HPSBHF03601 修訂版 4 - 透過 Intel 智慧型音效技術驅動程式執行任意程式碼

潛在安全性影響：

提升權限

來源：HP、HP 產品安全性回應小組 (PSRT)

報告者：Intel

弱點摘要

HP 已獲知 Intel 智慧型音效技術驅動程式模組 9.21.00.354 版之前的版本存在潛在的安全性漏洞。

這些漏洞可能會讓本機攻擊者以管理員的身分透過非分頁集區溢位、緩衝區溢位或系統呼叫執行任意程式碼。

參考編號

CVE-2018-3666、CVE-2018-3670、CVE-2018-3672、 INTEL-SA-00163（英文）、PSR-2019-0010

獲支援軟件版本*：僅列出受影響版本。

有關受影響的產品，請參閱「解決方案」部分。

背景

如需此安全性公告的 PGP 簽署版本，請傳送電子郵件至：hp-security-alert@hp.com

CVSS 3.0 基本指標

參考	基本向量	基本評分
CVE-2018-3666	CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H	7.5
CVE-2018-3670	CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H	7.5
CVE-2018-3672	CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H	7.5

解決方案

HP 建議您將系統保持使用最新版韌體及驅動程式。

商用電腦

產品名稱	更新的版本	Softpaq #	Softpaq 連結
HP Elite x2 1012 G1	10.0.3690.118.Q.50	SP94989	https://ftp.hp.com/pub/softpaq/sp94501-95000/sp94989.exe
HP Elite x2 1012 G2	10.0.3690.118.Q.50	SP94989	https://ftp.hp.com/pub/softpaq/sp94501-95000/sp94989.exe
HP Elite x2 1013 G3	12.37.1.102.Q.5	SP95015	https://ftp.hp.com/pub/softpaq/sp95001-95500/sp95015.exe
HP EliteBook 1030 G1	10.0.3690.118.Q.50	SP94989	https://ftp.hp.com/pub/softpaq/sp94501-95000/sp94989.exe
HP EliteBook 1040 G4	11.27.3690.134.Q.5	SP95006	https://ftp.hp.com/pub/softpaq/sp95001-95500/sp95006.exe
HP EliteBook 820 G3	10.0.3690.118.Q.50	SP94989	https://ftp.hp.com/pub/softpaq/sp94501-95000/sp94989.exe
HP EliteBook 820/828 G4	11.27.3690.134.Q.5	SP95006	https://ftp.hp.com/pub/softpaq/sp95001-95500/sp95006.exe
HP EliteBook 830 G5	12.37.1.102.Q.5	SP95015	https://ftp.hp.com/pub/softpaq/sp95001-95500/sp95015.exe
HP EliteBook 840 G3	10.0.3690.118.Q.50	SP94989	https://ftp.hp.com/pub/softpaq/sp94501-95000/sp94989.exe
HP EliteBook 840 G5	12.37.1.102.Q.5	SP95015	https://ftp.hp.com/pub/softpaq/sp95001-95500/sp95015.exe
HP EliteBook 840 G5 HC 版本	12.37.1.102.Q.5	SP95015	https://ftp.hp.com/pub/softpaq/sp95001-95500/sp95015.exe
HP EliteBook 840/848 G4	11.27.3690.134.Q.5	SP95006	https://ftp.hp.com/pub/softpaq/sp95001-95500/sp95006.exe
HP EliteBook 840r G4	11.27.3690.134.Q.5	SP95006	https://ftp.hp.com/pub/softpaq/sp95001-95500/sp95006.exe
HP EliteBook 850 G3	10.0.3690.118.Q.50	SP94989	https://ftp.hp.com/pub/softpaq/sp94501-95000/sp94989.exe
HP EliteBook 850 G4	11.27.3690.134.Q.5	SP95006	https://ftp.hp.com/pub/softpaq/sp95001-95500/sp95006.exe
HP EliteBook 850 G5	12.37.1.102.Q.5	SP95015	https://ftp.hp.com/pub/softpaq/sp95001-95500/sp95015.exe
HP EliteBook Folio 1040 G3	10.0.3690.118.Q.50	SP94989	https://ftp.hp.com/pub/softpaq/sp94501-95000/sp94989.exe
HP EliteBook Folio G1	10.0.3690.118.Q.50	SP94989	https://ftp.hp.com/pub/softpaq/sp94501-95000/sp94989.exe
HP EliteBook x360 1020 G2	11.49.3690.124.Q.5	SP92177	https://ftp.hp.com/pub/softpaq/sp92001-92500/sp92177.exe
HP EliteBook x360 1030 G2	11.27.3690.134.Q.5	SP95006	https://ftp.hp.com/pub/softpaq/sp95001-95500/sp95006.exe
HP EliteBook x360 1030 G3	12.37.1.102.Q.5	SP95015	https://ftp.hp.com/pub/softpaq/sp95001-95500/sp95015.exe
HP Engage Go 行動系統	9.21.00.3690	SP91512	https://ftp.hp.com/pub/softpaq/sp91501-92000/sp91512.exe
HP mt21 行動精簡型電腦	9.0.216.0	SP92290	https://ftp.hp.com/pub/softpaq/sp92001-92500/sp92290.exe
HP Pro x2 612 G2	11.27.3690.134.Q.5	SP95006	https://ftp.hp.com/pub/softpaq/sp95001-95500/sp95006.exe
