Firmware bugs in HP computer models were left unfixed for over a year
By MYBRANDBOOK
A set of six high-severity firmware vulnerabilities impacting a broad range of HP devices used in enterprise environments are still waiting to be patched. The flaws discovered recently are all SMM (System Management Module) memory corruption problems leading to arbitrary code execution.
A report highlighted that even though it’s been a month since they made some of the flaws public at Black Hat 2022, it hasn’t released security updates for all impacted models, leaving many customers exposed to attacks.
The six flaws that HP has left unpatched for months are:
· CVE-2022-23930 – Stack-based buffer overflow leading to arbitrary code execution.
· CVE-2022-31644 – Out-of-bounds write on CommBuffer, allowing partial validation bypassing.
· CVE-2022-31645 – Out-of-bounds write on CommBuffer based on not checking the size of the pointer sent to the SMI handler.
· CVE-2022-31646 – Out-of-bounds write based on direct memory manipulation API functionality, leading to privilege elevation and arbitrary code execution.
· CVE-2022-31640 – Improper input validation giving attackers control of the CommBuffer data and opening the path to unrestricted modifications.
· CVE-2022-31641 – Callout vulnerability in the SMI handler leading to arbitrary code execution.
SMM is part of the UEFI firmware that provides system-wide functions like low-level hardware control and power management. HP has released three security advisories acknowledging the mentioned vulnerabilities, along with an equal number of BIOS updates addressing the issues for some of the impacted models.
The government of India intends to construct a single portal f
A single portal will be launched by the Indian government to list all of it...
OpenAI offers GPT-4o, a faster model available to all users at
GPT-4o, a faster and more sophisticated AI model, is made available to all...
Paytm brings UPI Lite Wallet for low-value transactions
Paytm’s parent company One97 Communications (OCL) is emphasizing upon UP...
BHIM to join e-commerce, competing with PhonePe and Google Pay
The government-supported payment software BHIM is getting ready to join t...
TP-LINK INDIA PVT LTD.
TEJAS NETWORKS INDIA PVT. LTD.
LUMINOUS POWER TECHNOLOGIES PVT. LTD.
SECLORE TECHNOLOGY PVT. LTD.
Technology Icons Of India 2023: Madhabi Puri Buch
Madhabi Puri Buch is the chairperson of the securities regulatory body...
Technology Icons Of India 2023: Nandan Nilekani
Nandan Nilekani is the Co-Founder and Chairman of the Board, Infosys T...
Technology Icons Of India 2023: Hari Om Rai
Hari Om Rai is the Co-founder, Chairman & Managing Director of Lava In...
Aadhaar: Architecting the World's Largest Biometric Identity System
The Unique Identification Authority of India (UIDAI) is a statutory au...
STPI encouraging software exports from India
Software Technology Parks of India (STPI) is an S&T organization under...
New defence PSUs will help India become self-reliant
MIL, India’s biggest manufacturer and market leader is engaged in Pr...
Crayon Software Experts India Pvt Ltd
Crayon helps its customers build the commercial and technical foundati...
INGRAM MICRO INDIA PVT. LTD.
Ingram Micro India, a large national distributor offers a comprehensiv...
TECHNOBIND SOLUTIONS PVT. LTD.
TechnoBind’s business model is focused on identifying and partnering...