HPSBHF03614 rev. 1 - Processor Registers Left Unlocked When TPM is Disabled

2019-05-0300:00:00

HP, HP Product Security Response Team (PSRT)

support.hp.com

0.001 Low

EPSS

Percentile

42.9%

JSON

Potential Security Impact

Escalation of Privilege, Denial of Service, Information Disclosure, Loss of Confidentiality, Loss of Integrity

Source: HP, HP Product Security Response Team (PSRT)

Reported By: HP Inc.

VULNERABILITY SUMMARY

HP has identified a security vulnerability with some versions of Workstation BIOS (UEFI Firmware) where the runtime BIOS code could be tampered with if the TPM is disabled. The impacted Workstations ship with TPM enabled by default, except in certain geographic regions where TPM is required to be disabled. This vulnerability was discovered during internal testing, and HP is not aware of any exploits linked to it.

Updated Workstation BIOS (UEFI Firmware) is available using the links in the RESOLUTION section below.

RESOLUTION

HP has identified and released Workstation BIOS (UEFI Firmware) for the affected products. Versions greater than or equal to the Minimum Rev. do not have this vulnerability.

> note:
>
> HP recommends keeping your system up to date with the latest firmware and software.

Product Name

Minimum Rev.

Latest Rev.

SoftPaq #

SoftPaq Link

—|—|—|—|—

HP Z4 G4 Workstation (Xeon W)

1.70

1.75

SP95580

<https://ftp.hp.com/pub/softpaq/sp95501-96000/sp95580.exe>