ASA-2019-00309 – HP: Processor Registers Left Unlocked When TPM is Disabled

Posted on by Allele Security Intelligence in Alerts

Allele Security Alert

ASA-2019-00309

Identifier(s)

ASA-2019-00309, CVE-2019-6321, CVE-2019-6322, PSR-2019-0091

Title

Processor Registers Left Unlocked When TPM is Disabled

Vendor(s)

HP

Product(s)

HP Z4 G4 Workstation (Xeon W)
HP Z4 G4 Workstation (Xeon W) (Linux)
HP Z4 G4 Core-X Workstation
HP Z4 G4 Core-X Workstation (Linux)
HP Z6 G4 Workstation
HP Z6 G4 Workstation (Linux)
HP Z8 G4 Workstation
HP Z8 G4 Workstation (Linux)

Affected version(s)

HP Z4 G4 Workstation (Xeon W)  versions less than or equal to 1.70
HP Z4 G4 Workstation (Xeon W) (Linux) versions less than or equal to 1.70
HP Z4 G4 Core-X Workstation versions less than or equal to 1.70
HP Z4 G4 Core-X Workstation (Linux) versions less than or equal to 1.70
HP Z6 G4 Workstation versions less than or equal to 1.71
HP Z6 G4 Workstation (Linux) versions less than or equal to 1.71
HP Z8 G4 Workstation versions less than or equal to 1.71
HP Z8 G4 Workstation (Linux) versions less than or equal to 1.71

Fixed version(s)

HP Z4 G4 Workstation (Xeon W)  versions greater than or equal to 1.70
HP Z4 G4 Workstation (Xeon W) (Linux) versions greater than or equal to 1.70
HP Z4 G4 Core-X Workstation versions greater than or equal to 1.70
HP Z4 G4 Core-X Workstation (Linux) versions greater than or equal to 1.70
HP Z6 G4 Workstation versions greater than or equal to 1.71
HP Z6 G4 Workstation (Linux) versions greater than or equal to 1.71
HP Z8 G4 Workstation versions greater than or equal to 1.71
HP Z8 G4 Workstation (Linux) versions greater than or equal to 1.71

Proof of concept

Unknown

Description

HP has identified a security vulnerability with some versions of Workstation BIOS (UEFI Firmware) where the runtime BIOS code could be tampered with if the TPM is disabled. The impacted Workstations ship with TPM enabled by default, except in certain geographic regions where TPM is required to be disabled.

Technical details

Unknown

Credits

Unknown

Reference(s)

HPSBHF03614 rev. 1 – Processor Registers Left Unlocked When TPM is Disabled
https://support.hp.com/us-en/document/c06318199

CVE-2019-6321
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6321

CVE-2019-6321
https://nvd.nist.gov/vuln/detail/CVE-2019-6321

CVE-2019-6322
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6322

CVE-2019-6322
https://nvd.nist.gov/vuln/detail/CVE-2019-6322

 

If there is any error in this alert or you wish a comprehensive analysis, let us know.

Last modified: June 3, 2019

We are not responsible for any data loss, device corruption or any other type of issue due to the use of any information mentioned in our security alerts.