use (TOCTOU) vulnerabilities have been identified in the BIOS for certain HP PC products, which might allow arbitrary code execution, escalation of privilege, denial of service, and information disclosure.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-367 - Time-of-check Time-of-use (TOCTOU) Race Condition
    Assigner
    hp
    Impacted products
    Vendor Product Version
    HP Inc. HP PC BIOS Affected: See HP Security Bulletin reference for affected versions.
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T07:26:00.818Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.hp.com/us-en/document/ish_7149996-7150021-16/hpsbhf03814"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "HIGH",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "LOW",
                  "scope": "CHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-31636",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-03T14:36:24.145382Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-367",
                    "description": "CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-03T14:37:42.758Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "HP PC BIOS",
              "vendor": "HP Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "See HP Security Bulletin reference for affected versions."
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Potential time-of-check to time-of-use (TOCTOU) vulnerabilities have been identified in the BIOS for certain HP PC products, which might allow arbitrary code execution, escalation of privilege, denial of service, and information disclosure."
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-06-13T16:11:06.061Z",
            "orgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
            "shortName": "hp"
          },
          "references": [
            {
              "url": "https://support.hp.com/us-en/document/ish_7149996-7150021-16/hpsbhf03814"
            }
          ],
          "x_generator": {
            "engine": "cveClient/1.0.13"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
        "assignerShortName": "hp",
        "cveId": "CVE-2022-31636",
        "datePublished": "2023-06-13T16:11:06.061Z",
        "dateReserved": "2022-05-25T21:05:10.866Z",
        "dateUpdated": "2025-01-03T14:37:42.758Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-31635 (GCVE-0-2022-31635)

    Vulnerability from nvd – Published: 2023-06-13 16:10 – Updated: 2025-01-03 14:43
    VLAI
    Summary
    Potential time-of-check to time-of-use (TOCTOU) vulnerabilities have been identified in the BIOS for certain HP PC products, which might allow arbitrary code execution, escalation of privilege, denial of service, and information disclosure.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-367 - Time-of-check Time-of-use (TOCTOU) Race Condition
    Assigner
    hp
    Impacted products
    Vendor Product Version
    HP Inc. HP PC BIOS Affected: See HP Security Bulletin reference for affected versions.
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T07:26:00.589Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.hp.com/us-en/document/ish_7149996-7150021-16/hpsbhf03814"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "HIGH",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "LOW",
                  "scope": "CHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-31635",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-03T14:37:55.379733Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-367",
                    "description": "CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-03T14:43:36.545Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "HP PC BIOS",
              "vendor": "HP Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "See HP Security Bulletin reference for affected versions."
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Potential time-of-check to time-of-use (TOCTOU) vulnerabilities have been identified in the BIOS for certain HP PC products, which might allow arbitrary code execution, escalation of privilege, denial of service, and information disclosure."
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-06-13T16:10:26.319Z",
            "orgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
            "shortName": "hp"
          },
          "references": [
            {
              "url": "https://support.hp.com/us-en/document/ish_7149996-7150021-16/hpsbhf03814"
            }
          ],
          "x_generator": {
            "engine": "cveClient/1.0.13"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
        "assignerShortName": "hp",
        "cveId": "CVE-2022-31635",
        "datePublished": "2023-06-13T16:10:26.319Z",
        "dateReserved": "2022-05-25T21:05:10.866Z",
        "dateUpdated": "2025-01-03T14:43:36.545Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-43778 (GCVE-0-2022-43778)

    Vulnerability from nvd – Published: 2023-06-12 19:02 – Updated: 2025-01-06 16:56
    VLAI
    Summary
    Potential Time-of-Check to Time-of Use (TOCTOU) vulnerabilities have been identified in the HP BIOS for certain HP PC products which may allow arbitrary code execution, denial of service, and information disclosure.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-367 - Time-of-check Time-of-use (TOCTOU) Race Condition
    Assigner
    hp
    Impacted products
    Vendor Product Version
    HP Inc. HP PC BIOS Affected: See HP Security Bulletin reference for affected versions.
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T13:40:06.680Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.hp.com/us-en/document/ish_7709808-7709835-16/hpsbhf03835"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "HIGH",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "LOW",
                  "scope": "CHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-43778",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-06T16:56:34.822191Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-367",
                    "description": "CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-06T16:56:44.811Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "vendor-advisory"
                ],
                "url": "https://support.hp.com/us-en/document/ish_7709808-7709835-16/hpsbhf03835"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "HP PC BIOS",
              "vendor": "HP Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "See HP Security Bulletin reference for affected versions."
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Potential Time-of-Check to Time-of Use (TOCTOU) vulnerabilities have been identified in the HP BIOS for certain HP PC products which may allow arbitrary code execution, denial of service, and information disclosure."
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-06-12T19:02:30.765Z",
            "orgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
            "shortName": "hp"
          },
          "references": [
            {
              "url": "https://support.hp.com/us-en/document/ish_7709808-7709835-16/hpsbhf03835"
            }
          ],
          "x_generator": {
            "engine": "cveClient/1.0.13"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
        "assignerShortName": "hp",
        "cveId": "CVE-2022-43778",
        "datePublished": "2023-06-12T19:02:30.765Z",
        "dateReserved": "2022-10-26T14:39:32.656Z",
        "dateUpdated": "2025-01-06T16:56:44.811Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-43777 (GCVE-0-2022-43777)

    Vulnerability from nvd – Published: 2023-06-12 19:01 – Updated: 2025-01-06 17:03
    VLAI
    Summary
    Potential Time-of-Check to Time-of Use (TOCTOU) vulnerabilities have been identified in the HP BIOS for certain HP PC products which may allow arbitrary code execution, denial of service, and information disclosure.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-367 - Time-of-check Time-of-use (TOCTOU) Race Condition
    Assigner
    hp
    Impacted products
    Vendor Product Version
    HP Inc. HP PC BIOS Affected: See HP Security Bulletin reference for affected versions.
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T13:40:06.545Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.hp.com/us-en/document/ish_7709808-7709835-16/hpsbhf03835"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "HIGH",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "LOW",
                  "scope": "CHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-43777",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-06T16:59:24.073437Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-367",
                    "description": "CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-06T17:03:44.227Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "HP PC BIOS",
              "vendor": "HP Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "See HP Security Bulletin reference for affected versions."
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Potential Time-of-Check to Time-of Use (TOCTOU) vulnerabilities have been identified in the HP BIOS for certain HP PC products which may allow arbitrary code execution, denial of service, and information disclosure."
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-06-12T19:01:12.024Z",
            "orgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
            "shortName": "hp"
          },
          "references": [
            {
              "url": "https://support.hp.com/us-en/document/ish_7709808-7709835-16/hpsbhf03835"
            }
          ],
          "x_generator": {
            "engine": "cveClient/1.0.13"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
        "assignerShortName": "hp",
        "cveId": "CVE-2022-43777",
        "datePublished": "2023-06-12T19:01:12.024Z",
        "dateReserved": "2022-10-26T14:39:32.656Z",
        "dateUpdated": "2025-01-06T17:03:44.227Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-27541 (GCVE-0-2022-27541)

    Vulnerability from nvd – Published: 2023-06-12 18:59 – Updated: 2025-01-03 21:01
    VLAI
    Summary
    Potential Time-of-Check to Time-of Use (TOCTOU) vulnerabilities have been identified in the HP BIOS for certain HP PC products which may allow arbitrary code execution, denial of service, and information disclosure.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-367 - Time-of-check Time-of-use (TOCTOU) Race Condition
    Assigner
    hp
    Impacted products
    Vendor Product Version
    HP Inc. HP PC BIOS Affected: See HP Security Bulletin reference for affected versions.
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T05:32:59.949Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.hp.com/us-en/document/ish_7709808-7709835-16/hpsbhf03835"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "HIGH",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "LOW",
                  "scope": "CHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-27541",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-03T21:01:00.515243Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-367",
                    "description": "CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-03T21:01:56.944Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "HP PC BIOS",
              "vendor": "HP Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "See HP Security Bulletin reference for affected versions."
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Potential Time-of-Check to Time-of Use (TOCTOU) vulnerabilities have been identified in the HP BIOS for certain HP PC products which may allow arbitrary code execution, denial of service, and information disclosure."
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-06-12T18:59:18.253Z",
            "orgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
            "shortName": "hp"
          },
          "references": [
            {
              "url": "https://support.hp.com/us-en/document/ish_7709808-7709835-16/hpsbhf03835"
            }
          ],
          "x_generator": {
            "engine": "cveClient/1.0.13"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
        "assignerShortName": "hp",
        "cveId": "CVE-2022-27541",
        "datePublished": "2023-06-12T18:59:18.253Z",
        "dateReserved": "2022-03-21T21:15:05.751Z",
        "dateUpdated": "2025-01-03T21:01:56.944Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-27539 (GCVE-0-2022-27539)

