CVE-2022-43779

A potential Time-of-Check to Time-of-Use (TOCTOU) vulnerability has been identified in certain HP PC products using AMI UEFI Firmware (system BIOS) which might allow arbitrary code execution, denial of service, and information disclosure. AMI has released updates to mitigate the potential vulnerability.

Published: Feb 12, 2023
Updated: Nov 16, 2025
CVE: CVE-2022-43779
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7
AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

CWEs:

CWE-367

Affected Software
References

Software	From	Fixed in
hp / 348_g4_firmware	-	f.65
hp / 260_g2_desktop_mini_firmware	-	2.26
hp / 218_pro_g5_mt_firmware	-	f15
hp / 260_g3_desktop_mini_firmware	-	02.20.00
hp / 260_g4_desktop_mini_firmware	-	02.12.00
hp / 280_g3_microtower_pc_firmware	-	02.02.40
hp / 280_g3_pci_microtower_pc_firmware	-	02.02.40
hp / 288_pro_g3_microtower_pc_firmware	-	00.02.40
hp / 290_g1_microtower_firmware	-	00.02.40
hp / desktop_pro_300_g3_firmware	-	f15
hp / desktop_pro_a_300_g3_firmware	-	f12
hp / desktop_pro_a_g2_firmware	-	f.11
hp / desktop_pro_a_g2_microtower_firmware	-	f.11
hp / desktop_pro_a_g3_firmware	-	f12
hp / desktop_pro_a_g3_microtower_firmware	-	f12
hp / desktop_pro_g3_firmware	-	f15
hp / desktop_pro_g3_microtower_firmware	-	f15
hp / desktop_pro_microtower_firmware	-	00.02.40
hp / zhan_66_pro_a_g1_microtower_firmware	-	f.11
hp / zhan_66_pro_a_g1_r_microtower_firmware	-	f12
hp / zhan_66_pro_g1_r_microtower_firmware	-	f15
hp / zhan_86_pro_g1_microtower_firmware	-	00.02.40
hp / rp2_retail_system_2000_firmware	-	2.24
hp / rp2_retail_system_2020_firmware	-	2.24
hp / rp2_retail_system_2030_firmware	-	2.24

https://support.hp.com/us-en/document/ish_7394557-7394585-16/hpsbhf03829

Vulnerability Database

310,056

CVE-2022-43779

Deep Security Visibility Without the Complexity