A report by cybersecurity firm Binarly points to the detection of 16 critical vulnerabilities in various implementations of Unified Extensible Firmware Interface (UEFI), present in multiple HP enterprise devices. According to the researchers, threat actors can exploit these flaws to implant firmware capable of evading UEFI Secure Boot, Intel Boot Guard, and virtualization-based security measures.
Affected devices include HP enterprise deployments such as laptops, desktops, point-of-sale systems, and edge computing nodes: “Exploiting detected flaws would allow threat actors to execute privileged code on firmware and even deliver persistent malicious code that survives operating system reinstallations,” Binarly reports.
This is the list of vulnerabilities described in the report:
- CVE-2021-39297: DXE stack buffer overflow that would allow arbitrary code execution
- CVE-2021-39298: SMM call that would trigger privilege escalation
- CVE-2021-39299: DXE stack buffer overflow for arbitrary code execution
- CVE-2021-39300: DXE stack overflow that would allow arbitrary code execution
- CVE-2021-39301: DXE stack overflow for arbitrary code execution
- CVE-2022-23924: SMM heap buffer overflow for arbitrary code execution
- CVE-2022-23925: SMM memory corruption that would allow arbitrary code execution
- CVE-2022-23926: SMM memory corruption that would allow arbitrary code execution
- CVE-2022-23927: SMM memory corruption that would allow arbitrary code execution
- CVE-2022-23928: SMM memory corruption that would allow arbitrary code execution
- CVE-2022-23929: SMM memory corruption that would allow arbitrary code execution
- CVE-2022-23930: SMM memory corruption that would allow arbitrary code execution
- CVE-2022-23931: SMM memory corruption that would allow arbitrary code execution
- CVE-2022-23932: SMM call that would allow privilege escalation
- CVE-2022-23933: SMM call that would allow privilege escalation
- CVE-2022-23934: SMM memory corruption that would allow arbitrary code execution
The most dangerous vulnerabilities in this report are memory corruption errors in the System Management Mode firmware feature. Threat actors could exploit these flaws to execute arbitrary code with high privileges on affected systems.
The company recommends installing HP UEFI firmware security updates, issued in February, to address the reported vulnerabilities.
To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.
He is a well-known expert in mobile security and malware analysis. He studied Computer Science at NYU and started working as a cyber security analyst in 2003. He is actively working as an anti-malware expert. He also worked for security companies like Kaspersky Lab. His everyday job includes researching about new malware and cyber security incidents. Also he has deep level of knowledge in mobile security and mobile vulnerabilities.