Physical bypass of certain HP TamperLock features

Potential vulnerabilities have been identified in certain HP Desktop PC products using the HP TamperLock feature, which might allow intrusion detection bypass via a physical attack. HP is releasing firmware and guidance to mitigate these potential vulnerabilities. Desktop Workstation mitigation f...

HP PC Hardware Diagnostics Windows, HP Image Assistant, and HP Thunderbolt Dock G2 Firmware – Potential Buffer Overflow, Elevation of Privilege

Certain versions of HP PC Hardware Diagnostics Windows, HP Image Assistant, and HP Thunderbolt Dock G2 Firmware are potentially vulnerable to buffer overflow and/or elevation of privilege. HP has released updates to mitigate the potential vulnerabilities. HP has identified affected platforms and...

Intel® Virtual RAID on CPU (VROC) May 2023 Security Update

Intel has informed HP of potential security vulnerabilities in the Intel® Virtual RAID on CPU VROC software, which might allow escalation of privilege or denial of service. Intel is releasing software updates to mitigate these potential vulnerabilities. Intel has released updates to mitigate the...

HP PC BIOS December 2022 Security Update (TOCTOU)

A potential Time-of-Check to Time-of-Use TOCTOU vulnerability has been identified in the BIOS for certain HP PC products which might allow arbitrary code execution, denial of service, and information disclosure. HP is releasing BIOS updates to mitigate the potential vulnerability. HP has identifi...

HP Security Manager - Multiple vulnerabilities

Potential vulnerabilities have been identified in HP Security Manager which may allow escalation of privilege, arbitrary code execution, and information disclosure. Update your printer software...

Intel 2022.3 IPU - BIOS November 2022 Security Update

Intel has informed HP of potential security vulnerabilities in the BIOS firmware for some Intel® Processors which may allow escalation of privilege. Intel is releasing firmware updates to mitigate these potential vulnerabilities. Intel has released updates to mitigate the potential vulnerabilitie...

HP JetAdvantage Management Connector – Elevation of Privilege v.01

HP JetAdvantage Management Connector software is potentially vulnerable to Elevation of Privilege when repair of the MSI is invoked. Update your printer software...

HPSBHF03713 rev. 1 - Intel® Extreme Tuning Utility (XTU) February 2021 Security Update

Potential Security Impact Denial of Service Source: HP, HP Product Security Response Team PSRT Reported By: Intel VULNERABILITY SUMMARY Intel has informed HP of a potential security vulnerability identified in the Intel® Extreme Tuning Utility XTU which may allow denial of service. Intel is...

HPSBHF03699 rev. 2 - Intel® High Definition Audio Driver November 2020 Security Update

Potential Security Impact Escalation of Privilege Source: HP, HP Product Security Response Team PSRT Reported by: Intel VULNERABILITY SUMMARY Intel has informed HP of a potential security vulnerability identified in some Intel® High Definition Audio drivers which may allow escalation of privilege...

HPSBHF03696 rev. 1 - Intel® Extreme Tuning Utility (XTU) November 2020 Security Update

Potential Security Impact Escalation of Privilege Source: HP, HP Product Security Response Team PSRT Reported By: Intel® VULNERABILITY SUMMARY Intel has informed HP of a potential security vulnerability identified in the Intel® Extreme Tuning Utility XTU which may allow escalation of privilege...

HPSBHF03685 rev. 2 - Intel® AMT and Intel® ISM September 2020 Security Updates

Potential Security Impact Escalation of Privilege Source: HP, HP Product Security Response Team PSRT Reported By: Intel® VULNERABILITY SUMMARY Intel® has informed HP of potential security vulnerabilities identified in the Intel® Active Management Technology AMT and Intel® Standard Manageability I...

HPSBHF03664 rev. 3 - Intel® PROSet/Wireless WiFi Software April 2020 Security Updates

Potential Security Impact Escalation of Privilege, Denial of Service. Source: HP, HP Product Security Response Team PSRT Reported by: Intel VULNERABILITY SUMMARY Intel has informed HP of potential security vulnerabilities in some Intel PROSet/Wireless WiFi Software products may allow denial of...

HPSBHF03661 rev. 1 - HP Connection Optimizer Escalation of Privilege

Potential Security Impact Escalation of Privilege VULNERABILITY SUMMARY A potential security vulnerability in the HP Connection Optimizer driver may allow escalation of privilege. RESOLUTION HP has identified the affected platforms and target versions for SoftPaqs. See the affected platforms list...

