Cyber Resilience

CVE-2022-27540

High

Published: 28 June 2024

Published
28 June 2024
Modified
30 January 2026
KEV Added
Patch
CVSS Score v3.1 7.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
EPSS Score 0.0013 31.7th percentile
Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2022-27540 is a high-severity Time-of-check Time-of-use (TOCTOU) Race Condition (CWE-367) vulnerability in Hp Elitebook 840 G5 Firmware. Its CVSS base score is 7.8 (High).

Operationally, ranked at the 31.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

EU & UK References

Vulnerability details

A potential Time-of-Check to Time-of Use (TOCTOU) vulnerability has been identified in the HP BIOS for certain HP PC products, which might allow arbitrary code execution, denial of service, and information disclosure. HP is releasing BIOS updates to mitigate the…

more

potential vulnerability.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

hp
dragonfly folio 13.5 inch g3 2-in-1 notebook pc firmware
≤ 01.07.00
hp
elite dragonfly firmware
≤ 01.26.00
hp
elite dragonfly 13.5 inch g3 notebook pc firmware
≤ 01.07.00
hp
elite dragonfly g2 firmware
≤ 01.11.00
hp
elite dragonfly max firmware
≤ 01.11.00
hp
elite x2 1012 g1 firmware
≤ 1.6
hp
elite x2 1012 g1 tablet firmware
1.6
hp
elite x2 1012 g1 tablet with travel keyboard firmware
1.6
hp
elite x2 1012 g2 firmware
1.48
hp
elite x2 1013 g3 firmware
01.28.00
+343 more product configuration(s) — see NVD for full list

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-367

Timestamps meeting UTC or offset standards help identify TOCTOU issues through precise chronological reconstruction of check/use operations.

References