February 23, 2023

HP Patches 4 TOCTOU Vulnerabilities in PC’s BIOS.

HP recently discovered potential Time-of-Check to Time-of Use (TOCTOU) vulnerabilities in their PC’s BIOS.

The Vulnerabilities

CVE-2022-27539, CVE-2022-27541, CVE-2022-43777, CVE-2022-43778 (CVSS:3.1 score: 7.8, High) – A threat actor may carry out remote code execution (RCE), denial of service (DoS), and information disclosure operations.

Affected Products:

• Business Notebook PCs.
• Business Desktop PCs.
• Retail Point-of-Sale systems.

Mitigation:

CYREBRO recommends those who use affected products to update their products.

References: HP Advisoty