CVE-2022-37020 : Potential vulnerabilities have been identified in the system BIOS for certain HP

Potential vulnerabilities have been identified in the system BIOS for certain HP PC products, which might allow escalation of privileges and code execution. HP is releasing firmware updates to mitigate the potential vulnerabilities.

Published 2024-06-10 22:13:27

Updated 2024-10-28 19:35:03

Source HP Inc.

View at NVD, CVE.org

Products affected by CVE-2022-37020

Please log in to view affected product information.

Exploit prediction scoring system (EPSS) score for CVE-2022-37020

EPSS FAQ

0.04%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 9 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2022-37020

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
6.8	MEDIUM	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L	2.5	4.2	134c704f-9b21-4f2e-91b3-4a467353bcc0	2024-10-28
Attack Vector: Local Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: None Integrity: High Availability: Low

CWE ids for CVE-2022-37020

CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

Assigned by: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

References for CVE-2022-37020

https://support.hp.com/us-en/document/ish_10737430-10737454-16/hpsbhf03943

HP PC BIOS May 2024 Security Updates for Potential Stack Buffer Overflows | HP® Support

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2022-37020

Products affected by CVE-2022-37020

Exploit prediction scoring system (EPSS) score for CVE-2022-37020

CVSS scores for CVE-2022-37020

CWE ids for CVE-2022-37020

References for CVE-2022-37020