TOCTOU Vulnerability in HP PC Products Using AMI UEFI Firmware
CVE-2023-26299
7HIGH
Key Information:
- Vendor
HP
- Vendor
- CVE Published:
- 30 June 2023
What is CVE-2023-26299?
A potential Time-of-Check to Time-of-Use (TOCTOU) vulnerability has been found in various HP PC products using AMI UEFI Firmware. This flaw could allow an attacker to exploit the timing of checks in the system's operation, leading to the execution of arbitrary code. AMI has released updates aimed at addressing this vulnerability, emphasizing the importance of applying them to ensure system security.
Affected Version(s)
HP PC products using AMI UEFI Firmware See HP Security Bulletin reference for affected versions.