Security Bypass and Code Execution Vulnerability in HP Sure Start Systems
CVE-2023-6215

7.2HIGH

Key Information:

Vendor: HP, Inc.
Status: HP Sure Start Ifd Protection
Vendor: CVE Published:; 7 October 2025

What is CVE-2023-6215?

A security vulnerability has been detected in HP Sure Start concerning the protection of the Intel Flash Descriptor in specific HP PC products. This issue could potentially lead to security bypass, allowing unauthorized access to execute arbitrary code, which may compromise device integrity or confidentiality, or result in denial of service. HP is actively addressing this vulnerability by releasing BIOS updates to enhance protection and mitigate associated risks.

Affected Version(s)

HP Sure Start IFD Protection See HP security bulletin reference for affected versions

References

https://support.hp.com/us-en/document/ish_13064666-130646...

CVSS V4

Score:

7.2

Severity:

HIGH

Confidentiality:

Low

Integrity:

High

Availability:

High

Attack Vector:

Physical

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 7, 2025
Vulnerability Reserved
Nov 20, 2023

JSON

HP, Inc.

What is CVE-2023-6215?

Affected Version(s)

References

CVSS V4

Timeline