HP Pro X2 612 G2 零售解決方案，含零售保護殼	11.27.3690.134.Q.5	SP95006	https://ftp.hp.com/pub/softpaq/sp95001-95500/sp95006.exe
HP ProBook 430 G3	10.0.3690.118.Q.50	SP94989	https://ftp.hp.com/pub/softpaq/sp94501-95000/sp94989.exe
HP ProBook 430 G4	11.27.3690.134.Q.5	SP95006	https://ftp.hp.com/pub/softpaq/sp95001-95500/sp95006.exe
HP ProBook 430 G5	12.37.1.102.Q.5	SP95015	https://ftp.hp.com/pub/softpaq/sp95001-95500/sp95015.exe
HP ProBook 440 G3	10.0.3690.118.Q.50	SP94989	https://ftp.hp.com/pub/softpaq/sp94501-95000/sp94989.exe
HP ProBook 440 G4	11.27.3690.134.Q.5	SP95006	https://ftp.hp.com/pub/softpaq/sp95001-95500/sp95006.exe
HP ProBook 440 G5	12.37.1.102.Q.5	SP95015	https://ftp.hp.com/pub/softpaq/sp95001-95500/sp95015.exe
HP ProBook 450 G3	10.0.3690.118.Q.50	SP94989	https://ftp.hp.com/pub/softpaq/sp94501-95000/sp94989.exe
HP ProBook 450 G4	11.27.3690.134.Q.5	SP95006	https://ftp.hp.com/pub/softpaq/sp95001-95500/sp95006.exe
HP ProBook 450 G5	12.37.1.102.Q.5	SP95015	https://ftp.hp.com/pub/softpaq/sp95001-95500/sp95015.exe
HP ProBook 470 G3	10.0.3690.118.Q.50	SP94989	https://ftp.hp.com/pub/softpaq/sp94501-95000/sp94989.exe
HP ProBook 470 G4	11.27.3690.134.Q.5	SP95006	https://ftp.hp.com/pub/softpaq/sp95001-95500/sp95006.exe
HP ProBook 470 G5	12.37.1.102.Q.5	SP95015	https://ftp.hp.com/pub/softpaq/sp95001-95500/sp95015.exe
HP ProBook 640 G2	10.0.3690.118.Q.50	SP94989	https://ftp.hp.com/pub/softpaq/sp94501-95000/sp94989.exe
HP ProBook 640 G3	11.27.3690.134.Q.5	SP95006	https://ftp.hp.com/pub/softpaq/sp95001-95500/sp95006.exe
HP ProBook 640 G4	12.37.1.102.Q.5	SP95015	https://ftp.hp.com/pub/softpaq/sp95001-95500/sp95015.exe
HP ProBook 650 G2	10.0.3690.118.Q.50	SP94989	https://ftp.hp.com/pub/softpaq/sp94501-95000/sp94989.exe
HP ProBook 650 G3	11.27.3690.134.Q.5	SP95006	https://ftp.hp.com/pub/softpaq/sp95001-95500/sp95006.exe
HP ProBook 650 G4	12.37.1.102.Q.5	SP95015	https://ftp.hp.com/pub/softpaq/sp95001-95500/sp95015.exe
HP ProBook x360 440 G1	11.49.3690.124.Q.5	SP95015	https://ftp.hp.com/pub/softpaq/sp95001-95500/sp95015.exe
HP ZBook 14u G4	11.27.3690.134.Q.5	SP95006	https://ftp.hp.com/pub/softpaq/sp95001-95500/sp95006.exe
HP ZBook 14u G5	12.37.1.102.Q.5	SP95015	https://ftp.hp.com/pub/softpaq/sp95001-95500/sp95015.exe
HP ZBook 15 G3	10.0.3690.118.Q.50	SP94989	https://ftp.hp.com/pub/softpaq/sp94501-95000/sp94989.exe
HP ZBook 15 G4	11.27.3690.134.Q.5	SP95006	https://ftp.hp.com/pub/softpaq/sp95001-95500/sp95006.exe
HP ZBook 15u G3	10.0.3690.118.Q.50	SP94989	https://ftp.hp.com/pub/softpaq/sp94501-95000/sp94989.exe
HP ZBook 15u G4	11.27.3690.134.Q.5	SP95006	https://ftp.hp.com/pub/softpaq/sp95001-95500/sp95006.exe
HP ZBook 15u G5	12.37.1.102.Q.5	SP95015	https://ftp.hp.com/pub/softpaq/sp95001-95500/sp95015.exe
HP ZBook 17 G3	10.0.3690.118.Q.50	SP94989	https://ftp.hp.com/pub/softpaq/sp94501-95000/sp94989.exe
HP ZBook 17 G4	11.27.3690.134.Q.5	SP95006	https://ftp.hp.com/pub/softpaq/sp95001-95500/sp95006.exe
HP ZBook Studio G3	10.0.3690.118.Q.50	SP94989	https://ftp.hp.com/pub/softpaq/sp94501-95000/sp94989.exe
HP ZBook Studio G4	11.27.3690.134.Q.5	SP95006	https://ftp.hp.com/pub/softpaq/sp95001-95500/sp95006.exe
HP ZBook x2 G4	11.27.3690.134.Q.5	SP95006	https://ftp.hp.com/pub/softpaq/sp95001-95500/sp95006.exe
HP ZHAN 66 Pro G1	12.37.1.102.Q.5	SP95015	https://ftp.hp.com/pub/softpaq/sp95001-95500/sp95015.exe

