MY BRAND BOOK Firmware bugs in HP computer models were left unfixed for over a year

Firmware bugs in HP computer models were left unfixed for over a year

By MYBRANDBOOK

A set of six high-severity firmware vulnerabilities impacting a broad range of HP devices used in enterprise environments are still waiting to be patched. The flaws discovered recently are all SMM (System Management Module) memory corruption problems leading to arbitrary code execution.

A report highlighted that even though it’s been a month since they made some of the flaws public at Black Hat 2022, it hasn’t released security updates for all impacted models, leaving many customers exposed to attacks.

The six flaws that HP has left unpatched for months are:

· CVE-2022-23930 – Stack-based buffer overflow leading to arbitrary code execution.

· CVE-2022-31644 – Out-of-bounds write on CommBuffer, allowing partial validation bypassing.

· CVE-2022-31645 – Out-of-bounds write on CommBuffer based on not checking the size of the pointer sent to the SMI handler.

· CVE-2022-31646 – Out-of-bounds write based on direct memory manipulation API functionality, leading to privilege elevation and arbitrary code execution.

· CVE-2022-31640 – Improper input validation giving attackers control of the CommBuffer data and opening the path to unrestricted modifications.

· CVE-2022-31641 – Callout vulnerability in the SMI handler leading to arbitrary code execution.

SMM is part of the UEFI firmware that provides system-wide functions like low-level hardware control and power management. HP has released three security advisories acknowledging the mentioned vulnerabilities, along with an equal number of BIOS updates addressing the issues for some of the impacted models.

BREAKING NEWS

Elon Musk Merges X with xAI in $33 Billion Stock Deal...

Elon Musk has made waves once again by merging X (formerly Twitter) with...

India Strengthens Electronics Supply Chain with ₹22,919 Cr Manu...

The scheme aims to attract an investment of INR 59,350 Cr, resulting in pro...

Govt Drops Import Duty making EV Batteries cheaper...

The Centre is taking measures to counter the impact of US President Donald ...

CERT-In’s New Advisory Unveils Hidden Cyber Threats...

The advisory highlights critical vulnerabilities in AI models, outlines mul...

TECHNO TRENDS

Legal Battle Over IT Act Intensifies Amid Musk’s India Plans

The outcome of the legal dispute between X Corp and the Indian government c...

Wipro inks 10-year deal with Phoenix Group's ReAssure UK worth

The agreement, executed through Wipro and its 100% subsidiary,...

Centre announces that DPDP Rules nearing Finalisation by April

The government seeks to refine the rules for robust data protection, ensuri...

Home Ministry cracks down on PoS agents in digital arrest scam

Digital arrest scams are a growing cybercrime where victims are coerced or ...

E-Magazine

TECHNOTAINMENT

For 2nd Time, Kaspersky announced Mumbai Indians’ Official C

Hrithik Roshan to endorse RuPay as Brand Ambassador

RuPay is reportedly planning to feature Bollywood superstar Hrithik Rosha

India Today Group launches – AI Pop Stars

Staying true to our industry leadership position in using cutting-edge tech

MOVERS & SHAKERS

Cloudflare Promotes Goran Risticevic as VP & MD for APAC

TelioLabs ropes in Phaniraj V A as the Group CEO

TelioLabs has announced the onboarding of Phaniraj V A as its new Group CE

Wipro Appoints Amit Kumar as Managing Partner and Global Head

Wipro Limited (NYSE: WIT, BSE: 507685, NSE: WIPRO), a leading technology s

OPEN YOUR EYES

Urgency In Refuelling Digital Transformation For Customizing Needs

Rising Uncertainty On The Start-ups At The Verge Of Collapse

How Technology companies are bringing innovative solutions during COVID-19

India Celebrates MSME Day, Focusing Business Continuity During COVID-19 Outbreak

Building of a secure infrastructure is highly essential to stop malicious activity

INTERVIEWS

In India, 88% of Indian business leaders are planning to inves

Alcatel-Lucent Enterprise Carrying a 100 year legacy ahead

A good amount of R&D works and global support services are operated out of

Bolstering its commitment to help build a truly self-reliant B

CP PLUS is dedicated to spreading a sense of security to every corner of In

HOT PICK

ASUS ExpertCenter P500 Mini Tower Desktop PC's launched in Ind

MSI Announces the availability of RTX 50 series of laptops in

MSI, the innovative computing manufacturer in gaming, creator

Nothing Phone (3a) goes on sale today, starting at Rs 19,999

The phone was launched on March 4, featuring a 50MP main, ultra-wide, and t

MAKE IN INDIA BRANDS

LAVA INTERNATIONAL LTD.

TP-LINK INDIA PVT. LTD.

HAVELLS INDIA LTD.

EXIDE INDUSTRIES LTD.

EMINENT CIO'S OF INDIA

STRATEGIC FRAMEWORK FOR SUSTAINABLE BUSINESS EXPANSION IS PATHWAY TO PROSPERITY

Accelerate the adoption of AI and machine learning...

AGILE TECHNIQUE ENCOURAGES TEAMWORK, ADAPTABILITY, AND CONTINUOUS ITERATION

Several emerging technology trends are significant...

AIM TO PUT IA SOLUTIONS WITH A WIDE “GENERAL INTELLIGENCE” SCOPE INTO PRACTICE

Our firm is fortunate to be led by distinguished i...

ICONS OF INDIA

Icons Of India : Puneet Chandok

Puneet Chandok is President, Microsoft India & South Asia and is respo...

Icons Of India : Bhavish Aggarwal

Indian entrepreneur Bhavish Aggarwal is the CEO of Ola, India’s larg...

Icons Of India : Debjani Ghosh

Debjani Ghosh is the President of the National Association of Software...

PARTNER SPEAKERS

Fostering Positive Relationships and Enhancing Customer Satisfaction

Bloom Electronics’ data-driven insights for strategic brand decision and bra...

Driving digital india with Niveshan Technologies – A Trusted “Saathi”

With a wide array of IT services, from Datacenter Services to Business Continu...

Revolutionizing surveillance industry with innovative range of accessories

Adoption of digital technology is essential for real growth and without this s...

PSU

IREDA - Indian Renewable Energy Development Agency Limited

IREDA is a specialized financial institution in India that facilitates...

ECIL - Electronics Corporation of India Limited

ECIL is distinguished by its diverse technological capabilities and it...

NPCI - National Payments Corporation of India

NPCI is an umbrella organization for operating retail payments and set...

VIDEOS

Top 25 Brands

Most Trusted Brands 2024 : Samsung Electronics Co. Ltd.

Samsung invests heavily in marketing campaigns to promote...

Most Trusted Brands 2024 : Cisco Systems Inc

Cisco positions itself as the company that connects people, devices, and data,...

Most Trusted Brands 2024: GOOGLE

Google has a long history of technological innovation across various domains, ...

Global Indian industry

Indian Tech Talent Excelling The Tech World - JAY CHAUDHRY, CEO – Zscaler

Jay Chaudhry, an Indian-American technology entrepreneur, is the CEO a...

Indian Tech Talent Excelling The Tech World - RAVI KUMAR S, CEO- Cognizant

Ravi Kumar S, appointed as CEO of Cognizant in January 2023, sets the ...

Indian Tech Talent Excelling The Tech World - Rajiv Ramaswami, President & CEO, Nutanix Technologies

Rajiv Ramaswami, President and CEO of Nutanix, brings over 30 years of...

ITFORUM 2025

STARNITE AWARDS 2024

CMO of the Year

WOMEN LEADERSHIP

IMAGE GALLERY

TRENDS IN TECHNOLOGY