Allele Security Alert
ASA-2019-00309
Identifier(s)
ASA-2019-00309, CVE-2019-6321, CVE-2019-6322, PSR-2019-0091
Title
Processor Registers Left Unlocked When TPM is Disabled
Vendor(s)
HP
Product(s)
HP Z4 G4 Workstation (Xeon W)
HP Z4 G4 Workstation (Xeon W) (Linux)
HP Z4 G4 Core-X Workstation
HP Z4 G4 Core-X Workstation (Linux)
HP Z6 G4 Workstation
HP Z6 G4 Workstation (Linux)
HP Z8 G4 Workstation
HP Z8 G4 Workstation (Linux)
Affected version(s)
HP Z4 G4 Workstation (Xeon W) versions less than or equal to 1.70
HP Z4 G4 Workstation (Xeon W) (Linux) versions less than or equal to 1.70
HP Z4 G4 Core-X Workstation versions less than or equal to 1.70
HP Z4 G4 Core-X Workstation (Linux) versions less than or equal to 1.70
HP Z6 G4 Workstation versions less than or equal to 1.71
HP Z6 G4 Workstation (Linux) versions less than or equal to 1.71
HP Z8 G4 Workstation versions less than or equal to 1.71
HP Z8 G4 Workstation (Linux) versions less than or equal to 1.71
Fixed version(s)
HP Z4 G4 Workstation (Xeon W) versions greater than or equal to 1.70
HP Z4 G4 Workstation (Xeon W) (Linux) versions greater than or equal to 1.70
HP Z4 G4 Core-X Workstation versions greater than or equal to 1.70
HP Z4 G4 Core-X Workstation (Linux) versions greater than or equal to 1.70
HP Z6 G4 Workstation versions greater than or equal to 1.71
HP Z6 G4 Workstation (Linux) versions greater than or equal to 1.71
HP Z8 G4 Workstation versions greater than or equal to 1.71
HP Z8 G4 Workstation (Linux) versions greater than or equal to 1.71
Proof of concept
Unknown
Description
HP has identified a security vulnerability with some versions of Workstation BIOS (UEFI Firmware) where the runtime BIOS code could be tampered with if the TPM is disabled. The impacted Workstations ship with TPM enabled by default, except in certain geographic regions where TPM is required to be disabled.
Technical details
Unknown
Credits
Unknown
Reference(s)
HPSBHF03614 rev. 1 – Processor Registers Left Unlocked When TPM is Disabled
https://support.hp.com/us-en/document/c06318199
CVE-2019-6321
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6321
CVE-2019-6321
https://nvd.nist.gov/vuln/detail/CVE-2019-6321
CVE-2019-6322
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6322
CVE-2019-6322
https://nvd.nist.gov/vuln/detail/CVE-2019-6322
If there is any error in this alert or you wish a comprehensive analysis, let us know.
Last modified: June 3, 2019