CVE-2023-26299

A potential Time-of-Check to Time-of-Use (TOCTOU) vulnerability has been identified in certain HP PC products using AMI UEFI Firmware (system BIOS), which might allow arbitrary code execution. AMI has released updates to mitigate the potential vulnerability.

Published: Jun 30, 2023
Updated: Jul 11, 2023
CVE: CVE-2023-26299
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7
AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

CWEs:

CWE-367

Affected Software
References

Software	From	Fixed in
hp / 260_g4_desktop_mini_firmware	-	2.14
hp / t430_firmware	-	00.01.11
hp / t628_firmware	-	00.01.10
hp / 240_g10_firmware	-	f.04
hp / 245_g6_firmware	-	f.35
hp / 245_g7_firmware	-	f.69
hp / 245_g8_firmware	-	f.25
hp / 247_g8_firmware	-	f.69
hp / 250_g10_firmware	-	f.05
hp / 255_g10_firmware	-	f.08
hp / 349_g7_firmware	-	f.28
hp / 470_g10_firmware	-	f.02
hp / 470_g9_firmware	-	f.05
hp / zhan_99_g2_firmware	-	f.24
hp / zhan_99_g4_firmware	-	f.08
hp / vr_backpack_g2_firmware	-	f.28

https://support.hp.com/us-en/document/ish_8642715-8642746-16/hpsbhf03850

Vulnerability Database

290,020

CVE-2023-26299