Design/Logic Flaw

2023-06-3016:15:00

PRIOn knowledge base

www.prio-n.com

toctou vulnerability

hp pc products

ami uefi firmware

arbitrary code execution

nvd

logic flaw

7.1 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

A potential Time-of-Check to Time-of-Use (TOCTOU) vulnerability has been identified in certain HP PC products using AMI UEFI Firmware (system BIOS), which might allow arbitrary code execution. AMI has released updates to mitigate the potential vulnerability.

CPENameOperatorVersion
240_g10_firmwareeq< f.4
245_g6_firmwareeq< f.35
245_g7_firmwareeq< f.69
245_g8_firmwareeq< f.25
247_g8_firmwareeq< f.69
250_g10_firmwareeq< f.5
255_g10_firmwareeq< f.8
260_g4_desktop_mini_firmwarelt2.14
349_g7_firmwareeq< f.28
470_g10_firmwareeq< f.2

Name	Operator	Version
240_g10_firmware	eq	< f.4
245_g6_firmware	eq	< f.35
245_g7_firmware	eq	< f.69
245_g8_firmware	eq	< f.25
247_g8_firmware	eq	< f.69
250_g10_firmware	eq	< f.5
255_g10_firmware	eq	< f.8
260_g4_desktop_mini_firmware	lt	2.14
349_g7_firmware	eq	< f.28
470_g10_firmware	eq	< f.2