Security Bypass and Code Execution Vulnerability in HP Sure Start Systems
CVE-2023-6215

7.2HIGH

Key Information:

Vendor

HP, Inc.

Vendor
CVE Published:
7 October 2025

What is CVE-2023-6215?

A security vulnerability has been detected in HP Sure Start concerning the protection of the Intel Flash Descriptor in specific HP PC products. This issue could potentially lead to security bypass, allowing unauthorized access to execute arbitrary code, which may compromise device integrity or confidentiality, or result in denial of service. HP is actively addressing this vulnerability by releasing BIOS updates to enhance protection and mitigate associated risks.

Affected Version(s)

HP Sure Start IFD Protection See HP security bulletin reference for affected versions

References

CVSS V4

Score:
7.2
Severity:
HIGH
Confidentiality:
Low
Integrity:
High
Availability:
High
Attack Vector:
Physical
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.