HPSBHF03658 rev. 3 - Intel® Graphics Drivers March 2020 Security Updates

Potential Security Impact Escalation of Privilege, Denial of Service, Information Disclosure. Source: HP, HP Product Security Response Team PSRT Reported By: Intel VULNERABILITY SUMMARY Intel has reported potential security vulnerabilities in Intel® Graphics Drivers for Windows which may allow...

HPSBGN03605 rev.1 - HP Support Assistant DLL Loading Vulnerability

Potential Security Impact Execution of arbitrary code. Source: HP, HP Product Security Response Team PSRT Reported By: Marius Gabriel Mihai VULNERABILITY SUMMARY The vulnerability allows an unauthorized person to load arbitrary code. RESOLUTION Version 8.7.50.3 was released on December 11, 2018...

Intel® PROSet/Wireless and Killer™ Wi-Fi Software February 2024 Security Update

Intel has informed HP of potential security vulnerabilities in some Intel® PROSet/Wireless and Intel® Killer™ Wi-Fi software, which might allow escalation of privilege, information disclosure or denial of service. Intel is releasing software updates to mitigate these potential vulnerabilities...

Certain HP LaserJet Pro Print Products - Potential Buffer Overflow

Certain HP LaserJet Pro print products are potentially vulnerable to Buffer Overflow when performing a GET request to scan jobs. Update the printer firmware...

HP Smart App for Windows, HP Print and Scan Doctor - Elevation of privilege

HP Print and Scan Doctor, an application within the HP Smart App for Windows, is potentially vulnerable to local elevation of privilege. Update your printer software...

Intel® Thunderbolt™ Controller June 2021 Security Update

Intel has informed HP of potential security vulnerabilities identified in the Intel® Thunderbolt™ controllers which may allow denial of services. Intel is releasing firmware updates to mitigate these potential vulnerabilities. Intel has released updates to mitigate the potential vulnerabilities. ...

HPSBHF03706 rev. 2 - Intel Unite® Client November 2020 Security Updates

Potential Security Impact Escalation of Privilege, Information Disclosure Source: HP, HP Product Security Response Team PSRT Reported By: Intel® VULNERABILITY SUMMARY Intel has informed HP of potential security vulnerabilities identified in the Intel® Unite® Client and Cloud Service Client softwa...

HPSBHF03690 rev. 3 - NVIDIA GPU Display Driver September 2020 Security Updates

Potential Security Impact Escalation of Privilege, Code Execution, Denial of Service, Information Disclosure. Source: HP, HP Product Security Response Team PSRT Reported By: NVIDIA VULNERABILITY SUMMARY NVIDIA has informed HP of potential security vulnerabilities in the NVIDIA GPU Display Driver...

HPSBHF03602 rev. 4 - Synaptics Touchpad Driver for Windows Can Leak Freed Kernel Memory Pointers

Potential Security Impact Information Disclosure Source: HP, HP Product Security Response Team PSRT Reported By: Synaptics VULNERABILITY SUMMARY The Synaptics TouchPad driver can reveal freed kernel memory pointers through the driver API. This could be used by an unauthorized third party to weake...

HPSBHF03576 rev. 3 - Intel AMT MEBx Bypass

Potential Security Impact Elevation of Privilege/Information Disclosure. Reported by: F-Secure, Google VULNERABILITY SUMMARY Un-provisioned Intel® vPro™ platforms containing Intel® Active Management Technology Intel® AMT are vulnerable to unauthorized local provisioning via physical access. The...

HPSBHF03408 rev.3 - HP PCs with HP lt4112 LTE/HSPA+ Gobi 4G Module, Remote Execution of Arbitrary Code

Potential Security Impact Remote execution of arbitrary code VULNERABILITY SUMMARY Potential security vulnerabilities have been identified in certain HP notebook PCs with the HP lt4112 LTE/HSPA+ Gobi 4G Module. The vulnerabilities could be exploited remotely to allow execution of arbitrary code...

Intel Processor Firmware February 2026 Security Update

Intel has informed HP of a potential security vulnerability in some Intel® Processors, which might allow escalation of privilege. Intel is releasing microcode updates to mitigate this potential vulnerability. Intel has released updates to mitigate the potential vulnerability. HP has identified...

