November 30, 2023

Researchers discovered a dozen of potentially serious vulnerabilities affecting UEFI firmware present on devices from HP and possibly other vendors.

A total of 16 CVE identifiers have been assigned to  the vulnerabilities with severity ratings high, which have been described as stack overflow, heap overflow, and memory corruption bugs affecting the UEFI Runtime Driver eXecution Environment (DXE) and System Management Mode (SMM) components.

Advertisements

The flaws affect a wide range of enterprise products made by HP, including desktop, laptop, point-of-sale, and edge computing devices.

Exploitation can allow an attacker with privileged user permissions to execute arbitrary code in the firmware, which can be useful for delivering persistent malware and bypassing endpoint security products, Secure Boot, and virtualization-based security.

HP also said that exploitation could lead to denial of service (DoS) and information disclosure.

One of the vulnerabilities affecting HP systems has also been found to impact Dell devices, and a closer analysis revealed that the flaw was present in a firmware driver provided by AMD. This indicates that the issue could affect the devices of all manufacturers using the problematic AMD code.

Advertisements

HP has published two advisories to inform customers about these vulnerabilities. HP addressed the flaws with the release of HP UEFI Firmware February 2022 security updates issued in February.

Tags:

Leave a Reply

You may have missed

BlueVoyant Acquires Conquest Cyber

November 30, 2023

Google Fixes Sixth Chrome ZeroDay of 2023

November 29, 2023

Ardent Health Services affected by a cyber incident

November 29, 2023

GE and DARPA – Claimed Hack raises concerns

November 28, 2023

POC released for Splunk Enterprise Vulnerability- CVE-2023-46214

November 28, 2023

AWS Detective adds new Capabilities

November 27, 2023
%d bloggers like this: