Escalation of Privilege, Denial of Service, Information Disclosure, Loss of Confidentiality, Loss of Integrity
Source: HP, HP Product Security Response Team (PSRT)
Reported By: HP Inc.
HP has identified a security vulnerability with some versions of Workstation BIOS (UEFI Firmware) where the runtime BIOS code could be tampered with if the TPM is disabled. The impacted Workstations ship with TPM enabled by default, except in certain geographic regions where TPM is required to be disabled. This vulnerability was discovered during internal testing, and HP is not aware of any exploits linked to it.
Updated Workstation BIOS (UEFI Firmware) is available using the links in the RESOLUTION section below.
HP has identified and released Workstation BIOS (UEFI Firmware) for the affected products. Versions greater than or equal to the Minimum Rev. do not have this vulnerability.
> note:
>
> HP recommends keeping your system up to date with the latest firmware and software.
Product Name
|
Minimum Rev.
|
Latest Rev.
|
SoftPaq #
|
SoftPaq Link
—|—|—|—|—
HP Z4 G4 Workstation (Xeon W)
|
1.70
|
1.75
|
SP95580
|
<https://ftp.hp.com/pub/softpaq/sp95501-96000/sp95580.exe>
HP Z4 G4 Workstation (Xeon W) (Linux)
|
1.70
|
1.75
|
SP95579
|
<https://ftp.hp.com/pub/softpaq/sp95501-96000/sp95579.tgz>
HP Z4 G4 Core-X Workstation
|
1.70
|
1.75
|
SP95582
|
<https://ftp.hp.com/pub/softpaq/sp95501-96000/sp95582.exe>
HP Z4 G4 Core-X Workstation (Linux)
|
1.70
|
1.75
|
SP95581
|
<https://ftp.hp.com/pub/softpaq/sp95501-96000/sp95581.tgz>
HP Z6 G4 Workstation
|
1.71
|
2.18
|
SP95578
|
<https://ftp.hp.com/pub/softpaq/sp95501-96000/sp95578.exe>
HP Z6 G4 Workstation (Linux)
|
1.71
|
2.18
|
SP95577
|
<https://ftp.hp.com/pub/softpaq/sp95501-96000/sp95577.tgz>
HP Z8 G4 Workstation
|
1.71
|
2.18
|
SP95578
|
<https://ftp.hp.com/pub/softpaq/sp95501-96000/sp95578.exe>
HP Z8 G4 Workstation (Linux)
|
1.71
|
2.18
|
SP95577
|
<https://ftp.hp.com/pub/softpaq/sp95501-96000/sp95577.tgz>