CVE-2023-6138 - Vulnerability Details

A potential security vulnerability has been identified in the system BIOS for certain HP Workstation PCs, which might allow escalation of privilege, arbitrary code execution, or denial of service. HP is releasing mitigation for the potential vulnerability.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Changed

Confidentiality Impact None

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00045.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Hp	Z440 Workstation Z440 Workstation Firmware Z640 Workstation Z640 Workstation Firmware Z840 Workstation Z840 Workstation Firmware

Configuration 1 [-]

AND

cpe:2.3:o:hp:z440_workstation_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:z440_workstation:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:hp:z640_workstation_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:z640_workstation:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:hp:z840_workstation_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:z840_workstation:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://support.hp.com/us-en/document/ish_10167884-10167908-16/hpsbhf03915

History

Mon, 22 Dec 2025 18:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Hp Hp z440 Workstation Hp z440 Workstation Firmware Hp z640 Workstation Hp z640 Workstation Firmware Hp z840 Workstation Hp z840 Workstation Firmware
Weaknesses		NVD-CWE-noinfo
CPEs		cpe:2.3:h:hp:z440_workstation:-:::::::* cpe:2.3:h:hp:z640_workstation:-:::::::* cpe:2.3:h:hp:z840_workstation:-:::::::* cpe:2.3:o:hp:z440_workstation_firmware:::::::: cpe:2.3:o:hp:z640_workstation_firmware:::::::: cpe:2.3:o:hp:z840_workstation_firmware::::::::
Vendors & Products		Hp Hp z440 Workstation Hp z440 Workstation Firmware Hp z640 Workstation Hp z640 Workstation Firmware Hp z840 Workstation Hp z840 Workstation Firmware

Thu, 21 Nov 2024 22:15:00 +0000

Type	Values Removed	Values Added
Metrics		cvssV3_1 `{'score': 7.9, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:H'}` ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: hp

Published: 2024-02-14T22:12:16.966Z

Updated: 2024-11-21T21:37:16.403Z

Reserved: 2023-11-14T22:47:24.126Z

Link: CVE-2023-6138

Vulnrichment

Updated: 2024-08-02T08:21:17.709Z

NVD

Status : Analyzed

Published: 2024-02-14T23:15:08.093

Modified: 2025-12-22T18:28:02.000

Link: CVE-2023-6138

Redhat

No data.

OpenCVE Enrichment

No data.

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Changed

Confidentiality Impact None

Integrity Impact High

Availability Impact High

User Interaction None

Exploitation none

Automatable no

Technical Impact partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object

JSON object