    Vulnerability from nvd – Published: 2023-06-12 18:56 – Updated: 2025-01-03 21:02
    VLAI
    Summary
    Potential Time-of-Check to Time-of Use (TOCTOU) vulnerabilities have been identified in the HP BIOS for certain HP PC products which may allow arbitrary code execution, denial of service, and information disclosure.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-367 - Time-of-check Time-of-use (TOCTOU) Race Condition
    Assigner
    hp
    Impacted products
    Vendor Product Version
    HP Inc. HP PC BIOS Affected: See HP Security Bulletin reference for affected versions.
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T05:32:59.798Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.hp.com/us-en/document/ish_7709808-7709835-16/hpsbhf03835"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "HIGH",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "LOW",
                  "scope": "CHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-27539",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-03T21:02:11.865287Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-367",
                    "description": "CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-03T21:02:37.119Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "HP PC BIOS",
              "vendor": "HP Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "See HP Security Bulletin reference for affected versions."
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Potential Time-of-Check to Time-of Use (TOCTOU) vulnerabilities have been identified in the HP BIOS for certain HP PC products which may allow arbitrary code execution, denial of service, and information disclosure."
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-06-12T18:56:55.490Z",
            "orgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
            "shortName": "hp"
          },
          "references": [
            {
              "url": "https://support.hp.com/us-en/document/ish_7709808-7709835-16/hpsbhf03835"
            }
          ],
          "x_generator": {
            "engine": "cveClient/1.0.13"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
        "assignerShortName": "hp",
        "cveId": "CVE-2022-27539",
        "datePublished": "2023-06-12T18:56:55.490Z",
        "dateReserved": "2022-03-21T21:15:05.750Z",
        "dateUpdated": "2025-01-03T21:02:37.119Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-3439 (GCVE-0-2021-3439)

    Vulnerability from nvd – Published: 2023-01-30 21:39 – Updated: 2025-03-27 18:53
    VLAI
    Summary
    HP has identified a potential vulnerability in BIOS firmware of some Workstation products. Firmware updates are being released to mitigate these potential vulnerabilities.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-269 - Improper Privilege Management
    Assigner
    hp
    Impacted products
    Vendor Product Version
    HP Inc. HP PC BIOS Affected: See HP Security Bulletin reference for affected versions.
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T16:53:17.624Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.hp.com/us-en/document/ish_3982318-3982351-16/hpsbhf03735"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2021-3439",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-03-27T18:53:47.847074Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-269",
                    "description": "CWE-269 Improper Privilege Management",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-03-27T18:53:50.932Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "HP PC BIOS",
              "vendor": "HP Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "See HP Security Bulletin reference for affected versions."
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "HP has identified a potential vulnerability in BIOS firmware of some Workstation products. Firmware updates are being released to mitigate these potential vulnerabilities."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-02-01T06:15:59.102Z",
            "orgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
            "shortName": "hp"
          },
          "references": [
            {
              "url": "https://support.hp.com/us-en/document/ish_3982318-3982351-16/hpsbhf03735"
            }
          ],
          "x_generator": {
            "engine": "cveClient/1.0.13"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
        "assignerShortName": "hp",
        "cveId": "CVE-2021-3439",
        "datePublished": "2023-01-30T21:39:58.692Z",
        "dateReserved": "2021-03-12T01:04:04.575Z",
        "dateUpdated": "2025-03-27T18:53:50.932Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-39301 (GCVE-0-2021-39301)

    Vulnerability from nvd – Published: 2022-02-16 16:38 – Updated: 2024-08-04 02:06
    VLAI
    Summary
    Potential vulnerabilities have been identified in UEFI firmware (BIOS) for some PC products which may allow escalation of privilege and arbitrary code execution.
    Severity
    No CVSS data available.
    CWE
    • Arbitrary Code Execution; Escalation of Privilege
    Assigner
    hp
    References
    Impacted products
    Vendor Product Version
    n/a BUSINESS NOTEBOOK PCS BIOS; BUSINESS DESKTOP PCS BIOS; RETAIL POINT-OF-SALE SYSTEMS BIOS; WORKSTATIONS BIOS Affected: before 01.12.00
    Affected: before 01.08.00
    Affected: before 01.19.00
    Affected: before 01.08.02
    Affected: before 01.08.01
    Affected: before 02.17.00
    Affected: before 02.18.00
    Affected: before 02.12.00
    Affected: before 02.10.00
    Affected: before 02.07.00
    Affected: before 02.03.00
    Affected: before 02.75
    Affected: before 2.58
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T02:06:41.737Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://support.hp.com/us-en/document/ish_5661066-5661090-16"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "BUSINESS NOTEBOOK PCS BIOS; BUSINESS DESKTOP PCS BIOS; RETAIL POINT-OF-SALE SYSTEMS BIOS; WORKSTATIONS BIOS",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "before 01.12.00"
                },
                {
                  "status": "affected",
                  "version": "before 01.08.00"
                },
                {
                  "status": "affected",
                  "version": "before 01.19.00"
                },
                {
                  "status": "affected",
                  "version": "before 01.08.02"
                },
                {
                  "status": "affected",
                  "version": "before 01.08.01"
                },
                {
                  "status": "affected",
                  "version": "before 02.17.00"
                },
                {
                  "status": "affected",
                  "version": "before 02.18.00"
                },
                {
                  "status": "affected",
                  "version": "before 02.12.00"
                },
                {
                  "status": "affected",
                  "version": "before 02.10.00"
                },
                {
                  "status": "affected",
                  "version": "before 02.07.00"
                },
                {
                  "status": "affected",
                  "version": "before 02.03.00"
                },
                {
                  "status": "affected",
                  "version": "before 02.75"
                },
                {
                  "status": "affected",
                  "version": "before 2.58"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Potential vulnerabilities have been identified in UEFI firmware (BIOS) for some PC products which may allow escalation of privilege and arbitrary code execution."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Arbitrary Code Execution; Escalation of Privilege",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-02-16T16:38:12.000Z",
            "orgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
            "shortName": "hp"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://support.hp.com/us-en/document/ish_5661066-5661090-16"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "hp-security-alert@hp.com",
              "ID": "CVE-2021-39301",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "BUSINESS NOTEBOOK PCS BIOS; BUSINESS DESKTOP PCS BIOS; RETAIL POINT-OF-SALE SYSTEMS BIOS; WORKSTATIONS BIOS",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "before 01.12.00"
                              },
                              {
                                "version_value": "before 01.08.00"
                              },
                              {
                                "version_value": "before 01.19.00"
                              },
                              {
                                "version_value": "before 01.08.02"
                              },
                              {
                                "version_value": "before 01.08.01"
                              },
                              {
                                "version_value": "before 02.17.00"
                              },
                              {
                                "version_value": "before 02.18.00"
                              },
                              {
                                "version_value": "before 02.12.00"
                              },
                              {
                                "version_value": "before 02.10.00"
                              },
                              {
                                "version_value": "before 02.07.00"
                              },
                              {
                                "version_value": "before 02.03.00"
                              },
                              {
                                "version_value": "before 02.75"
                              },
                              {
                                "version_value": "before 2.58"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Potential vulnerabilities have been identified in UEFI firmware (BIOS) for some PC products which may allow escalation of privilege and arbitrary code execution."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Arbitrary Code Execution; Escalation of Privilege"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://support.hp.com/us-en/document/ish_5661066-5661090-16",
                  "refsource": "MISC",
                  "url": "https://support.hp.com/us-en/document/ish_5661066-5661090-16"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
        "assignerShortName": "hp",
        "cveId": "CVE-2021-39301",
        "datePublished": "2022-02-16T16:38:12.000Z",
        "dateReserved": "2021-08-19T00:00:00.000Z",
        "dateUpdated": "2024-08-04T02:06:41.737Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-39300 (GCVE-0-2021-39300)

