HPE Security Advisory
Published Date: May 15, 2026
Advisory Summary
HPE has released a critical security bulletin (HPESBHF05041 rev.1) addressing a local arbitrary code execution vulnerability identified as AMD-SB-7054. This issue affects Certain HPE SimpliVity servers equipped with specific AMD EPYC processors. The root cause is an incorrect use of the LocateProtocol service within the EFIBOOTServices table when invoked by the System Management Interrupt (SMI) handler.
This vulnerability could allow a local attacker with access to the system to execute arbitrary code at a privileged level, posing significant risk to system integrity and data security within affected data centers.
HPE urges customers to review the security bulletin carefully and apply recommended patches or mitigations immediately to safeguard against potential exploitation.
This advisory highlights the critical need for continuous firmware and infrastructure component monitoring in environments leveraging AMD EPYC-based HPE SimpliVity solutions.
Reference: Vendor Advisory