CVE-2022-43779

A potential Time-of-Check to Time-of-Use (TOCTOU) vulnerability has been identified in certain HP PC products using AMI UEFI Firmware (system BIOS) which might allow arbitrary code execution, denial of service, and information disclosure. AMI has released updates to mitigate the potential vulnerability.
TOCTOU
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7 HIGH
LOCAL
HIGH
LOW
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
hpCNA
---
---
CVEADP
---
---
CISA-ADPADP
7 HIGH
LOCAL
HIGH
LOW
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 35%
VendorProductVersion
hp260_g2_desktop_mini_firmware
𝑥
< 2.26
hp260_g3_desktop_mini_firmware
𝑥
< 02.20.00
hp260_g4_desktop_mini_firmware
𝑥
< 02.12.00
hp280_g3_microtower_pc_firmware
𝑥
< 02.02.40
hp280_g3_pci_microtower_pc_firmware
𝑥
< 02.02.40
hp288_pro_g3_microtower_pc_firmware
𝑥
< 00.02.40
hp290_g1_microtower_firmware
𝑥
< 00.02.40
hpdesktop_pro_microtower_firmware
𝑥
< 00.02.40
hpzhan_86_pro_g1_microtower_firmware
𝑥
< 00.02.40
hprp2_retail_system_2000_firmware
𝑥
< 2.24
hprp2_retail_system_2020_firmware
𝑥
< 2.24
hprp2_retail_system_2030_firmware
𝑥
< 2.24
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://support.hp.com/us-en/document/ish_7394557-7394585-16/hpsbhf03829
https://support.hp.com/us-en/document/ish_7394557-7394585-16/hpsbhf03829