    Vulnerability from nvd – Published: 2022-02-16 16:38 – Updated: 2024-08-04 02:06
    VLAI
    Summary
    Potential vulnerabilities have been identified in UEFI firmware (BIOS) for some PC products which may allow escalation of privilege and arbitrary code execution.
    Severity
    No CVSS data available.
    CWE
    • Arbitrary Code Execution; Escalation of Privilege
    Assigner
    hp
    References
    Impacted products
    Vendor Product Version
    n/a BUSINESS NOTEBOOK PCS BIOS; BUSINESS DESKTOP PCS BIOS; RETAIL POINT-OF-SALE SYSTEMS BIOS; WORKSTATIONS BIOS Affected: before 01.12.00
    Affected: before 01.08.00
    Affected: before 01.19.00
    Affected: before 01.08.02
    Affected: before 01.08.01
    Affected: before 02.17.00
    Affected: before 02.18.00
    Affected: before 02.12.00
    Affected: before 02.10.00
    Affected: before 02.07.00
    Affected: before 02.03.00
    Affected: before 02.75
    Affected: before 2.58
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T02:06:42.454Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://support.hp.com/us-en/document/ish_5661066-5661090-16"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "BUSINESS NOTEBOOK PCS BIOS; BUSINESS DESKTOP PCS BIOS; RETAIL POINT-OF-SALE SYSTEMS BIOS; WORKSTATIONS BIOS",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "before 01.12.00"
                },
                {
                  "status": "affected",
                  "version": "before 01.08.00"
                },
                {
                  "status": "affected",
                  "version": "before 01.19.00"
                },
                {
                  "status": "affected",
                  "version": "before 01.08.02"
                },
                {
                  "status": "affected",
                  "version": "before 01.08.01"
                },
                {
                  "status": "affected",
                  "version": "before 02.17.00"
                },
                {
                  "status": "affected",
                  "version": "before 02.18.00"
                },
                {
                  "status": "affected",
                  "version": "before 02.12.00"
                },
                {
                  "status": "affected",
                  "version": "before 02.10.00"
                },
                {
                  "status": "affected",
                  "version": "before 02.07.00"
                },
                {
                  "status": "affected",
                  "version": "before 02.03.00"
                },
                {
                  "status": "affected",
                  "version": "before 02.75"
                },
                {
                  "status": "affected",
                  "version": "before 2.58"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Potential vulnerabilities have been identified in UEFI firmware (BIOS) for some PC products which may allow escalation of privilege and arbitrary code execution."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Arbitrary Code Execution; Escalation of Privilege",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-02-16T16:38:13.000Z",
            "orgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
            "shortName": "hp"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://support.hp.com/us-en/document/ish_5661066-5661090-16"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "hp-security-alert@hp.com",
              "ID": "CVE-2021-39300",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "BUSINESS NOTEBOOK PCS BIOS; BUSINESS DESKTOP PCS BIOS; RETAIL POINT-OF-SALE SYSTEMS BIOS; WORKSTATIONS BIOS",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "before 01.12.00"
                              },
                              {
                                "version_value": "before 01.08.00"
                              },
                              {
                                "version_value": "before 01.19.00"
                              },
                              {
                                "version_value": "before 01.08.02"
                              },
                              {
                                "version_value": "before 01.08.01"
                              },
                              {
                                "version_value": "before 02.17.00"
                              },
                              {
                                "version_value": "before 02.18.00"
                              },
                              {
                                "version_value": "before 02.12.00"
                              },
                              {
                                "version_value": "before 02.10.00"
                              },
                              {
                                "version_value": "before 02.07.00"
                              },
                              {
                                "version_value": "before 02.03.00"
                              },
                              {
                                "version_value": "before 02.75"
                              },
                              {
                                "version_value": "before 2.58"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Potential vulnerabilities have been identified in UEFI firmware (BIOS) for some PC products which may allow escalation of privilege and arbitrary code execution."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Arbitrary Code Execution; Escalation of Privilege"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://support.hp.com/us-en/document/ish_5661066-5661090-16",
                  "refsource": "MISC",
                  "url": "https://support.hp.com/us-en/document/ish_5661066-5661090-16"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
        "assignerShortName": "hp",
        "cveId": "CVE-2021-39300",
        "datePublished": "2022-02-16T16:38:13.000Z",
        "dateReserved": "2021-08-19T00:00:00.000Z",
        "dateUpdated": "2024-08-04T02:06:42.454Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-39299 (GCVE-0-2021-39299)

    Vulnerability from nvd – Published: 2022-02-16 16:38 – Updated: 2024-08-04 02:06
    VLAI
    Summary
    Potential vulnerabilities have been identified in UEFI firmware (BIOS) for some PC products which may allow escalation of privilege and arbitrary code execution.
    Severity
    No CVSS data available.
    CWE
    • Arbitrary Code Execution; Escalation of Privilege
    Assigner
    hp
    References
    Impacted products
    Vendor Product Version
    n/a BUSINESS NOTEBOOK PCS BIOS; BUSINESS DESKTOP PCS BIOS; RETAIL POINT-OF-SALE SYSTEMS BIOS; WORKSTATIONS BIOS Affected: before 01.12.00
    Affected: before 01.08.00
    Affected: before 01.19.00
    Affected: before 01.08.02
    Affected: before 01.08.01
    Affected: before 02.17.00
    Affected: before 02.18.00
    Affected: before 02.12.00
    Affected: before 02.10.00
    Affected: before 02.07.00
    Affected: before 02.03.00
    Affected: before 02.75
    Affected: before 2.58
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T02:06:41.526Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://support.hp.com/us-en/document/ish_5661066-5661090-16"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "BUSINESS NOTEBOOK PCS BIOS; BUSINESS DESKTOP PCS BIOS; RETAIL POINT-OF-SALE SYSTEMS BIOS; WORKSTATIONS BIOS",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "before 01.12.00"
                },
                {
                  "status": "affected",
                  "version": "before 01.08.00"
                },
                {
                  "status": "affected",
                  "version": "before 01.19.00"
                },
                {
                  "status": "affected",
                  "version": "before 01.08.02"
                },
                {
                  "status": "affected",
                  "version": "before 01.08.01"
                },
                {
                  "status": "affected",
                  "version": "before 02.17.00"
                },
                {
                  "status": "affected",
                  "version": "before 02.18.00"
                },
                {
                  "status": "affected",
                  "version": "before 02.12.00"
                },
                {
                  "status": "affected",
                  "version": "before 02.10.00"
                },
                {
                  "status": "affected",
                  "version": "before 02.07.00"
                },
                {
                  "status": "affected",
                  "version": "before 02.03.00"
                },
                {
                  "status": "affected",
                  "version": "before 02.75"
                },
                {
                  "status": "affected",
                  "version": "before 2.58"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Potential vulnerabilities have been identified in UEFI firmware (BIOS) for some PC products which may allow escalation of privilege and arbitrary code execution."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Arbitrary Code Execution; Escalation of Privilege",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-02-16T16:38:13.000Z",
            "orgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
            "shortName": "hp"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://support.hp.com/us-en/document/ish_5661066-5661090-16"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "hp-security-alert@hp.com",
              "ID": "CVE-2021-39299",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "BUSINESS NOTEBOOK PCS BIOS; BUSINESS DESKTOP PCS BIOS; RETAIL POINT-OF-SALE SYSTEMS BIOS; WORKSTATIONS BIOS",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "before 01.12.00"
                              },
                              {
                                "version_value": "before 01.08.00"
                              },
                              {
                                "version_value": "before 01.19.00"
                              },
                              {
                                "version_value": "before 01.08.02"
                              },
                              {
                                "version_value": "before 01.08.01"
                              },
                              {
                                "version_value": "before 02.17.00"
                              },
                              {
                                "version_value": "before 02.18.00"
                              },
                              {
                                "version_value": "before 02.12.00"
                              },
                              {
                                "version_value": "before 02.10.00"
                              },
                              {
                                "version_value": "before 02.07.00"
                              },
                              {
                                "version_value": "before 02.03.00"
                              },
                              {
                                "version_value": "before 02.75"
                              },
                              {
                                "version_value": "before 2.58"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Potential vulnerabilities have been identified in UEFI firmware (BIOS) for some PC products which may allow escalation of privilege and arbitrary code execution."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Arbitrary Code Execution; Escalation of Privilege"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://support.hp.com/us-en/document/ish_5661066-5661090-16",
                  "refsource": "MISC",
                  "url": "https://support.hp.com/us-en/document/ish_5661066-5661090-16"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
        "assignerShortName": "hp",
        "cveId": "CVE-2021-39299",
        "datePublished": "2022-02-16T16:38:13.000Z",
        "dateReserved": "2021-08-19T00:00:00.000Z",
        "dateUpdated": "2024-08-04T02:06:41.526Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-39298 (GCVE-0-2021-39298)

