A potential security vulnerability with pre-boot DMA may allow unauthorized UEFI code execution using open-case attacks. This industry-wide issue requires physically accessing internal expansion slots with specialized hardware and software tools to modify UEFI code in memory. This affects HP Intel-based Business PCs that support Microsoft Windows 10 Kernel DMA protection. Affected versions depend on platform (prior to 01.04.02; or prior to 02.04.01; or prior to 02.04.02).

Related CVEs

CVE-2019-18913

Key Information

GHSA ID

GHSA-55w2-94jr-cc63

Published

May 24, 2022 5:07 PM

Last Modified

May 24, 2022 5:07 PM

CVSS Score

7.5 /10

Primary Ecosystem

Unknown

Primary Package

Unknown

GitHub Reviewed

✗ No

Dataset

Last updated: June 30, 2025 6:26 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.