AMD SPI Lock Bypass June 2024 Security Update

AMD has informed HP of a potential weakness in AMD SPI protection features, which might allow arbitrary code execution. AMD is releasing firmware updates and HP is enabling AMD ROM Armor to mitigate these vulnerabilities. AMD has released updates to mitigate the potential vulnerability. HP has...

Intel Ethernet Controller I225 May 2024 Security Update

Intel has informed HP of potential security vulnerabilities in some Intel® Ethernet Controller I225 Manageability firmware which might allow escalation of privilege or denial of service. Intel released firmware and software updates to mitigate these potential vulnerabilities. Intel has released...

HPSBHF03656 rev. 4 - Intel® Chipset Device Software INF Utility Security Update

Potential Security Impact Denial of Service. Source: HP, HP Product Security Response Team PSRT Reported by: Intel® VULNERABILITY SUMMARY HP has been notified of a potential security vulnerability in Intel® Chipset Device Software INF Utility that may allow denial of service via local access. Int...

HPSBHF03615 rev. 2 - Intel Graphics Drivers Security Updates

Potential Security Impact Denial of Service Source: HP, HP Product Security Response Team PSRT Reported By: Intel VULNERABILITY SUMMARY Multiple potential security vulnerabilities in Intel® Graphics Driver for Windows may allow users to cause denial of service. RESOLUTION HP has identified the...

HPSBHF03597 rev. 3 - PortSmash Side-Channel Vulnerability

Potential Security Impact Information disclosure. Source: HP, HP Product Security Response Team PSRT Reported By: Tampere University of Technology, Finland and Technical University, Cuba VULNERABILITY SUMMARY An industry-wide vulnerability has been reported which impacts CPUs that use Simultaneou...

HPSBPI03562 rev 1 - HP JetAdvantage Security Manager, Cross-site scripting, Denial of Service

Potential Security Impact HP JetAdvantage Security Manager, Cross-site scripting, Denial of service Reported by: HP VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with HP JetAdvantage Security Manager. The vulnerabilities could potentially be exploited to allow stor...

HPSBPI02732 SSRT100435 rev.2 - HP Managed Printing Administration, Remote Execution of Arbitrary Code and Other Vulnerabilities

Potential Security Impact Remote execution of arbitrary code, directory traversal, creation and deletion of arbitrary files, unauthorized access to application database VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with HP Managed Printing Administration. These...

HPSBPI01078 SSRT4739 rev.3 - HP Web Jetadmin, Remote Execution of Arbitrary Commands

Potential Security Impact Remote execution of arbitrary commands VULNERABILITY SUMMARY A potential vulnerability has been identified with HP Web Jetadmin. The vulnerability could be remotely exploited resulting in the execution of arbitrary commands on the system running HP Web Jetadmin...

NVIDIA GPU Display Driver June 2023 Security Updates

NVIDIA has informed HP of potential security vulnerabilities identified in the NVIDIA® GPU Display Driver for Windows which might allow escalation of privilege, arbitrary code execution, denial of service, or information disclosure. NVIDIA has released updates to mitigate these vulnerabilities...

HPSBGN03662 rev. 1 - HP Support Assistant Potential Escalation of Privilege and Arbitrary File Deletion

Potential Security Impact Potential escalation of privilege and arbitrary file deletion. VULNERABILITY SUMMARY Potential escalation of privilege and arbitrary file deletion vulnerabilities have been identified with certain versions of HP Support Assistant. RESOLUTION A patch was released on April...

HPSBHF03651 rev. 4 - Intel® CSME February 2020 Security Update

Potential Security Impact Escalation of Privilege, Denial of Service, and Information Disclosure. Source: HP, HP Product Security Response Team PSRT Reported by: Intel® VULNERABILITY SUMMARY HP has been notified of potential security vulnerabilities involving improper authentication with the Inte...

HPSBGN03625 rev.1 - HP Touchpoint Analytics Execution of Arbitrary Code

Potential Security Impact Execution of arbitrary code. Source: HP, HP Product Security Response Team PSRT Reported by: Peleg Hadar SafeBreach Labs VULNERABILITY SUMMARY A potential security vulnerability has been identified with certain versions of HP Touchpoint Analytics prior to version...