    Vulnerability from nvd – Published: 2022-02-16 16:38 – Updated: 2024-08-04 02:06
    VLAI
    Summary
    A potential vulnerability in AMD System Management Mode (SMM) interrupt handler may allow an attacker with high privileges to access the SMM resulting in arbitrary code execution which could be used by malicious actors to bypass security mechanisms provided in the UEFI firmware.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    AMD
    Date Public
    2023-01-10 17:30
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T02:06:42.610Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-1032"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-1027"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "packageName": "AGESA",
              "platforms": [
                "x86"
              ],
              "product": "2nd Gen EPYC",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "Various"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "AGESA",
              "platforms": [
                "x86"
              ],
              "product": "3rd Gen EPYC",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "AGESA",
              "platforms": [
                "x86"
              ],
              "product": "Ryzen 2000 Series",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "AGESA",
              "platforms": [
                "x86"
              ],
              "product": "Ryzen 3000 Series",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "Various"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "AGESA",
              "platforms": [
                "x86"
              ],
              "product": "Ryzen 5000 Series",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            }
          ],
          "datePublic": "2023-01-10T17:30:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A potential vulnerability in AMD System Management Mode (SMM) interrupt handler may allow an attacker with high privileges to access the SMM resulting in arbitrary code execution which could be used by malicious actors to bypass security mechanisms provided in the UEFI firmware.\u003cbr\u003e\u003cbr\u003e"
                }
              ],
              "value": "A potential vulnerability in AMD System Management Mode (SMM) interrupt handler may allow an attacker with high privileges to access the SMM resulting in arbitrary code execution which could be used by malicious actors to bypass security mechanisms provided in the UEFI firmware."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-01-11T07:01:59.843Z",
            "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
            "shortName": "AMD"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-1032"
            },
            {
              "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-1027"
            }
          ],
          "source": {
            "advisory": "AMD-SB-1032",
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "assignerShortName": "AMD",
        "cveId": "CVE-2021-39298",
        "datePublished": "2022-02-16T16:38:10.726Z",
        "dateReserved": "2021-08-19T00:00:00.000Z",
        "dateUpdated": "2024-08-04T02:06:42.610Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-39297 (GCVE-0-2021-39297)

    Vulnerability from nvd – Published: 2022-02-16 16:38 – Updated: 2024-08-04 02:06
    VLAI
    Summary
    Potential vulnerabilities have been identified in UEFI firmware (BIOS) for some PC products which may allow escalation of privilege and arbitrary code execution.
    Severity
    No CVSS data available.
    CWE
    • Arbitrary Code Execution; Escalation of Privilege
    Assigner
    hp
    References
    Impacted products
    Vendor Product Version
    n/a BUSINESS NOTEBOOK PCS BIOS; BUSINESS DESKTOP PCS BIOS; RETAIL POINT-OF-SALE SYSTEMS BIOS; WORKSTATIONS BIOS Affected: before 01.12.00
    Affected: before 01.08.00
    Affected: before 01.19.00
    Affected: before 01.08.02
    Affected: before 01.08.01
    Affected: before 02.17.00
    Affected: before 02.18.00
    Affected: before 02.12.00
    Affected: before 02.10.00
    Affected: before 02.07.00
    Affected: before 02.03.00
    Affected: before 02.75
    Affected: before 2.58
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T02:06:42.219Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://support.hp.com/us-en/document/ish_5661066-5661090-16"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "BUSINESS NOTEBOOK PCS BIOS; BUSINESS DESKTOP PCS BIOS; RETAIL POINT-OF-SALE SYSTEMS BIOS; WORKSTATIONS BIOS",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "before 01.12.00"
                },
                {
                  "status": "affected",
                  "version": "before 01.08.00"
                },
                {
                  "status": "affected",
                  "version": "before 01.19.00"
                },
                {
                  "status": "affected",
                  "version": "before 01.08.02"
                },
                {
                  "status": "affected",
                  "version": "before 01.08.01"
                },
                {
                  "status": "affected",
                  "version": "before 02.17.00"
                },
                {
                  "status": "affected",
                  "version": "before 02.18.00"
                },
                {
                  "status": "affected",
                  "version": "before 02.12.00"
                },
                {
                  "status": "affected",
                  "version": "before 02.10.00"
                },
                {
                  "status": "affected",
                  "version": "before 02.07.00"
                },
                {
                  "status": "affected",
                  "version": "before 02.03.00"
                },
                {
                  "status": "affected",
                  "version": "before 02.75"
                },
                {
                  "status": "affected",
                  "version": "before 2.58"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Potential vulnerabilities have been identified in UEFI firmware (BIOS) for some PC products which may allow escalation of privilege and arbitrary code execution."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Arbitrary Code Execution; Escalation of Privilege",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-02-16T16:38:11.000Z",
            "orgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
            "shortName": "hp"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://support.hp.com/us-en/document/ish_5661066-5661090-16"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "hp-security-alert@hp.com",
              "ID": "CVE-2021-39297",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "BUSINESS NOTEBOOK PCS BIOS; BUSINESS DESKTOP PCS BIOS; RETAIL POINT-OF-SALE SYSTEMS BIOS; WORKSTATIONS BIOS",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "before 01.12.00"
                              },
                              {
                                "version_value": "before 01.08.00"
                              },
                              {
                                "version_value": "before 01.19.00"
                              },
                              {
                                "version_value": "before 01.08.02"
                              },
                              {
                                "version_value": "before 01.08.01"
                              },
                              {
                                "version_value": "before 02.17.00"
                              },
                              {
                                "version_value": "before 02.18.00"
                              },
                              {
                                "version_value": "before 02.12.00"
                              },
                              {
                                "version_value": "before 02.10.00"
                              },
                              {
                                "version_value": "before 02.07.00"
                              },
                              {
                                "version_value": "before 02.03.00"
                              },
                              {
                                "version_value": "before 02.75"
                              },
                              {
                                "version_value": "before 2.58"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Potential vulnerabilities have been identified in UEFI firmware (BIOS) for some PC products which may allow escalation of privilege and arbitrary code execution."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Arbitrary Code Execution; Escalation of Privilege"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://support.hp.com/us-en/document/ish_5661066-5661090-16",
                  "refsource": "MISC",
                  "url": "https://support.hp.com/us-en/document/ish_5661066-5661090-16"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
        "assignerShortName": "hp",
        "cveId": "CVE-2021-39297",
        "datePublished": "2022-02-16T16:38:11.000Z",
        "dateReserved": "2021-08-19T00:00:00.000Z",
        "dateUpdated": "2024-08-04T02:06:42.219Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-27540 (GCVE-0-2022-27540)