消費型電腦

產品名稱	更新的版本	Softpaq #	Softpaq 連結
HP ENVY 13-ad001 - 13-ad099	6.0.1.8569	SP93113	https://ftp.hp.com/pub/softpaq/sp93001-93500/sp93113.exe
HP ENVY 13-ad100 - 13-ad199	6.0.1.8569	SP93113	https://ftp.hp.com/pub/softpaq/sp93001-93500/sp93113.exe
HP ENVY 13-ah1000 - 13-ah1999	6.0.1.8544	SP92549	https://ftp.hp.com/pub/softpaq/sp92501-93000/sp92549.exe
HP ENVY 13-ah1000 - 13-ah1999	6.0.1.8515	SP91852	https://ftp.hp.com/pub/softpaq/sp91501-92000/sp91852.exe
HP ENVY 17m-ae001 - 17m-ae099	6.0.1.8569	SP93113	https://ftp.hp.com/pub/softpaq/sp93001-93500/sp93113.exe
HP ENVY 17m-ae100 - 17m-ae199	6.0.1.8569	SP93113	https://ftp.hp.com/pub/softpaq/sp93001-93500/sp93113.exe
HP ENVY 17t-bw0000	6.0.1.8509	SP91517	https://ftp.hp.com/pub/softpaq/sp91501-92000/sp91517.exe
HP ENVY x360 13-ab001 - 13-ab099	6.0.1.8569	SP93113	https://ftp.hp.com/pub/softpaq/sp93001-93500/sp93113.exe
HP ENVY x360 13t-ab000 (CTO)	6.0.1.8569	SP93113	https://ftp.hp.com/pub/softpaq/sp93001-93500/sp93113.exe
HP ENVY x360 15-bp0xx (ROW)	6.0.1.8393	SP87889	https://ftp.hp.com/pub/softpaq/sp82501-83000/sp82752.exe
HP ENVY x360 15-bp1xx (ROW)	6.0.1.8393	SP87889	https://ftp.hp.com/pub/softpaq/sp82501-83000/sp82752.exe
HP ENVY x360 15m-bp1xx (BBY)	6.0.1.8393	SP87889	https://ftp.hp.com/pub/softpaq/sp82501-83000/sp82752.exe
HP ENVY x360 15m-cn0xxxx	6.0.1.8509	SP91517	https://ftp.hp.com/pub/softpaq/sp91501-92000/sp91517.exe
HP ENVY x360 15m-cn1xxx	6.0.1.8509	SP91517	https://ftp.hp.com/pub/softpaq/sp91501-92000/sp91517.exe
HP ENVY x360 m6-bp0xx (BBY)	6.0.1.8393	SP87889	https://ftp.hp.com/pub/softpaq/sp82501-83000/sp82752.exe
HP Pavilion 15-cs0000 - 15-cs0999	6.0.1.8515	SP91852	https://ftp.hp.com/pub/softpaq/sp91501-92000/sp91852.exe
HP Pavilion 15-cu0000 - 15-cu0999	6.0.1.8515	SP91852	https://ftp.hp.com/pub/softpaq/sp91501-92000/sp91852.exe
HP Spectre 13-ab000 - 13-ab099	6.0.1.8536	SP92752	https://ftp.hp.com/pub/softpaq/sp92501-93000/sp92752.exe
HP Spectre 13-ae0xx	6.0.1.8536	SP92752	https://ftp.hp.com/pub/softpaq/sp92501-93000/sp92752.exe
HP Spectre 13-af0xx	6.0.1.8510	SP92017	https://ftp.hp.com/pub/softpaq/sp92001-92500/sp92017.exe
HP Spectre 13-af1xx	6.0.1.8510	SP92017	https://ftp.hp.com/pub/softpaq/sp92001-92500/sp92017.exe
HP Spectre 15-bl000 - 15-bl099	6.0.1.8536	SP92752	https://ftp.hp.com/pub/softpaq/sp92501-93000/sp92752.exe
HP Spectre 15-ch0xx	6.0.1.8536	SP92752	https://ftp.hp.com/pub/softpaq/sp92501-93000/sp92752.exe
HP Spectre x2 12-c000 - 12c-c099	6.0.1.8544	SP92527	https://ftp.hp.com/pub/softpaq/sp92501-93000/sp92752.exe
HP Spectre x360 13-w000 - 13-w099	6.0.1.8536	SP92752	https://ftp.hp.com/pub/softpaq/sp92501-93000/sp92752.exe