HPSBHF03586 rev. 1 - DCI Policy Update

Potential Security Impact Information disclosure and escalation of privilege via limited physical presence. Source: HP, HP Product Security Response Team PSRT Reported by: Intel VULNERABILITY SUMMARY Intel platforms, starting with Skylake, support a USB 3-based debugging interface a.k.a. Direct...

AMD Processors February 2024 Security Updates

AMD has informed HP of potential vulnerabilities identified in client platform firmware for some AMD processors, which might allow escalation of privilege, arbitrary code execution, denial of service, and/or information disclosure. AMD is releasing firmware updates to mitigate these...

HP PC BIOS May 2024 Security Updates for Potential Stack Buffer Overflows

Potential vulnerabilities have been identified in the system BIOS for certain HP PC products, which might allow escalation of privileges and code execution. HP is releasing firmware updates to mitigate the potential vulnerabilities. HP has identified affected platforms and corresponding SoftPaqs...

Privilege escalation via HPSFViewer

HPSFViewer might allow Escalation of Privilege. This potential vulnerability was remediated on July 29th, 2022. Customers who opted for automatic updates should have already received the remediation. HP strives to address all security issues with HP apps at best possible speed and make the latest...

Intel® Ethernet Controllers August 2022 Security Update

Intel has informed HP of potential security vulnerabilities in some Intel® Ethernet Controllers and Adapters which may allow denial of service. Intel is releasing firmware updates to mitigate these potential vulnerabilities. Intel has released updates to mitigate the potential vulnerabilities. HP...

Intel® SSD DC Firmware November 2021 Security Update

Intel has informed HP of a potential vulnerability in some Intel® Solid State Drive SSD Data Center DC products which may allow information disclosure. Intel is releasing firmware updates to mitigate this potential vulnerability. Intel has released updates to mitigate the potential vulnerability...

HPSBHF03674 rev. 1 - Synaptics® VFS75xx Fingerprint Sensors Equipped with External Flash

Potential Security Impact Information Disclosure Source: HP, HP Product Security Response Team PSRT Reported By: Synaptics® VULNERABILITY SUMMARY Synaptics has notified HP of a potential security vulnerability in certain versions of VFS75xx Fingerprint Sensors equipped with external flash, which...

HPSBPI03653 rev. 1 - HP LaserJet Software Solution Elevation of Privilege for Certain HP LaserJet Printers

Potential Security Impact Elevation of privilege Source: HP, HP Product Security Response Team PSRT VULNERABILITY SUMMARY A potential security vulnerability has been identified for HP LaserJet Solution Software for certain HP LaserJet Printers which may lead to unauthorized elevation of privilege...

HPSBHF03592 rev. 3 - Intel Converged Security and Management Engine (CSME) and Power Management Controller (PMC) Security Updates

Potential Security Impact Elevation of privilege, information disclosure, denial of service Source: Intel Reported By: Intel VULNERABILITY SUMMARY Potential security vulnerabilities with Intel CSME firmware and PMC firmware have been identified that could potentially place impacted platforms at...

HPSBPI02887 rev.3 - Certain HP LaserJet Pro Printers, Remote Information Disclosure

Potential Security Impact Remote information disclosure VULNERABILITY SUMMARY A potential security vulnerability has been identified with certain HP LaserJet Pro printers. The vulnerability could be exploited remotely to gain unauthorized access to data. RESOLUTION HP has provided updated printer...

Certain HP Enterprise LaserJet, HP LaserJet Managed Printers – Potential Buffer Overflow

Certain HP Enterprise LaserJet, and HP LaserJet Managed Printers are potentially vulnerable to buffer overflow when using libwebp in Google Chrome or other web browsers. This issue occurs in all versions of libwebp prior to 1.3.2. Update your printer firmware...

AMI UEFI Firmware December 2022 Security Update (TOCTOU)

A potential Time-of-Check to Time-of-Use TOCTOU vulnerability has been identified in certain HP PC products using AMI UEFI Firmware system BIOS which might allow arbitrary code execution, denial of service, and information disclosure. AMI has released updates to mitigate the potential...

Intel® Graphics Drivers August 2021 Security Update

Intel has informed HP of potential security vulnerabilities in some Intel® Graphics Drivers which may allow escalation of privilege or denial of service. Intel is releasing software updates to mitigate these potential vulnerabilities. Intel has released updates to mitigate the potential...