    Vulnerability from cvelistv5 – Published: 2024-06-28 19:00 – Updated: 2024-08-22 14:52
    VLAI
    Summary
    A potential Time-of-Check to Time-of Use (TOCTOU) vulnerability has been identified in the HP BIOS for certain HP PC products, which might allow arbitrary code execution, denial of service, and information disclosure. HP is releasing BIOS updates to mitigate the potential vulnerability.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-367 - Time-of-check Time-of-use (TOCTOU) Race Condition
    Assigner
    hp
    Impacted products
    Vendor Product Version
    HP Inc. HP PC BIOS Affected: See HP Security Bulletin reference for affected versions.
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T05:32:59.640Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.hp.com/us-en/document/ish_10810714-10810745-16/hpsbhf03948"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "HIGH",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "LOW",
                  "scope": "CHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-27540",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-07-09T15:47:15.827287Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-367",
                    "description": "CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-08-22T14:52:53.925Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "HP PC BIOS",
              "vendor": "HP Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "See HP Security Bulletin reference for affected versions."
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A potential Time-of-Check to Time-of Use (TOCTOU) vulnerability has been identified in the HP BIOS for certain HP PC products, which might allow arbitrary code execution, denial of service, and information disclosure. HP is releasing BIOS updates to mitigate the potential vulnerability."
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-06-28T19:00:28.307Z",
            "orgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
            "shortName": "hp"
          },
          "references": [
            {
              "url": "https://support.hp.com/us-en/document/ish_10810714-10810745-16/hpsbhf03948"
            }
          ],
          "x_generator": {
            "engine": "cveClient/1.0.15"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
        "assignerShortName": "hp",
        "cveId": "CVE-2022-27540",
        "datePublished": "2024-06-28T19:00:28.307Z",
        "dateReserved": "2022-03-21T21:15:05.750Z",
        "dateUpdated": "2024-08-22T14:52:53.925Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-31639 (GCVE-0-2022-31639)

    Vulnerability from cvelistv5 – Published: 2023-06-13 16:14 – Updated: 2025-01-03 18:08
    VLAI
    Summary
    Potential time-of-check to time-of-use (TOCTOU) vulnerabilities have been identified in the BIOS for certain HP PC products, which might allow arbitrary code execution, escalation of privilege, denial of service, and information disclosure.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-367 - Time-of-check Time-of-use (TOCTOU) Race Condition
    Assigner
    hp
    Impacted products
    Vendor Product Version
    HP Inc. HP PC BIOS Affected: See HP Security Bulletin reference for affected versions.
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T07:26:01.085Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.hp.com/us-en/document/ish_7149996-7150021-16/hpsbhf03814"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "HIGH",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "LOW",
                  "scope": "CHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-31639",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-03T18:08:26.345369Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-367",
                    "description": "CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-03T18:08:37.396Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "HP PC BIOS",
              "vendor": "HP Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "See HP Security Bulletin reference for affected versions."
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Potential time-of-check to time-of-use (TOCTOU) vulnerabilities have been identified in the BIOS for certain HP PC products, which might allow arbitrary code execution, escalation of privilege, denial of service, and information disclosure."
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-06-13T16:14:12.282Z",
            "orgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
            "shortName": "hp"
          },
          "references": [
            {
              "url": "https://support.hp.com/us-en/document/ish_7149996-7150021-16/hpsbhf03814"
            }
          ],
          "x_generator": {
            "engine": "cveClient/1.0.13"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
        "assignerShortName": "hp",
        "cveId": "CVE-2022-31639",
        "datePublished": "2023-06-13T16:14:12.282Z",
        "dateReserved": "2022-05-25T21:05:10.867Z",
        "dateUpdated": "2025-01-03T18:08:37.396Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-31638 (GCVE-0-2022-31638)

    Vulnerability from cvelistv5 – Published: 2023-06-13 16:13 – Updated: 2025-01-03 19:17
    VLAI
    Summary
    Potential time-of-check to time-of-use (TOCTOU) vulnerabilities have been identified in the BIOS for certain HP PC products, which might allow arbitrary code execution, escalation of privilege, denial of service, and information disclosure.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-367 - Time-of-check Time-of-use (TOCTOU) Race Condition
    Assigner
    hp
    Impacted products
    Vendor Product Version
    HP Inc. HP PC BIOS Affected: See HP Security Bulletin reference for affected versions.
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T07:26:01.046Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.hp.com/us-en/document/ish_7149996-7150021-16/hpsbhf03814"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "HIGH",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "LOW",
                  "scope": "CHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-31638",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-03T19:17:48.614804Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-367",
                    "description": "CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-03T19:17:57.621Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "HP PC BIOS",
              "vendor": "HP Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "See HP Security Bulletin reference for affected versions."
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Potential time-of-check to time-of-use (TOCTOU) vulnerabilities have been identified in the BIOS for certain HP PC products, which might allow arbitrary code execution, escalation of privilege, denial of service, and information disclosure."
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-06-13T16:13:39.000Z",
            "orgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
            "shortName": "hp"
          },
          "references": [
            {
              "url": "https://support.hp.com/us-en/document/ish_7149996-7150021-16/hpsbhf03814"
            }
          ],
          "x_generator": {
            "engine": "cveClient/1.0.13"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
        "assignerShortName": "hp",
        "cveId": "CVE-2022-31638",
        "datePublished": "2023-06-13T16:13:39.000Z",
        "dateReserved": "2022-05-25T21:05:10.867Z",
        "dateUpdated": "2025-01-03T19:17:57.621Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-31637 (GCVE-0-2022-31637)

    Vulnerability from cvelistv5 – Published: 2023-06-13 16:12 – Updated: 2025-01-03 19:21
    VLAI
    Summary
    Potential time-of-check to time-of-use (TOCTOU) vulnerabilities have been identified in the BIOS for certain HP PC products, which might allow arbitrary code execution, escalation of privilege, denial of service, and information disclosure.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-367 - Time-of-check Time-of-use (TOCTOU) Race Condition
    Assigner
    hp
    Impacted products
    Vendor Product Version
    HP Inc. HP PC BIOS Affected: See HP Security Bulletin reference for affected versions.
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T07:26:01.298Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.hp.com/us-en/document/ish_7149996-7150021-16/hpsbhf03814"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "HIGH",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "LOW",
                  "scope": "CHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-31637",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-03T19:21:08.662049Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-367",
                    "description": "CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-03T19:21:15.773Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "HP PC BIOS",
              "vendor": "HP Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "See HP Security Bulletin reference for affected versions."
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Potential time-of-check to time-of-use (TOCTOU) vulnerabilities have been identified in the BIOS for certain HP PC products, which might allow arbitrary code execution, escalation of privilege, denial of service, and information disclosure."
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-06-13T16:12:59.914Z",
            "orgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
            "shortName": "hp"
          },
          "references": [
            {
              "url": "https://support.hp.com/us-en/document/ish_7149996-7150021-16/hpsbhf03814"
            }
          ],
          "x_generator": {
            "engine": "cveClient/1.0.13"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
        "assignerShortName": "hp",
        "cveId": "CVE-2022-31637",
        "datePublished": "2023-06-13T16:12:59.914Z",
        "dateReserved": "2022-05-25T21:05:10.867Z",
        "dateUpdated": "2025-01-03T19:21:15.773Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-31636 (GCVE-0-2022-31636)

    Vulnerability from cvelistv5 – Published: 2023-06-13 16:11 – Updated: 2025-01-03 14:37
    VLAI
    Summary
    Potential time-of-check to time-of-use (TOCTOU) vulnerabilities have been identified in the BIOS for certain HP PC products, which might allow arbitrary code execution, escalation of privilege, denial of service, and information disclosure.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-367 - Time-of-check Time-of-use (TOCTOU) Race Condition
    Assigner
    hp
    Impacted products
    Vendor Product Version
    HP Inc. HP PC BIOS Affected: See HP Security Bulletin reference for affected versions.
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T07:26:00.818Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.hp.com/us-en/document/ish_7149996-7150021-16/hpsbhf03814"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "HIGH",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "LOW",
                  "scope": "CHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-31636",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-03T14:36:24.145382Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-367",
                    "description": "CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-03T14:37:42.758Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "HP PC BIOS",
              "vendor": "HP Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "See HP Security Bulletin reference for affected versions."
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Potential time-of-check to time-of-use (TOCTOU) vulnerabilities have been identified in the BIOS for certain HP PC products, which might allow arbitrary code execution, escalation of privilege, denial of service, and information disclosure."
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-06-13T16:11:06.061Z",
            "orgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
            "shortName": "hp"
          },
          "references": [
            {
              "url": "https://support.hp.com/us-en/document/ish_7149996-7150021-16/hpsbhf03814"
            }
          ],
          "x_generator": {
            "engine": "cveClient/1.0.13"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
        "assignerShortName": "hp",
        "cveId": "CVE-2022-31636",
        "datePublished": "2023-06-13T16:11:06.061Z",
        "dateReserved": "2022-05-25T21:05:10.866Z",
        "dateUpdated": "2025-01-03T14:37:42.758Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-31635 (GCVE-0-2022-31635)