協力廠商安全性修正程式：應根據客戶的修正程式管理原則，套用要在執行 HP 軟體產品的系統上安裝的協力廠商安全性修正程式。

支援：如有實施此安全性公告建議的相關問題，請造訪 https://www.hp.com/go/contacthp 以瞭解有關 HP 支援選項的資訊。

報告：若要報告任何 HP 支援產品的潛在安全性漏洞，請傳送電子郵件至： hp-security-alert@hp.com。

訂閱：若要開始訂閱以便透過電子郵件接收日後發佈的「HP Security 公告」警示，請造訪 https://www.hp.com/go/alerts。

安全性公告歸檔：若要檢視發行的安全性公告，請搜尋 HP 支援網站的「安全性公告」。

軟體產品類別：標題中的「軟體產品類別」以 HPSB 之後的兩個字元表示。

PI	HP 列印和影像處理
HF	HP 硬體和韌體
GN	HP 通用軟體

強烈建議使用 PGP，將提供給 HP 的安全性相關資訊加密，尤其是重要資訊。

若要取得安全性警示 PGP 金鑰，請傳送如下的電子郵件訊息：

收件者： hp-security-alert@hp.com

主旨：取得金鑰

您必須時常檢視系統管理及安全措施，以維持系統穩定。為了提供客戶最新、最安全的解決方案，HP 將會持續檢視並加強軟體產品的安全性。

"我們亦將廣為流傳此 Security Bulletin，以使受影響的 HP 產品用戶更加注意本文所列的重要保安資訊。 HP 建議所有用戶自行根據實際情況判斷這些資訊的適用性，並且採取適當的措施。 HP 並不保證這些資訊的精確性及完整性適用於所有用戶，因此 HP 對於用戶因採用或忽視本文件內的資訊而造成的損害概不負責。在相關法律所允許之最大範圍內，HP 不承擔任何瑕疵責任擔保，不論其為明示或默示者，其中包括適售性、適合某特定用途以及不侵害他人權益之擔保責任。"

修訂歷程記錄 : 版本 1：2019 年 1 月 18 日首次發佈；版本 2：2019 年 1 月 25 日更新商用電腦系統的 softpaq 和版本資訊；版本 3：2019 年 8 月 30 日將所有商用電腦的項目更換為更新版本和 URL；版本 4：2019 年 10 月 14 日更新消費型電腦的 Softpaq。

支援通訊- SECURITY BULLETIN

HPSBHF03601 修訂版 4 - 透過 Intel 智慧型音效技術驅動程式執行任意程式碼

商用電腦

消費型電腦

其他支援選項

輸入主題，以搜尋我們的知識庫