cbcvebase.
CVE-2019-18913
published 2020-01-31

CVE-2019-18913: A potential security vulnerability with pre-boot DMA may allow unauthorized UEFI code execution using open-case attacks. This industry-wide issue requires…

medium6.8CVSS 3.1
AVPACLPRNUINSUCHIHAH
A potential security vulnerability with pre-boot DMA may allow unauthorized UEFI code execution using open-case attacks. This industry-wide issue requires physically accessing internal expansion slots with specialized hardware and software tools to modify UEFI code in memory. This affects HP Intel-based Business PCs that support Microsoft Windows 10 Kernel DMA protection. Affected versions depend on platform (prior to 01.04.02; or prior to 02.04.01; or prior to 02.04.02).

Affected

36 ranges· showing 25
VendorProductVersion rangeFixed in
hpelite_dragonfly_firmware< 01.04.0201.04.02
hpelite_x2_g4_firmware< 01.04.0201.04.02
hpelitebook_830_g6_firmware< 01.04.0201.04.02
hpelitebook_836_g6_firmware< 01.04.0201.04.02
hpelitebook_840_g6_firmware< 01.04.0201.04.02
hpelitebook_840_g6_healthcare_edition_firmware< 01.04.0201.04.02
hpelitebook_846_g6_firmware< 01.04.0201.04.02
hpelitebook_846_g6_healthcare_edition_firmware< 01.04.0201.04.02
hpelitebook_850_g6_firmware< 01.04.0201.04.02
hpelitebook_x360_1030_g4_firmware< 01.04.0201.04.02
hpelitebook_x360_1040_g6_firmware< 01.04.0201.04.02
hpelitebook_x360_830_g6_firmware< 01.04.0201.04.02
hpelitedesk_800_g5_dm_firmware< 02.04.0202.04.02
hpelitedesk_800_g5_sff_firmware< 02.04.0202.04.02
hpelitedesk_800_g5_twr_firmware< 02.04.0202.04.02
hpeliteone_800_g5_aio_firmware< 02.04.0202.04.02
hpprobook_640_g5_firmware< 01.04.0201.04.02
hpprobook_650_g5_firmware< 01.04.0201.04.02
hpprodesk_400_g5_dm_firmware< 02.04.0102.04.01
hpprodesk_400_g6_mt_firmware< 02.04.0102.04.01
hpprodesk_400_g6_sff_firmware< 02.04.0202.04.02
hpprodesk_480_g6_mt_firmware< 02.04.0102.04.01
hpprodesk_600_g5_dm_firmware< 02.04.0102.04.01
hpprodesk_600_g5_mt_firmware< 02.04.0102.04.01
hpprodesk_600_g5_pci_mt_firmware< 02.04.0102.04.01