    Vulnerability from cvelistv5 – Published: 2023-06-13 16:10 – Updated: 2025-01-03 14:43
    VLAI
    Summary
    Potential time-of-check to time-of-use (TOCTOU) vulnerabilities have been identified in the BIOS for certain HP PC products, which might allow arbitrary code execution, escalation of privilege, denial of service, and information disclosure.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-367 - Time-of-check Time-of-use (TOCTOU) Race Condition
    Assigner
    hp
    Impacted products
    Vendor Product Version
    HP Inc. HP PC BIOS Affected: See HP Security Bulletin reference for affected versions.
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T07:26:00.589Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.hp.com/us-en/document/ish_7149996-7150021-16/hpsbhf03814"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "HIGH",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "LOW",
                  "scope": "CHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-31635",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-03T14:37:55.379733Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-367",
                    "description": "CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-03T14:43:36.545Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "HP PC BIOS",
              "vendor": "HP Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "See HP Security Bulletin reference for affected versions."
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Potential time-of-check to time-of-use (TOCTOU) vulnerabilities have been identified in the BIOS for certain HP PC products, which might allow arbitrary code execution, escalation of privilege, denial of service, and information disclosure."
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-06-13T16:10:26.319Z",
            "orgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
            "shortName": "hp"
          },
          "references": [
            {
              "url": "https://support.hp.com/us-en/document/ish_7149996-7150021-16/hpsbhf03814"
            }
          ],
          "x_generator": {
            "engine": "cveClient/1.0.13"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
        "assignerShortName": "hp",
        "cveId": "CVE-2022-31635",
        "datePublished": "2023-06-13T16:10:26.319Z",
        "dateReserved": "2022-05-25T21:05:10.866Z",
        "dateUpdated": "2025-01-03T14:43:36.545Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-43778 (GCVE-0-2022-43778)

    Vulnerability from cvelistv5 – Published: 2023-06-12 19:02 – Updated: 2025-01-06 16:56
    VLAI
    Summary
    Potential Time-of-Check to Time-of Use (TOCTOU) vulnerabilities have been identified in the HP BIOS for certain HP PC products which may allow arbitrary code execution, denial of service, and information disclosure.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-367 - Time-of-check Time-of-use (TOCTOU) Race Condition
    Assigner
    hp
    Impacted products
    Vendor Product Version
    HP Inc. HP PC BIOS Affected: See HP Security Bulletin reference for affected versions.
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T13:40:06.680Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.hp.com/us-en/document/ish_7709808-7709835-16/hpsbhf03835"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "HIGH",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "LOW",
                  "scope": "CHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-43778",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-06T16:56:34.822191Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-367",
                    "description": "CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-06T16:56:44.811Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "vendor-advisory"
                ],
                "url": "https://support.hp.com/us-en/document/ish_7709808-7709835-16/hpsbhf03835"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "HP PC BIOS",
              "vendor": "HP Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "See HP Security Bulletin reference for affected versions."
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Potential Time-of-Check to Time-of Use (TOCTOU) vulnerabilities have been identified in the HP BIOS for certain HP PC products which may allow arbitrary code execution, denial of service, and information disclosure."
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-06-12T19:02:30.765Z",
            "orgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
            "shortName": "hp"
          },
          "references": [
            {
              "url": "https://support.hp.com/us-en/document/ish_7709808-7709835-16/hpsbhf03835"
            }
          ],
          "x_generator": {
            "engine": "cveClient/1.0.13"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
        "assignerShortName": "hp",
        "cveId": "CVE-2022-43778",
        "datePublished": "2023-06-12T19:02:30.765Z",
        "dateReserved": "2022-10-26T14:39:32.656Z",
        "dateUpdated": "2025-01-06T16:56:44.811Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-43777 (GCVE-0-2022-43777)

    Vulnerability from cvelistv5 – Published: 2023-06-12 19:01 – Updated: 2025-01-06 17:03
    VLAI
    Summary
    Potential Time-of-Check to Time-of Use (TOCTOU) vulnerabilities have been identified in the HP BIOS for certain HP PC products which may allow arbitrary code execution, denial of service, and information disclosure.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-367 - Time-of-check Time-of-use (TOCTOU) Race Condition
    Assigner
    hp
    Impacted products
    Vendor Product Version
    HP Inc. HP PC BIOS Affected: See HP Security Bulletin reference for affected versions.
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T13:40:06.545Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.hp.com/us-en/document/ish_7709808-7709835-16/hpsbhf03835"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "HIGH",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "LOW",
                  "scope": "CHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-43777",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-06T16:59:24.073437Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-367",
                    "description": "CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-06T17:03:44.227Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "HP PC BIOS",
              "vendor": "HP Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "See HP Security Bulletin reference for affected versions."
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Potential Time-of-Check to Time-of Use (TOCTOU) vulnerabilities have been identified in the HP BIOS for certain HP PC products which may allow arbitrary code execution, denial of service, and information disclosure."
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-06-12T19:01:12.024Z",
            "orgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
            "shortName": "hp"
          },
          "references": [
            {
              "url": "https://support.hp.com/us-en/document/ish_7709808-7709835-16/hpsbhf03835"
            }
          ],
          "x_generator": {
            "engine": "cveClient/1.0.13"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
        "assignerShortName": "hp",
        "cveId": "CVE-2022-43777",
        "datePublished": "2023-06-12T19:01:12.024Z",
        "dateReserved": "2022-10-26T14:39:32.656Z",
        "dateUpdated": "2025-01-06T17:03:44.227Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-27541 (GCVE-0-2022-27541)

    Vulnerability from cvelistv5 – Published: 2023-06-12 18:59 – Updated: 2025-01-03 21:01
    VLAI
    Summary
    Potential Time-of-Check to Time-of Use (TOCTOU) vulnerabilities have been identified in the HP BIOS for certain HP PC products which may allow arbitrary code execution, denial of service, and information disclosure.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-367 - Time-of-check Time-of-use (TOCTOU) Race Condition
    Assigner
    hp
    Impacted products
    Vendor Product Version
    HP Inc. HP PC BIOS Affected: See HP Security Bulletin reference for affected versions.
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T05:32:59.949Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.hp.com/us-en/document/ish_7709808-7709835-16/hpsbhf03835"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "HIGH",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "LOW",
                  "scope": "CHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-27541",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-03T21:01:00.515243Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-367",
                    "description": "CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-03T21:01:56.944Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "HP PC BIOS",
              "vendor": "HP Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "See HP Security Bulletin reference for affected versions."
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Potential Time-of-Check to Time-of Use (TOCTOU) vulnerabilities have been identified in the HP BIOS for certain HP PC products which may allow arbitrary code execution, denial of service, and information disclosure."
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-06-12T18:59:18.253Z",
            "orgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
            "shortName": "hp"
          },
          "references": [
            {
              "url": "https://support.hp.com/us-en/document/ish_7709808-7709835-16/hpsbhf03835"
            }
          ],
          "x_generator": {
            "engine": "cveClient/1.0.13"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
        "assignerShortName": "hp",
        "cveId": "CVE-2022-27541",
        "datePublished": "2023-06-12T18:59:18.253Z",
        "dateReserved": "2022-03-21T21:15:05.751Z",
        "dateUpdated": "2025-01-03T21:01:56.944Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-27539 (GCVE-0-2022-27539)

