CVE-2019-18913 — INC HP Intel-based Business PCS That Support Microsoft Windows 10 Kernel DMA Protect vulnerability

3 documents3 sources

Severity

6.8MEDIUMNVD

EPSS

0.1%

top 76.15%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

HP Elite Dragonfly Firmware HP Elite X2 G4 Firmware HP Elitebook 830 G6 Firmware +31 more

Timeline

PublishedJan 31

Latest updateMay 24

Description

A potential security vulnerability with pre-boot DMA may allow unauthorized UEFI code execution using open-case attacks. This industry-wide issue requires physically accessing internal expansion slots with specialized hardware and software tools to modify UEFI code in memory. This affects HP Intel-based Business PCs that support Microsoft Windows 10 Kernel DMA protection. Affected versions depend on platform (prior to 01.04.02; or prior to 02.04.01; or prior to 02.04.02).

CVSS vector

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 0.9 | Impact: 5.9

Affected Packages34 packages

▶CVEListV5hp_inc/hp_intel-based_business_pcs_that_support_microsoft_windows_10_kernel_dma_protectDepends on platform. Prior to 01.04.02, or prior to 02.04.01, or prior to 02.04.02.+2

▶NVDhp/elite_x2_g4_firmware< 01.04.02

▶NVDhp/zhan_x_13_g2_firmware< 01.04.02

▶NVDhp/probook_640_g5_firmware< 01.04.02

▶NVDhp/probook_650_g5_firmware< 01.04.02

Patches

Patch: support.hp.com ↗Patch: support.hp.com ↗

🔴Vulnerability Details

GHSA

GHSA-55w2-94jr-cc63: A potential security vulnerability with pre-boot DMA may allow unauthorized UEFI code execution using open-case attacks↗2022-05-24

▶

CVEList

CVE-2019-18913: A potential security vulnerability with pre-boot DMA may allow unauthorized UEFI code execution using open-case attacks↗2020-01-31

▶