The Binarly security research team reported several HP Enterprise devices are affected by six high-severity firmware vulnerabilities that are yet to be patched, and some of them have been disclosed more than a year ago.
The researchers disclosed technical details of some of the vulnerabilities at the Black Hat 2022 conference.
The bugs affect HP EliteBook devices and multiple additional HP product lines, the experts reported that the issues are arbitrary code execution vulnerabilities related to System Management Mode (SMM) of the of the Unified Extensible Firmware Interface (UEFI).
The SMM is an operating mode of x86 CPUs in which all normal execution, including the operating system, is suspended.
When a code is sent to the SMM, the operating system is suspended and a portion of the UEFI/BIOS firmware executes various commands with elevated privileges and with access to all the data and hardware.
Below is the list of the vulnerabilities:
Vulnerabilities | BRLY ID | CVE ID | CVSS score |
---|---|---|---|
SMM Memory Corruption (Arbitrary Code Execution) | BRLY-2022-010 BRLY-2022-011 BRLY-2022-012 BRLY-2022-013 BRLY-2021-046 BRLY-2021-047 | CVE-2022-23930 CVE-2022-31644 CVE-2022-31645 CVE-2022-31646 CVE-2022-31640 CVE-2022-31641 | 8.2 High 7.5 High 8.2 High 8.2 High 7.5 High 7.5 High |
Three vulnerabilities have been reported to HP in July 2021, while other three issues were disclosed in April 2022.
Vulnerabilities in the SMM can be exploited to to bypass the Secure Boot, threat actors can bypass this security feature to create stealth rootkits.
In February 2022, HP addressed the CVE-2022-23930 with the release of HP PC BIOS Security Updates.
The tech giant addressed CVE-2022-31644, CVE-2022-31645, and CVE-2022-31646 in August 2022, but several business notebooks and desktops, and workstations have yet to receive updates.
The remaining issues, tracked as CVE-2022-31640 and CVE-2022-31641, were addressed on September 2022, but many workstations are yet to be patched.
“Based on the Binarly’s telemetry data, we are experiencing the same effect. In terms of impact at scale, firmware supply chain problems are one of the major challenges.” concludes Binarly speaking about firmware vulnerabilities. “Approximately 20% of firmware updates contain at least two or three known vulnerabilities (previously disclosed), according to Binarly Platform data (based on enterprise-grade vendors study).”
Follow me on Twitter: @securityaffairs and Facebook
[adrotate banner=”9″] | [adrotate banner=”12″] |
(SecurityAffairs – hacking, firmware bugs)
[adrotate banner=”5″]
[adrotate banner=”13″]
A critical vulnerability in the WordPress Automatic plugin is being exploited to inject backdoors and…
As cryptocurrencies have grown in popularity, there has also been growing concern about cybercrime involvement…
Healthcare service provider Kaiser Permanente disclosed a security breach that may impact 13.4 million individuals…
Over 1,400 CrushFTP internet-facing servers are vulnerable to attacks exploiting recently disclosed CVE-2024-4040 vulnerability. Over…
A ransomware attack on a Swedish logistics company Skanlog severely impacted the country's liquor supply. …
CISA adds Cisco ASA and FTD and CrushFTP VFS vulnerabilities to its Known Exploited Vulnerabilities…
This website uses cookies.