    Vulnerability from cvelistv5 – Published: 2023-06-12 18:56 – Updated: 2025-01-03 21:02
    VLAI
    Summary
    Potential Time-of-Check to Time-of Use (TOCTOU) vulnerabilities have been identified in the HP BIOS for certain HP PC products which may allow arbitrary code execution, denial of service, and information disclosure.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-367 - Time-of-check Time-of-use (TOCTOU) Race Condition
    Assigner
    hp
    Impacted products
    Vendor Product Version
    HP Inc. HP PC BIOS Affected: See HP Security Bulletin reference for affected versions.
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T05:32:59.798Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.hp.com/us-en/document/ish_7709808-7709835-16/hpsbhf03835"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "HIGH",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "LOW",
                  "scope": "CHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-27539",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-03T21:02:11.865287Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-367",
                    "description": "CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-03T21:02:37.119Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "HP PC BIOS",
              "vendor": "HP Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "See HP Security Bulletin reference for affected versions."
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Potential Time-of-Check to Time-of Use (TOCTOU) vulnerabilities have been identified in the HP BIOS for certain HP PC products which may allow arbitrary code execution, denial of service, and information disclosure."
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-06-12T18:56:55.490Z",
            "orgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
            "shortName": "hp"
          },
          "references": [
            {
              "url": "https://support.hp.com/us-en/document/ish_7709808-7709835-16/hpsbhf03835"
            }
          ],
          "x_generator": {
            "engine": "cveClient/1.0.13"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
        "assignerShortName": "hp",
        "cveId": "CVE-2022-27539",
        "datePublished": "2023-06-12T18:56:55.490Z",
        "dateReserved": "2022-03-21T21:15:05.750Z",
        "dateUpdated": "2025-01-03T21:02:37.119Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-3439 (GCVE-0-2021-3439)

    Vulnerability from cvelistv5 – Published: 2023-01-30 21:39 – Updated: 2025-03-27 18:53
    VLAI
    Summary
    HP has identified a potential vulnerability in BIOS firmware of some Workstation products. Firmware updates are being released to mitigate these potential vulnerabilities.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-269 - Improper Privilege Management
    Assigner
    hp
    Impacted products
    Vendor Product Version
    HP Inc. HP PC BIOS Affected: See HP Security Bulletin reference for affected versions.
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T16:53:17.624Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.hp.com/us-en/document/ish_3982318-3982351-16/hpsbhf03735"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2021-3439",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-03-27T18:53:47.847074Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-269",
                    "description": "CWE-269 Improper Privilege Management",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-03-27T18:53:50.932Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "HP PC BIOS",
              "vendor": "HP Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "See HP Security Bulletin reference for affected versions."
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "HP has identified a potential vulnerability in BIOS firmware of some Workstation products. Firmware updates are being released to mitigate these potential vulnerabilities."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-02-01T06:15:59.102Z",
            "orgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
            "shortName": "hp"
          },
          "references": [
            {
              "url": "https://support.hp.com/us-en/document/ish_3982318-3982351-16/hpsbhf03735"
            }
          ],
          "x_generator": {
            "engine": "cveClient/1.0.13"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
        "assignerShortName": "hp",
        "cveId": "CVE-2021-3439",
        "datePublished": "2023-01-30T21:39:58.692Z",
        "dateReserved": "2021-03-12T01:04:04.575Z",
        "dateUpdated": "2025-03-27T18:53:50.932Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-39300 (GCVE-0-2021-39300)

    Vulnerability from cvelistv5 – Published: 2022-02-16 16:38 – Updated: 2024-08-04 02:06
    VLAI
    Summary
    Potential vulnerabilities have been identified in UEFI firmware (BIOS) for some PC products which may allow escalation of privilege and arbitrary code execution.
    Severity
    No CVSS data available.
    CWE
    • Arbitrary Code Execution; Escalation of Privilege
    Assigner
    hp
    References
    Impacted products
    Vendor Product Version
    n/a BUSINESS NOTEBOOK PCS BIOS; BUSINESS DESKTOP PCS BIOS; RETAIL POINT-OF-SALE SYSTEMS BIOS; WORKSTATIONS BIOS Affected: before 01.12.00
    Affected: before 01.08.00
    Affected: before 01.19.00
    Affected: before 01.08.02
    Affected: before 01.08.01
    Affected: before 02.17.00
    Affected: before 02.18.00
    Affected: before 02.12.00
    Affected: before 02.10.00
    Affected: before 02.07.00
    Affected: before 02.03.00
    Affected: before 02.75
    Affected: before 2.58
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T02:06:42.454Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://support.hp.com/us-en/document/ish_5661066-5661090-16"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "BUSINESS NOTEBOOK PCS BIOS; BUSINESS DESKTOP PCS BIOS; RETAIL POINT-OF-SALE SYSTEMS BIOS; WORKSTATIONS BIOS",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "before 01.12.00"
                },
                {
                  "status": "affected",
                  "version": "before 01.08.00"
                },
                {
                  "status": "affected",
                  "version": "before 01.19.00"
                },
                {
                  "status": "affected",
                  "version": "before 01.08.02"
                },
                {
                  "status": "affected",
                  "version": "before 01.08.01"
                },
                {
                  "status": "affected",
                  "version": "before 02.17.00"
                },
                {
                  "status": "affected",
                  "version": "before 02.18.00"
                },
                {
                  "status": "affected",
                  "version": "before 02.12.00"
                },
                {
                  "status": "affected",
                  "version": "before 02.10.00"
                },
                {
                  "status": "affected",
                  "version": "before 02.07.00"
                },
                {
                  "status": "affected",
                  "version": "before 02.03.00"
                },
                {
                  "status": "affected",
                  "version": "before 02.75"
                },
                {
                  "status": "affected",
                  "version": "before 2.58"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Potential vulnerabilities have been identified in UEFI firmware (BIOS) for some PC products which may allow escalation of privilege and arbitrary code execution."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Arbitrary Code Execution; Escalation of Privilege",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-02-16T16:38:13.000Z",
            "orgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
            "shortName": "hp"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://support.hp.com/us-en/document/ish_5661066-5661090-16"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "hp-security-alert@hp.com",
              "ID": "CVE-2021-39300",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "BUSINESS NOTEBOOK PCS BIOS; BUSINESS DESKTOP PCS BIOS; RETAIL POINT-OF-SALE SYSTEMS BIOS; WORKSTATIONS BIOS",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "before 01.12.00"
                              },
                              {
                                "version_value": "before 01.08.00"
                              },
                              {
                                "version_value": "before 01.19.00"
                              },
                              {
                                "version_value": "before 01.08.02"
                              },
                              {
                                "version_value": "before 01.08.01"
                              },
                              {
                                "version_value": "before 02.17.00"
                              },
                              {
                                "version_value": "before 02.18.00"
                              },
                              {
                                "version_value": "before 02.12.00"
                              },
                              {
                                "version_value": "before 02.10.00"
                              },
                              {
                                "version_value": "before 02.07.00"
                              },
                              {
                                "version_value": "before 02.03.00"
                              },
                              {
                                "version_value": "before 02.75"
                              },
                              {
                                "version_value": "before 2.58"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Potential vulnerabilities have been identified in UEFI firmware (BIOS) for some PC products which may allow escalation of privilege and arbitrary code execution."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Arbitrary Code Execution; Escalation of Privilege"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://support.hp.com/us-en/document/ish_5661066-5661090-16",
                  "refsource": "MISC",
                  "url": "https://support.hp.com/us-en/document/ish_5661066-5661090-16"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
        "assignerShortName": "hp",
        "cveId": "CVE-2021-39300",
        "datePublished": "2022-02-16T16:38:13.000Z",
        "dateReserved": "2021-08-19T00:00:00.000Z",
        "dateUpdated": "2024-08-04T02:06:42.454Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-39299 (GCVE-0-2021-39299)

