HP products and boot services Improper Input Validation Vulnerability


A potential security vulnerability has been identified in multiple HP products and versions which involves possible execution of arbitrary code during boot services that can result in elevation of privilege.


The information has been provided by Vendor

The original article can be found at:https://support.hp.com/rs-en/document/c06456250



The EFI_BOOT_SERVICES structure might be overwritten by an attacker to execute arbitrary SMM (System Management Mode) code.


Vulnerable Systems:

HP products and boot services 


CVE Information:



Disclosure Timeline:
Published Date:11/5/2019