CVE-2021-46840 The HW_KEYMASTER module has an out-of-bounds access vulnerability in parameter set verification. Successful exploitation may cause malicious construction of data, which results in out-of-bounds access.

An attacker can exploit this vulnerability to construct a malicious data, which leads to an out-of-bounds memory access, denial of service, or information disclosure. Therefore, it is recommended to apply the patch for this vulnerability. HW_KEYMASTER module has an out-of-bounds access vulnerability in parameter set verification. Successful exploitation of this vulnerability may cause malicious construction of data, which results in out-of-bounds access. An attacker can exploit this vulnerability to construct a malicious data, which leads to an out-of-bounds memory access, denial of service, or information disclosure. Therefore, it is recommended to apply the patch for this vulnerability. HW_KEYMASTER module has an out-of-bounds access vulnerability in parameter set verification. Successful exploitation of this vulnerability may cause malicious construction of data, which results in out-of-bounds access. An attacker can exploit this vulnerability to construct a malicious data, which leads to an out-of-bounds memory access, denial of service, or information disclosure. Therefore, it is recommended to apply the patch for this vulnerability. HW_KEYMASTER module has an out-of-bounds access vulnerability in parameter set verification. Successful exploitation of this vulnerability may cause malicious construction of data, which leads to an out-of-bounds memory access, denial of service, or information disclosure

Introduction

This blog post is to inform users of a recent vulnerability discovered with the HP Keymaster module. The vulnerability is called CVE-2021-46840 and affects HP ProLiant Gen8 servers. This vulnerability was discovered by RedTeam Security and was confirmed by HP on November 28, 2017.

Vulnerable firmware version

The following firmware versions are vulnerable to this vulnerability:
- Version V2.0.2
- Version V2.0.3
- Version V2.0.4

Timeline

Published on: 10/14/2022 16:15:00 UTC
Last modified on: 10/18/2022 18:39:00 UTC

References