Pre-Boot DMA Vulnerability in HP Intel-Based Business PCs
CVE-2019-18913

6.8MEDIUM

Key Information:

Vendor: HP
Status: HP Intel-based Business Pcs That Support Microsoft Windows 10 Kernel Dma Protection.
Vendor: CVE Published:; 31 January 2020

Summary

A potential security vulnerability exists in HP Intel-based Business PCs that supports Microsoft Windows 10 Kernel DMA protection. This issue could enable unauthorized UEFI code execution through pre-boot DMA attacks, which require physical access to the internal expansion slots of the device. Attackers utilizing specialized hardware and software could exploit this vulnerability to modify UEFI code in memory. It is important for users to be aware of the versions affected to mitigate risks associated with this vulnerability.

Affected Version(s)

HP Intel-based Business PCs that support Microsoft Windows 10 Kernel DMA protection. Depends on platform. Prior to 01.04.02

HP Intel-based Business PCs that support Microsoft Windows 10 Kernel DMA protection. or prior to 02.04.01

HP Intel-based Business PCs that support Microsoft Windows 10 Kernel DMA protection. or prior to 02.04.02.

References

https://support.hp.com/us-en/document/c06549501

x_refsource_CONFIRM

CVSS V3.1

Score:

6.8

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Physical

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 31, 2020
Vulnerability Reserved
Nov 12, 2019