    Vulnerability from cvelistv5 – Published: 2022-02-16 16:38 – Updated: 2024-08-04 02:06
    VLAI
    Summary
    Potential vulnerabilities have been identified in UEFI firmware (BIOS) for some PC products which may allow escalation of privilege and arbitrary code execution.
    Severity
    No CVSS data available.
    CWE
    • Arbitrary Code Execution; Escalation of Privilege
    Assigner
    hp
    References
    Impacted products
    Vendor Product Version
    n/a BUSINESS NOTEBOOK PCS BIOS; BUSINESS DESKTOP PCS BIOS; RETAIL POINT-OF-SALE SYSTEMS BIOS; WORKSTATIONS BIOS Affected: before 01.12.00
    Affected: before 01.08.00
    Affected: before 01.19.00
    Affected: before 01.08.02
    Affected: before 01.08.01
    Affected: before 02.17.00
    Affected: before 02.18.00
    Affected: before 02.12.00
    Affected: before 02.10.00
    Affected: before 02.07.00
    Affected: before 02.03.00
    Affected: before 02.75
    Affected: before 2.58
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T02:06:41.526Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://support.hp.com/us-en/document/ish_5661066-5661090-16"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "BUSINESS NOTEBOOK PCS BIOS; BUSINESS DESKTOP PCS BIOS; RETAIL POINT-OF-SALE SYSTEMS BIOS; WORKSTATIONS BIOS",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "before 01.12.00"
                },
                {
                  "status": "affected",
                  "version": "before 01.08.00"
                },
                {
                  "status": "affected",
                  "version": "before 01.19.00"
                },
                {
                  "status": "affected",
                  "version": "before 01.08.02"
                },
                {
                  "status": "affected",
                  "version": "before 01.08.01"
                },
                {
                  "status": "affected",
                  "version": "before 02.17.00"
                },
                {
                  "status": "affected",
                  "version": "before 02.18.00"
                },
                {
                  "status": "affected",
                  "version": "before 02.12.00"
                },
                {
                  "status": "affected",
                  "version": "before 02.10.00"
                },
                {
                  "status": "affected",
                  "version": "before 02.07.00"
                },
                {
                  "status": "affected",
                  "version": "before 02.03.00"
                },
                {
                  "status": "affected",
                  "version": "before 02.75"
                },
                {
                  "status": "affected",
                  "version": "before 2.58"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Potential vulnerabilities have been identified in UEFI firmware (BIOS) for some PC products which may allow escalation of privilege and arbitrary code execution."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Arbitrary Code Execution; Escalation of Privilege",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-02-16T16:38:13.000Z",
            "orgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
            "shortName": "hp"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://support.hp.com/us-en/document/ish_5661066-5661090-16"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "hp-security-alert@hp.com",
              "ID": "CVE-2021-39299",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "BUSINESS NOTEBOOK PCS BIOS; BUSINESS DESKTOP PCS BIOS; RETAIL POINT-OF-SALE SYSTEMS BIOS; WORKSTATIONS BIOS",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "before 01.12.00"
                              },
                              {
                                "version_value": "before 01.08.00"
                              },
                              {
                                "version_value": "before 01.19.00"
                              },
                              {
                                "version_value": "before 01.08.02"
                              },
                              {
                                "version_value": "before 01.08.01"
                              },
                              {
                                "version_value": "before 02.17.00"
                              },
                              {
                                "version_value": "before 02.18.00"
                              },
                              {
                                "version_value": "before 02.12.00"
                              },
                              {
                                "version_value": "before 02.10.00"
                              },
                              {
                                "version_value": "before 02.07.00"
                              },
                              {
                                "version_value": "before 02.03.00"
                              },
                              {
                                "version_value": "before 02.75"
                              },
                              {
                                "version_value": "before 2.58"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Potential vulnerabilities have been identified in UEFI firmware (BIOS) for some PC products which may allow escalation of privilege and arbitrary code execution."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Arbitrary Code Execution; Escalation of Privilege"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://support.hp.com/us-en/document/ish_5661066-5661090-16",
                  "refsource": "MISC",
                  "url": "https://support.hp.com/us-en/document/ish_5661066-5661090-16"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
        "assignerShortName": "hp",
        "cveId": "CVE-2021-39299",
        "datePublished": "2022-02-16T16:38:13.000Z",
        "dateReserved": "2021-08-19T00:00:00.000Z",
        "dateUpdated": "2024-08-04T02:06:41.526Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-39301 (GCVE-0-2021-39301)

    Vulnerability from cvelistv5 – Published: 2022-02-16 16:38 – Updated: 2024-08-04 02:06
    VLAI
    Summary
    Potential vulnerabilities have been identified in UEFI firmware (BIOS) for some PC products which may allow escalation of privilege and arbitrary code execution.
    Severity
    No CVSS data available.
    CWE
    • Arbitrary Code Execution; Escalation of Privilege
    Assigner
    hp
    References
    Impacted products
    Vendor Product Version
    n/a BUSINESS NOTEBOOK PCS BIOS; BUSINESS DESKTOP PCS BIOS; RETAIL POINT-OF-SALE SYSTEMS BIOS; WORKSTATIONS BIOS Affected: before 01.12.00
    Affected: before 01.08.00
    Affected: before 01.19.00
    Affected: before 01.08.02
    Affected: before 01.08.01
    Affected: before 02.17.00
    Affected: before 02.18.00
    Affected: before 02.12.00
    Affected: before 02.10.00
    Affected: before 02.07.00
    Affected: before 02.03.00
    Affected: before 02.75
    Affected: before 2.58
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T02:06:41.737Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://support.hp.com/us-en/document/ish_5661066-5661090-16"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "BUSINESS NOTEBOOK PCS BIOS; BUSINESS DESKTOP PCS BIOS; RETAIL POINT-OF-SALE SYSTEMS BIOS; WORKSTATIONS BIOS",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "before 01.12.00"
                },
                {
                  "status": "affected",
                  "version": "before 01.08.00"
                },
                {
                  "status": "affected",
                  "version": "before 01.19.00"
                },
                {
                  "status": "affected",
                  "version": "before 01.08.02"
                },
                {
                  "status": "affected",
                  "version": "before 01.08.01"
                },
                {
                  "status": "affected",
                  "version": "before 02.17.00"
                },
                {
                  "status": "affected",
                  "version": "before 02.18.00"
                },
                {
                  "status": "affected",
                  "version": "before 02.12.00"
                },
                {
                  "status": "affected",
                  "version": "before 02.10.00"
                },
                {
                  "status": "affected",
                  "version": "before 02.07.00"
                },
                {
                  "status": "affected",
                  "version": "before 02.03.00"
                },
                {
                  "status": "affected",
                  "version": "before 02.75"
                },
                {
                  "status": "affected",
                  "version": "before 2.58"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Potential vulnerabilities have been identified in UEFI firmware (BIOS) for some PC products which may allow escalation of privilege and arbitrary code execution."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Arbitrary Code Execution; Escalation of Privilege",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-02-16T16:38:12.000Z",
            "orgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
            "shortName": "hp"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://support.hp.com/us-en/document/ish_5661066-5661090-16"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "hp-security-alert@hp.com",
              "ID": "CVE-2021-39301",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "BUSINESS NOTEBOOK PCS BIOS; BUSINESS DESKTOP PCS BIOS; RETAIL POINT-OF-SALE SYSTEMS BIOS; WORKSTATIONS BIOS",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "before 01.12.00"
                              },
                              {
                                "version_value": "before 01.08.00"
                              },
                              {
                                "version_value": "before 01.19.00"
                              },
                              {
                                "version_value": "before 01.08.02"
                              },
                              {
                                "version_value": "before 01.08.01"
                              },
                              {
                                "version_value": "before 02.17.00"
                              },
                              {
                                "version_value": "before 02.18.00"
                              },
                              {
                                "version_value": "before 02.12.00"
                              },
                              {
                                "version_value": "before 02.10.00"
                              },
                              {
                                "version_value": "before 02.07.00"
                              },
                              {
                                "version_value": "before 02.03.00"
                              },
                              {
                                "version_value": "before 02.75"
                              },
                              {
                                "version_value": "before 2.58"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Potential vulnerabilities have been identified in UEFI firmware (BIOS) for some PC products which may allow escalation of privilege and arbitrary code execution."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Arbitrary Code Execution; Escalation of Privilege"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://support.hp.com/us-en/document/ish_5661066-5661090-16",
                  "refsource": "MISC",
                  "url": "https://support.hp.com/us-en/document/ish_5661066-5661090-16"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
        "assignerShortName": "hp",
        "cveId": "CVE-2021-39301",
        "datePublished": "2022-02-16T16:38:12.000Z",
        "dateReserved": "2021-08-19T00:00:00.000Z",
        "dateUpdated": "2024-08-04T02:06:41.737Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }