CVE-2023-6215

HIGH

HP Sure Start IFD Protection - BIOS Integrity Bypass Code Execution

Title source: manual

Description

A potential security vulnerability has been identified in HP Sure Start’s protection of the Intel Flash Descriptor in certain HP PC products, which might allow security bypass, arbitrary code execution, loss of integrity or confidentiality, or denial of service. HP is releasing BIOS updates to mitigate the potential vulnerability.

References (1)

Core 1

Core References

Various Sources

https://support.hp.com/us-en/document/ish_13064666-13064688-16/hpsbhf04061

Scores

CVSS v4 7.2

EPSS 0.0021

EPSS Percentile 10.5%

CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:L/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-306

Status published

Products (1)

HP, Inc./HP Sure Start IFD Protection See HP security bulletin reference for affected versions

Published Oct 07, 2025

Tracked Since Feb 18, 2026