Pasar al contenido principal
BIOS Vulnerabilities, September 2024

Supermicro is aware of two potential vulnerabilities in the BIOS firmware. These vulnerabilities may allow an attacker to write to SMRAM and hijack the RIP/EIP. They affect Supermicro BIOS for the Denverton platform.

Acknowledgement:

Supermicro would like to acknowledge the work done by a researcher from China, Eason, for discovering potential vulnerabilities in the Supermicro BIOS Firmware.

CVEs:

CVE NumberDescription
Improper conditions check in Intel BIOS platform sample code for some Intel(R) Processors before may allow a privileged user to potentially enable escalation of privilege via local access. An attacker with privileged access can use this vulnerability to write to SMRAM and hijack the RIP/EIP.
An attacker with privileged access can exploit this vulnerability to write to SMRAM and hijack the RIP/EIP; and therefore, can execute arbitrary code in SMM mode. This can allow the attacker to leak the content stored in SMRAM to kernel space.

Affected Products:

Product/MotherboardBIOS Version Containing Fix
A2SDi-H-T(P4)Fv 2.1
A2SDi-HLN4Fv 2.1
A2SDi-TP8F/LN4Fv 2.1
A2SDV-LN8F/LN10PFv 2.1
A2SDV-TLN5Fv 2.1
A2SD1-3750F/3955Fv 2.1

Mitigation:

Supermicro has released BIOS firmware to mitigate these vulnerabilities. Please check the release notes for resolution.

Exploitation and Public Announcement:

Supermicro is not aware of any public announcements or malicious use of the vulnerabilities described in this advisory.