HP discovered a potential vulnerability in the BIOS of certain HP PC products that use AMI UEFI Firmware. This vulnerability is a type of Time-of-Check to Time-of-Use (TOCTOU) race condition, which occurs when an attacker can modify a resource between the validation and the consumption of that resource by a privileged system component. This could allow an attacker to execute arbitrary code, cause denial of service, or disclose information on the affected system. AMI has released updates to address this issue and HP strongly recommends that customers apply them as soon as possible. Customers can find the list of affected products and the update instructions on CVE-2023-26299.
