A potential security vulnerability has been identified in the system BIOS of 90 HP Notebook PCs, Desktop PCs and Desktop Workstation PCs that could allow escalation of privilege and code execution. HP is providing firmware updates to mitigate the potential security vulnerability.
HP has identified the affected platforms and corresponding SoftPaqs with minimum versions that mitigate the potential vulnerabilities. Affected platforms include many HP models such as:
- HP Elite x2, EliteBook, ProBook, ZBook series notebooks
- HP Desktop PCs from the Elite Slice, EliteDesk, EliteOne, ProDesk, ProOne series
- HP Desktop Workstation PCs Z1 All-in-One, Z2 Mini G3, Z240 Small, Z240 Tower series
The complete model lists can be found on the HP page with descriptions and appropriate links.
Vulnerability with HIGH 7.9 out of 10
HP classifies the CVE-2022-37018 vulnerability with a base score of 7.9 as high (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I :H/A:L). HP therefore recommends updating an affected system to the latest firmware version as soon as possible.
More at HP.com