Information disclosure

2023-06-1317:15:00

PRIOn knowledge base

www.prio-n.com

bios

toctou

vulnerability

pcs

arbitrary code execution

escalation of privilege

denial of service

information disclosure

8 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

Potential time-of-check to time-of-use (TOCTOU) vulnerabilities have been identified in the BIOS for certain HP PC products, which might allow arbitrary code execution, escalation of privilege, denial of service, and information disclosure.

CPENameOperatorVersion
dragonfly_folio_13.5_inch_g3_2-in-1_notebook_pc_firmwarele0.10.103
elite_dragonfly_13.5_inch_g3_notebook_pc_firmwarele01.03.01
elite_dragonfly_firmwarele01.21.01
elite_dragonfly_g2_firmwarele01.09.10
elite_dragonfly_max_firmwarele01.09.10
elite_mini_600_g9_desktop_pc_firmwarele02.05.00
elite_mini_800_g9_desktop_pc_firmwarele02.05.00
elite_sff_600_g9_desktop_pc_firmwarele02.05.01
elite_sff_800_g9_desktop_pc_firmwarele02.05.01
elite_slice_firmwarele2.58

Name	Operator	Version
dragonfly_folio_13.5_inch_g3_2-in-1_notebook_pc_firmware	le	0.10.103
elite_dragonfly_13.5_inch_g3_notebook_pc_firmware	le	01.03.01
elite_dragonfly_firmware	le	01.21.01
elite_dragonfly_g2_firmware	le	01.09.10
elite_dragonfly_max_firmware	le	01.09.10
elite_mini_600_g9_desktop_pc_firmware	le	02.05.00
elite_mini_800_g9_desktop_pc_firmware	le	02.05.00
elite_sff_600_g9_desktop_pc_firmware	le	02.05.01
elite_sff_800_g9_desktop_pc_firmware	le	02.05.01
elite_slice_firmware	le	2.58