Elevation of privilege
Source: HP, HP Product Security Response Team (PSRT)
Reported by: yngwei (@yngweijw) of IIE VARAS, MengHao, Li of IIE VARAS and driedfish (@d3af1sh) of IIE
A potential security vulnerability has been identified which involves possible execution of arbitrary code during boot services that can result in elevation of privilege. The EFI_BOOT_SERVICES structure might be overwritten by an attacker to execute arbitrary SMM (System Management Mode) code.
HP has identified the affected platforms and target dates for Softpaqs. See the affected platforms listed below.
On affected platforms, enabling Secure Boot mitigates this vulnerability.