Hewlett Packard Enterprise Product Security Vulnerability Alerts
UEFI Secure Boot Evasion Vulnerability aka BootHole Vulnerability (CVE-2020-10713, CVE-2020-15705)
Version 4.0 : Last Updated: September 4, 2020
This website is updated frequently, as new product information becomes available.
On July 29th, a researcher disclosed a vulnerability in Linux GRUB2 bootloaders called “BootHole” (CVE-2020-10713, CVE-2020-15705). A system is vulnerable to the BootHole issue when a signed GRUB2 bootloader with the vulnerable code is permitted to execute by the UEFI Allowed Signature Database (DB). The vulnerability can lead to circumventing the Secure Boot process, on systems where Secure Boot is enabled.
To prevent this vulnerability, an updated GRUB2 and an updated Forbidden Signature Database (DBX) are being made available from relevant OS vendors, and must be applied to the system. Impacted HPE products will also have updates that align with these GRUB2 and DBX updates.
Additionally, there is a similar vulnerability mentioned in the BootHole disclosure and HPE is addressing this issue, which has been assigned CVE-2020-7205.
HPE Resources- HPE Security Bulletin hpesbhf04019 (Compute Platforms)
- HPE Security Bulletin hpesbhf04022 (Superdome Flex Servers)
- HPE Security Bulletin hpesbhf04020 (CVE-2020-7205)
- HPE Customer Advisory For Linux Vendor Patches
- HPE Customer Bulletin for Intelligent Provisioning (IP)
- HPE Customer Bulletin for Service Pack for ProLiant (SPP)
- HPE Customer Bulletin for Synergy Custom SPP
- HPE Customer Bulletin for Scripting Toolkit for Linux (STK)
- HPE Customer Bulletin for VMware Upgrade Pack (VUP)
- HPE Customer Advisory for Linux "No Boot" Condition
- HPE Customer Notice for GRUB2 Vulnerability (aka BootHole)
- HPE Customer Bulletin for Secure Boot DBX Updater Utilities
- HPE Vulnerability Homepage
- HPE Support Center
- Eclypsium Statement- BootHole
- Red Hat Vulnerabilities
- SUSE CVE Database
- Ubuntu Security Notice
- Canonical
- Microsoft Security Advisory
- VMware Security Advisory
Disclaimer: One or more of the links above will take you outside the HPE website. HPE is not responsible for content outside of its domain.
Usage Instructions and Definitions for CVE Vulnerability Information |
|
Data |
Definition |
Product Category |
High-level product description. |
Product Sub-Category |
Medium-level product description. |
Product Name |
Detailed product description. |
|
|
(Impacted) |
Indicates whether the specific product is affected by the cited vulnerability. |
|
|
If Impacted - Mitigation or |
Information regarding how to address a vulnerability. |
Under Investigation |
|
Link(s) to security bulletin (Vendor) |
Link to Vendor's Security Bulletin. |
Use the following table to find vulnerability information by entering the name of the product (e.g. ML350) in the search box.
Sub
Category |
Product
Name |
Impacted
(Y/N/Under Investigation) |
Mitigation
/ Notes |
HPE
Support Documentation |
Other
Support Documentation (Vendor/HPE) |
|
Cloudline |
Cloudline |
HPE
Cloudline CL2100 Gen10 Server |
Yes |
|
|
|
Cloudline |
Cloudline |
HPE
Cloudline CL2200 Gen10 Server |
Yes |
|
