Intel® Virtual RAID on CPU (VROC) May 2023 Security Update

2023-05-0900:00:00

HP Product Security Response Team

support.hp.com

intel

vroc

security update

may 2023

vulnerabilities

privilege escalation

denial of service

updates

affected platforms

softpaqs

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

0.0004 Low

EPSS

Percentile

9.2%

JSON

Intel has informed HP of potential security vulnerabilities in the Intel® Virtual RAID on CPU (VROC) software, which might allow escalation of privilege or denial of service. Intel is releasing software updates to mitigate these potential vulnerabilities.

Intel has released updates to mitigate the potential vulnerabilities. HP has identified affected platforms and corresponding SoftPaqs with minimum versions that mitigate the potential vulnerabilities. See the following affected products list.

Affected configurations

Vulners

Node

hphp_z4_g4_workstation_\(core-x\)Range<7.8.0.1031

hphp_z4_g4_workstation_\(xeon_w\)Range<7.8.0.1031

hphp_z6_g4_workstationRange<7.8.0.1031

hphp_z8_g4_workstationRange<7.8.0.1031

hphp_zcentral_4r_workstationRange<7.8.0.1031

CPENameOperatorVersion
hp z4 g4 workstation (core-x)lt7.8.0.1031
hp z4 g4 workstation (xeon w)lt7.8.0.1031
hp z6 g4 workstationlt7.8.0.1031
hp z8 g4 workstationlt7.8.0.1031
hp zcentral 4r workstationlt7.8.0.1031

Name	Operator	Version
hp z4 g4 workstation (core-x)	lt	7.8.0.1031
hp z4 g4 workstation (xeon w)	lt	7.8.0.1031
hp z6 g4 workstation	lt	7.8.0.1031
hp z8 g4 workstation	lt	7.8.0.1031
hp zcentral 4r workstation	lt	7.8.0.1031