[German]Vendor HP published a security article on February 21, 2023, addressing BIOS updates for HP systems. Potential time-of-check to time-of-use (TOCTOU) vulnerabilities in the BIOS of certain HP PC products have been identified, allowing for arbitrary code execution, denial of service, and information disclosure (see this CERT post). The four vulnerabilities have a CVE v3.1 base score of 7.8; the details, including instructions for BIOS updates, can be found in this HP article. (via)
Advertising