|
|
Cloudline |
Cloudline |
HPE
Cloudline CL2600 Gen10 Server |
Yes |
|
|
|
Cloudline |
Cloudline |
HPE
Cloudline CL2800 Gen10 Server |
Yes |
|
|
|
Cloudline |
Cloudline |
HPE
Cloudline CL3100 Gen10 Server |
Yes |
|
|
|
Cloudline |
Cloudline |
HPE
Cloudline CL3150 Gen10 Server (AMD) |
Yes |
|
|
|
Cloudline |
Cloudline |
HPE
Cloudline CL4100 Gen10 Server |
Yes |
|
|
|
Cloudline |
Cloudline |
HPE
Cloudline CL5800 Gen10 Server |
Yes |
|
|
|
Cloudline |
Cloudline |
HPE
Cloudline CL3100 Gen9 Server |
Yes |
|
|
|
Cloudline |
Cloudline |
HPE
Cloudline CL5200 Gen9 Server |
Yes |
|
|
|
Cloudline |
Cloudline |
HPE
Cloudline CL5800 Gen9 Server |
Yes |
|
|
|
MCS
Servers |
MCS
Servers |
Superdome
Flex |
Yes |
|
|
|
MCS
Servers |
MCS
Servers |
Integrity
Superdome X |
No |
|
|
|
MCS
Servers |
MCS
Servers |
Integrity
MC990 X |
No |
|
|
|
MCS
Servers |
MCS
Servers |
Integrity
Superdome 2 |
No |
|
|
|
MCS
Servers |
MCS
Servers |
Integrity
rx2800 |
No |
|
|
|
MCS
Servers |
MCS
Servers |
Integrity
BL860c, BL870c, BL890c |
No |
|
|
|
MCS
Servers |
SGI |
SGI
UV300 |
No |
|
|
|
MCS
Servers |
SGI |
SGI
UV3000 |
No |
|
|
|
MCS
Servers |
SGI |
SGI
UV2000 |
No |
|
|
|
NonStop |
NonStop |
HPE
NonStop Servers |
No |
|
|
|
NonStop |
NonStop |
HPE
NonStop Virtual TapeServer
(VTS) |
Yes |
VTS
is affected in Linux 6 (module patch) |
||
Platform
Software |
Intelligent
Provisioning |
HPE Intelligent Provisioning Gen8 |
Yes |
Refer
to the Customer Bulletin for more details |
||
Platform
Software |
Intelligent
Provisioning |
HPE Intelligent Provisioning Gen9 |
Yes |
Refer
to the Customer Bulletin for more details |
||
Platform
Software |
Intelligent
Provisioning |
HPE Intelligent Provisioning Gen10 |
Yes |
Refer
to the Customer Bulletin for more details |
||
Platform
Software |
Intelligent
Provisioning |
HPE Intelligent Provisioning Gen10 Plus |
Yes |
Refer
to the Customer Bulletin for more details |
||
Platform
Software |
SPP |
HPE
Service Pack for ProLiant Gen8 |
Yes |
Refer
to the Customer Bulletin for more details |
||
Platform
Software |
SPP |
HPE
Service Pack for ProLiant Gen9 |
Yes |
Refer
to the Customer Bulletin for more details |
||
Platform
Software |
SPP |
HPE
Service Pack for ProLiant Gen10 |
Yes |
Refer
to the Customer Bulletin for more details |
||
Platform
Software |
SPP |
HPE
Service Pack for ProLiant Gen10 Plus |
Yes |
Refer
to the Customer Bulletin for more details |
||
Platform
Software |
SmartStart |
HPE SmartStart Scripting Toolkit Software |
Yes |
Refer
to the Customer Bulletin for more details |
||
Servers |
Apollo |
HPE
Apollo 4200 Gen10 Server |
Yes |
|
|
|
Servers |
Apollo |
HPE
Apollo 4200 Gen9 Server |
Yes |
|
|
|
Servers |
Apollo |
HPE
Apollo 2000 Gen10 Plus System |
Yes |
|
|
|
Servers |
ProLiant |
HPE
ProLiant DL325 Gen10 Plus server |
Yes |
|
|
|
Servers |
ProLiant |
HPE
ProLiant DL385 Gen10 Plus server |
Yes |
|
|
|
Servers |
ProLiant |
HPE
ProLiant DX385 Gen10 Plus server |
Yes |
|
|
|
Servers |
ProLiant |
HPE
ProLiant MicroServer Gen10 Plus |
Yes |
|
|
|
Servers |
ProLiant |
HPE
ProLiant XL220n Gen10 Plus Server |
Yes |
|
|
|
Servers |
ProLiant |
HPE
ProLiant XL290n Gen10 Plus Server |
Yes |
|
|
|
