HPSBHF03609 rev. 3 - TPM Platform Configuration Vulnerability After S3 Resume

Potential Security Impact

Information Disclosure, Denial of Service, Escalation of Privilege

Source: HP, HP Product Security Response Team (PSRT)

Reported by: Seunghun Han, National Security Research Institute

VULNERABILITY SUMMARY

Potential security vulnerabilities have been identified with the Trusted Platform Module (TPM) that allow an unauthorized third party to modify the TPM configuration following an S3 Resume, allowing unauthorized access to the system and its data.

RESOLUTION

HP has identified the affected platforms and target dates for Softpaqs. See the affected platforms listed below.

> note:
>
> This bulletin will be updated. Check back frequently for updates. HP recommends keeping your system up to date with the latest firmware and software.

Pending: Softpaq is in progress.

Under investigation: System under investigation for impact, or Softpaq under investigation for feasibility/availability.

Not available: Softpaq not available due to technical or logistical constraints.