Firmware bugs in HP computer models were left unfixed for over a year
By MYBRANDBOOK
A set of six high-severity firmware vulnerabilities impacting a broad range of HP devices used in enterprise environments are still waiting to be patched. The flaws discovered recently are all SMM (System Management Module) memory corruption problems leading to arbitrary code execution.
A report highlighted that even though it’s been a month since they made some of the flaws public at Black Hat 2022, it hasn’t released security updates for all impacted models, leaving many customers exposed to attacks.
The six flaws that HP has left unpatched for months are:
· CVE-2022-23930 – Stack-based buffer overflow leading to arbitrary code execution.
· CVE-2022-31644 – Out-of-bounds write on CommBuffer, allowing partial validation bypassing.
· CVE-2022-31645 – Out-of-bounds write on CommBuffer based on not checking the size of the pointer sent to the SMI handler.
· CVE-2022-31646 – Out-of-bounds write based on direct memory manipulation API functionality, leading to privilege elevation and arbitrary code execution.
· CVE-2022-31640 – Improper input validation giving attackers control of the CommBuffer data and opening the path to unrestricted modifications.
· CVE-2022-31641 – Callout vulnerability in the SMI handler leading to arbitrary code execution.
SMM is part of the UEFI firmware that provides system-wide functions like low-level hardware control and power management. HP has released three security advisories acknowledging the mentioned vulnerabilities, along with an equal number of BIOS updates addressing the issues for some of the impacted models.
Singapore to remove One-Time Passwords from Bank Accounts
According to the Monetary Authority of Singapore, clients who utilise secur...
Is 375 million Airtel subscribers database breached?
When a hacker claims to have accessed and put up for sale a customer databa...
The government of India intends to construct a single portal f
A single portal will be launched by the Indian government to list all of it...
OpenAI offers GPT-4o, a faster model available to all users at
GPT-4o, a faster and more sophisticated AI model, is made available to all...
Icons Of India : Kumar Mangalam Birla
Aditya Birla Group chairman Kumar Mangalam Birla recently made a comeb...
Icons Of India : Dr. Sanjay Bahl
Dr. Sanjay Bahl has around four decades of experience in the ICT indus...
ICONS OF INDIA : RITESH AGARWAL
Ritesh Agarwal is an Indian billionaire entrepreneur and the founder a...
IFFCO - Indian Farmers Fertiliser Cooperative
IFFCO operates as a cooperative society owned and controlled by its fa...
GeM - Government e Marketplace
GeM is to facilitate the procurement of goods and services by various ...
STPI - Software Technology Parks of India
STPI promotes and facilitates the growth of the IT and ITES industry i...
Indian Tech Talent Excelling The Tech World - George Kurian, CEO, Netapp
George Kurian, the CEO of global data storage and management services ...
Indian Tech Talent Excelling The Tech World - AJAY BANGA, President - World Bank
Ajay Banga is an Indian-born American business executive who currently...
Indian Tech Talent Excelling The Tech World - Shantanu Narayen, CEO- Adobe Systems Incorporated
Shantanu Narayen, CEO of Adobe Systems Incorporated, is renowned for h...