Servers |
ProLiant |
HPE
ProLiant XL925g Gen10 Plus 1U 4 |
Yes |
|
|
|
Servers |
ProLiant |
HPE
ProLiant BL460c Gen10 Server Blade |
Yes |
|
|
|
Servers |
ProLiant |
HPE
ProLiant DL20 Gen10 Server |
Yes |
|
|
|
Servers |
ProLiant |
HPE
ProLiant DL120 Gen10 Server |
Yes |
|
|
|
Servers |
ProLiant |
HPE
ProLiant DL160 Gen10 Server |
Yes |
|
|
|
Servers |
ProLiant |
HPE
ProLiant DL180 Gen10 Server |
Yes |
|
|
|
Servers |
ProLiant |
HPE
ProLiant DL325 Gen10 Server |
Yes |
|
|
|
Servers |
ProLiant |
HPE
ProLiant DL360 Gen10 Server |
Yes |
|
|
|
Servers |
ProLiant |
HPE
ProLiant DL380 Gen10 Server |
Yes |
|
|
|
Servers |
ProLiant |
HPE
ProLiant DL385 Gen10 Server |
Yes |
|
|
|
Servers |
ProLiant |
HPE
ProLiant DL560 Gen10 Server |
Yes |
|
|
|
Servers |
ProLiant |
HPE
ProLiant DL580 Gen10 Server |
Yes |
|
|
|
Servers |
ProLiant |
HPE
ProLiant MicroServer Gen10 |
Yes |
|
|
|
Servers |
ProLiant |
HPE
ProLiant ML30 Gen10 Server |
Yes |
|
|
|
Servers |
ProLiant |
HPE
ProLiant ML110 Gen10 Server |
Yes |
|
|
|
Servers |
ProLiant |
HPE
ProLiant ML350 Gen10 Server |
Yes |
|
|
|
Servers |
ProLiant |
HPE
ProLiant XL170r Gen10 Server |
Yes |
|
|
|
Servers |
ProLiant |
HPE
ProLiant XL190r Gen10 Server |
Yes |
|
|
|
Servers |
ProLiant |
HPE
ProLiant XL230k Gen10 Server |
Yes |
|
|
|
Servers |
ProLiant |
HPE
ProLiant XL270d Gen10 Server |
Yes |
|
|
|
Servers |
ProLiant |
HPE
ProLiant XL450 Gen10 Server |
Yes |
|
|
|
Servers |
ProLiant |
HPE
ProLiant BL460c Gen9 Server Blade |
Yes |
|
|
|
Servers |
ProLiant |
HPE
ProLiant BL660c Gen9 Server |
Yes |
|
|
|
Servers |
ProLiant |
HPE
ProLiant DL20 Gen9 Server |
Yes |
|
|
|
Servers |
ProLiant |
HPE
ProLiant DL60 Gen9 Server |
Yes |
|
|
|
Servers |
ProLiant |
HPE
ProLiant DL80 Gen9 Server |
Yes |
|
|
|
Servers |
ProLiant |
HPE
ProLiant DL120 Gen9 Server |
Yes |
|
|
|
Servers |
ProLiant |
HPE
ProLiant DL160 Gen9 Server |
Yes |
|
|
|
Servers |
ProLiant |
HPE
ProLiant DL180 Gen9 Server |
Yes |
|
|
|
Servers |
ProLiant |
HPE
ProLiant DL360 Gen9 Server |
Yes |
|
|
|
Servers |
ProLiant |
HPE
ProLiant DL380 Gen9 Server |
Yes |
|
|
|
Servers |
ProLiant |
HPE
ProLiant DL560 Gen9 Server |
Yes |
|
|
|
Servers |
ProLiant |
HPE
ProLiant DL580 Gen9 Server |
Yes |
|
|
|
Servers |
ProLiant |
HPE
ProLiant ML10 Gen9 Server |
Yes |
|
|
|
Servers |
ProLiant |
HPE
ProLiant ML30 Gen9 Server |
Yes |
|
|
|
Servers |
ProLiant |
HPE
ProLiant ML110 Gen9 Server |
Yes |
|
|
|
Servers |
ProLiant |
HPE
ProLiant ML150 Gen9 Server |
Yes |
|
|
|
Servers |
ProLiant |
HPE
ProLiant ML350 Gen9 Server |
Yes |
|
|
|
Servers |
ProLiant |
HPE
ProLiant XL170r Gen9 Server |
Yes |
|
|
|
Servers |
ProLiant |
HPE
ProLiant XL190r Gen9 Server |
Yes |
|
|
|
Servers |
ProLiant |
HPE
ProLiant XL230a Gen9 Server |
Yes |
|
|
|
Servers |
ProLiant |
HPE
ProLiant XL250a Gen9 Server |
Yes |
|
|
|
Servers |
ProLiant |
HPE
ProLiant XL260a Gen9 Server |
Yes |
|
|
|
Servers |
ProLiant |
HPE
ProLiant XL270d Gen9 Special Server |
Yes |
|
|
|
Servers |
ProLiant |
HPE
ProLiant XL450 Gen9 Server |
Yes |
|
|
|
Servers |
ProLiant |
HPE
ProLiant XL730f Gen9 Server |
Yes |
|
|
|
Servers |
ProLiant |
HPE
ProLiant XL740f Gen9 Server |
Yes |
|
|
|
Servers |
