Uncategorized

HP addressed 16 UEFI firmware flaws impacting laptops, desktops, PoS systems

Researchers disclosed 16 high-severity flaws in different implementations of Unified Extensible Firmware Interface (UEFI) firmware impacting multiple HP enterprise devices.

Researchers from cybersecurity firm Binarly discovered 16 high-severity vulnerabilities in various implementations of Unified Extensible Firmware Interface (UEFI) firmware impacting multiple HP enterprise devices.

An attacker can exploit these vulnerabilities to implant a firmware that survives operating system updates and bypasses UEFI Secure Boot, Intel Boot Guard, and virtualization-based security.

Impacted devices include multiple HP enterprise devices, including laptops, desktops, point-of-sale systems, and edge computing nodes.

“By exploiting the vulnerabilities disclosed, attackers can leverage them to perform privileged code execution in firmware, below the operating system, and potentially deliver persistent malicious code that survives operating system re-installations and allows the bypass of endpoint security solutions (EDR/AV), Secure Boot and Virtualization-Based Security isolation.” reads the analysis published by Binarly.

Below is the list of vulnerabilities discovered by the researchers:

CVE IDBINARLY IDDescriptionCVSS Score
CVE-2021-39297BRLY-2021-003DXE stack buffer overflow (arbitrary code execution)7.7 High
CVE-2021-39298BRLY-2021-004SMM callout (privilege escalation)8.8 High
CVE-2021-39299BRLY-2021-005DXE stack buffer overflow (arbitrary code execution)8.2 High
CVE-2021-39300BRLY-2021-006DXE stack overflow vulnerability (arbitrary code execution)8.2 High
CVE-2021-39301BRLY-2021-007DXE stack overflow (arbitrary code execution)7.7 High
CVE-2022-23924BRLY-2021-032SMM heap buffer overflow (arbitrary code execution)8.2 High
CVE-2022-23925BRLY-2021-033SMM memory corruption (arbitrary code execution)8.2 High
CVE-2022-23926BRLY-2021-034SMM memory corruption (arbitrary code execution)8.2 High
CVE-2022-23927BRLY-2021-035SMM memory corruption (arbitrary code execution)8.2 High
CVE-2022-23928BRLY-2021-036SMM memory corruption (arbitrary code execution)8.2 High
CVE-2022-23929BRLY-2021-037SMM memory corruption (arbitrary code execution)8.2 High
CVE-2022-23930BRLY-2021-038SMM memory corruption (arbitrary code execution)8.2 High
CVE-2022-23931BRLY-2021-039SMM memory corruption (arbitrary code execution)8.2 High
CVE-2022-23932BRLY-2021-040SMM callout (privilege escalation)8.2 High
CVE-2022-23933BRLY-2021-041SMM callout (privilege escalation)8.2 High
CVE-2022-23934BRLY-2021-042SMM memory corruption (arbitrary code execution)8.2 High

“Binarly believes that the lack of a knowledge base of common firmware exploitation techniques and primitives related to UEFI firmware makes these failures repeatable for the entire industry. We are working hard to fill this gap by providing comprehensive technical details in our advisories. This knowledge base is crucial for developing effective mitigations and defense technologies for device security.”,
said Alex Matrosov, Founder and CEO at Binarly.

The most severe of the vulnerabilities discovered by the researchers are memory corruption issues affecting the System Management Mode (SMM) of the firmware. An attacker could trigger them to gain arbitrary code execution with the highest privileges.

HP addressed the flaws with the release of HP UEFI Firmware February 2022 security updates issued in February.

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″][adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, SIM swapping)

[adrotate banner=”5″]

[adrotate banner=”13″]

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.

Recent Posts

Pwn2Own Berlin 2025 Day Two: researcher earned 150K hacking VMware ESXi

On day two of Pwn2Own Berlin 2025, participants earned $435,000 for demonstrating zero-day in SharePoint,…

11 hours ago

New botnet HTTPBot targets gaming and tech industries with surgical attacks

New botnet HTTPBot is targeting China's gaming, tech, and education sectors, cybersecurity researchers warn. NSFOCUS …

13 hours ago

Meta plans to train AI on EU user data from May 27 without consent

Meta plans to train AI on EU user data from May 27 without consent; privacy…

21 hours ago

AI in the Cloud: The Rising Tide of Security and Privacy Risks

Over half of firms adopted AI in 2024, but cloud tools like Azure OpenAI raise…

23 hours ago

Google fixed a Chrome vulnerability that could lead to full account takeover

Google released emergency security updates to fix a Chrome vulnerability that could lead to full…

24 hours ago

Nova Scotia Power discloses data breach after March security incident

Nova Scotia Power confirmed a data breach involving the theft of sensitive customer data after…

1 day ago