HP Printers - Advisory: Meltdown and Spectre CPU Vulnerabilities

ManualsBrandsHP ManualsPrint & ScanCE525A

Version 1.3 Public

Security Advisory

HP Enterprise Printing Communication:

Meltdown & Spectre CPU Vulnerabilities

Jan 17

, 2018 (Revision History)

On January 3

, 2018 Google’s Project Zero and academic institutions announced vulnerabilities in

common CPU platforms. The vulnerabilities impact Intel x86 processors and certain AMD and ARM

processors.

The Spectre and Meltdown vulnerabilities affect microprocessors utilizing speculative execution

and indirect branch prediction. It may allow unauthorized disclosure of information to an attacker

with local user access via a side-channel analysis.

These vulnerabilities could allow a malicious process to read memory of other software

processes. This would require installation of malicious code to perform a successful exploit.

The following security features mitigate loading untrusted or tampered code on HP devices:

o Digital signing of printer firmware and firmware updates

o Digital signing of printer solutions code

o HP SureStart and Secure Boot / ROM based code validation

o Whitelisting and Code Integrity Validation

o Runtime Intrusion Detection

o Run-time Code Integrity that ensures Executable Memory is Write-Protected

For additional information on these security features see the References section

The following HP print devices use x86 and ARM processors that are susceptible to these

vulnerabilities. One or more of the above security features mitigate loading untrusted or

tampered code on these devices.

 HP LaserJet Enterprise printers and multifunction printers

 HP LaserJet Enterprise pre-FutureSmart printers and multifunction printers

 HP LaserJet Pro printers and multifunction printers

 HP PageWide Enterprise printers and multifunction printers

HP Inc.

1501 Page Mill Road

Palo Alto, CA 94304

HP.com

Summary of content (8 pages)

PAGE 1
HP Inc. 1501 Page Mill Road Palo Alto, CA 94304 HP.com Security Advisory HP Enterprise Printing Communication: Meltdown & Spectre CPU Vulnerabilities Jan 17th , 2018 (Revision History) On January 3rd, 2018 Google’s Project Zero and academic institutions announced vulnerabilities in common CPU platforms. The vulnerabilities impact Intel x86 processors and certain AMD and ARM processors.
PAGE 2
 HP PageWide Pro printers and multifunction printers  HP LaserJet Managed multifunction printers  HP PageWide Managed printers and multifunction printers  HP Digital Senders and Document Capture Workstations  HP OfficeJet Pro printers  HP Designjet Series printers  HP PageWide XL Series printers  HP HD / SD Pro Scanners  HP Latex printers For a complete device listing see Appendix A.
PAGE 3
4. Scroll to the bottom of the page and under Other support resources, click Sign up for driver, support & security alerts. 5. Follow the onscreen prompts to sign up for alerts. References o o o o o o Spectre Vulnerability - CVE-2017-5753; CVE-2017-5715 Meltdown Vulnerability - CVE-2017-5754 https://spectreattack.
PAGE 4
HP LaserJet Enterprise printers and multifunction printers HP PageWide Enterprise printers and multifunction printers HP Digital Senders and Document Capture Workstations HP LaserJet Enterprise color flow MFP M575 HP LaserJet Enterprise M506 HP LaserJet Enterprise flow M830z MFP HP Scanjet Enterprise 7000n HP LaserJet Enterprise flow MFP M525 HP Scanjet Enterprise 8500 Doc Capture WS HP LaserJet Enterprise Flow MFP M630 HP ScanJet Enterprise Flow N9120 Doc Scanner HP LaserJet Enterprise Flow MFP M631
PAGE 5
HP LaserJet M15 Printer HP LaserJet Pro printers and multifunction printers HP Color LaserJet Pro MFP M277dw HP LaserJet M16 Printer HP LaserJet Pro M225rdn HP LaserJet MFP M28 Printer HP LaserJet Pro M226dn HP LaserJet MFP M29 Printer HP LaserJet Pro M201 HP Color LaserJet Pro M154 HP LaserJet Pro M202 HP Color LaserJet Pro M254 HP Color LaserJet Pro MFP M176 HP Color LaserJet Pro MFP M180 HP Color LaserJet Pro MFP M177 HP Color LaserJet Pro MFP M181 HP LaserJet Pro MFP M125 HP Color LaserJ
PAGE 6
HP PageWide Pro printers and multifunction printers HP PageWide Managed printers, HP OfficeJet Pro printers HP PageWide Pro 552 Printer HP PageWide Pro 750 HP PageWide Managed P75050 HP PageWide Managed P55250 HP PageWide Pro MFP 772 HP PageWide Pro 577 MFP HP PageWide Managed MFP P77740 HP PageWide MFP P57750 HP PageWide Managed MFP P77750 HP PageWide Pro 577 MFP HP PageWide Managed MFP P77760 HP OfficeJet Pro 8210 HP PageWide Pro 477 MFP HP OfficeJet Pro 8740 HP PageWide 377d MFP HP OfficeJ
PAGE 7
HP Color LaserJet CP3505 HP Color LaserJet CP3525 HP Color LaserJet CP4005 HP Color LaserJet CP6015 HP LaserJet 2400 Printer series HP LaserJet 4345 MFP HP LaserJet 4350 HP LaserJet 5200L HP LaserJet 5200N HP LaserJet 9040 HP LaserJet 9040 MFP HP LaserJet 9050 HP LaserJet 9050 MFP HP LaserJet CM3530 MFP HP LaserJet Enterprise P3015 HP LaserJet M3027 MFP HP LaserJet M3035 MFP HP LaserJet M4345 MFP HP LaserJet M5025 MFP HP LaserJet M5035 MFP HP LaserJet M9040 MFP HP LaserJet M9050 MFP HP LaserJet P3005 HP Las
PAGE 8
1.2 16 – January- 2018 1.1 11 - January - 2018 HP Latex 110 Printer HP Latex 310 Printer HP Latex 330 Printer HP Latex 360 Printer HP Latex 370 Printer HP Latex 115 Printer HP Latex 315 Printer HP Latex 335 Printer HP Latex 365 Printer HP Latex 375 Printer Added Recommended Actions Section Removed PageWide XL 8000/5000/4500/4000 Printers Added PageWide XL Printer Series Initial Version © 2018 HP Development Company, L.P. The information contained herein is subject to change without notice.