ProLiant |
HPE
ProLiant XL750f Gen9 Server |
Yes |
|
|
|
Servers |
ProLiant |
HPE
ProLiant WS460c Gen9 Graphics Server Blade |
Yes |
|
|
|
Servers |
ProLiant |
ProLiant
SE2160w Gen9 Server |
Yes |
|
|
|
Servers |
ProLiant |
HP
ProLiant DL580 Gen8 Server |
Yes |
|
|
|
Servers |
ProLiant |
HPE
ProLiant m710x Server Blade |
Yes |
|
|
|
Servers |
ProLiant |
HPE
ProLiant m710x-L Server Blade |
Yes |
|
|
|
Servers |
ProLiant |
HPE
ProLiant m510 Server Blade |
Yes |
|
|
|
Servers |
ProLiant |
HPE
ProLiant m750 Server Blade |
Yes |
|
|
|
Servers |
ProLiant |
HPE
ProLiant e910 Server Blade |
Yes |
|
|
|
Servers |
ProLiant |
HPE
ProLiant e910t Server Blade |
Yes |
|
|
|
Storage |
StoreOnce |
HPE
StoreOnce |
Yes |
Impacted
but not vulnerable |
|
|
Storage |
3PAR |
HPE
3PAR Storage |
Yes |
Impacted
but not vulnerable |
|
|
Storage |
SimpliVity |
HPE
SimpliVity 380 Gen9 Nodes |
No |
|
|
|
Storage |
Primera |
HPE
Primera Storage |
Yes |
Impacted
but not vulnerable |
|
|
Storage |
SimpliVity |
HPE
SimpliVity 380 Gen10 Nodes |
Yes |
Impacted
but not vulnerable |
|
|
Storage |
SimpliVity |
HPE
SimpliVity 2600 Gen10 Nodes |
Yes |
Impacted
but not vulnerable |
|
|
Storage |
SimpliVity |
SimpliVity OmniCube |
No |
|
|
|
Storage |
SimpliVity |
SimpliVity OmniStack for Cisco |
No |
|
|
|
Storage |
SimpliVity |
SimpliVity OmniStack for Dell |
No |
|
|
|
Storage |
SimpliVity |
SimpliVity OmniStack for Lenovo |
No |
|
|
|
Storage |
SimpliVity |
HPE
SimpliVity 325 Gen10 Nodes |
Yes |
Impacted
but not vulnerable |
|
|
Storage |
StoreEasy |
HPE
StoreEasy 1450, 1460, 1550, 1560, 1650, 1650
Expanded, 1660, 1660 Expanded, 1850, 1860, and 3850 |
Yes |
|
HPE
Security Bulletin hpesbhf04019 |
|
Storage |
StoreEasy |
HPE
Storage File Controller, Storage Performance File Controller, StoreVirtual
3000 File Controller, and 3PAR StoreServ File
Controller v3 |
Yes |
|
HPE
Security Bulletin hpesbhf04019 |
|
Storage |
Nimble |
HPE
Nimble Storage Hybrid Flash Arrays |
Yes |
Impacted
but not vulnerable |
|
|
Storage |
Nimble |
HPE
Nimble Storage All Flash Arrays |
Yes |
Impacted
but not vulnerable |
|
|
Storage |
Nimble |
HPE
Nimble Storage Secondary Flash Arrays |
Yes |
Impacted
but not vulnerable |
|
|
Storage |
3PAR |
HPE
3PAR StoreServ Management Console |
Yes |
Impacted
but not vulnerable |
|
|
Synergy |
Synergy |
HPE
Image Streamer |
No |
|
|
|
Synergy |
Synergy |
HPE
Composer 1 |
No |
|
|
|
Synergy |
Synergy |
HPE
Composer 2 |
Yes |
Impacted
but not vulnerable |
|
|
Synergy |
Synergy |
HPE
Synergy 480 Gen10 Plus Compute Module |
Yes |
|
|
|
Synergy |
Synergy |
HPE
Synergy 480 Gen10 Compute Module |
Yes |
|
|
|
Synergy |
Synergy |
HPE
Synergy 660 Gen10 Compute Module |
Yes |
|
|
|
Synergy |
Synergy |
HPE
Synergy 480 Gen9 Compute Module |
Yes |
|
|
|
Synergy |
Synergy |
HPE
Synergy 620 Gen9 Compute Module |
Yes |
|
|
|
Synergy |
Synergy |
HPE
Synergy 660 Gen9 Compute Module |
Yes |
|
|
|
Platform Software |
VMware |
ESXi 7.0 |
Yes |
|
||
Platform Software |
Linux |
Red Hat Enterprise Linux (RHEL) 7.8 |
Yes |
|
|
|
Platform Software |
Linux |
Red Hat Enterprise Linux (RHEL) 8.2 |
Yes |
|
|
|
Platform Software |
Linux |
CentOS 8.2 |
Yes |
|
|