El Centro de seguridad de Supermicro es la fuente establecida para actualizaciones de seguridad de productos e información de Supermicro, líder mundial en informática empresarial, almacenamiento, redes y tecnología informática ecológica. Nos esforzamos por mejorar continuamente nuestras prácticas de seguridad.
La seguridad de nuestros clientes es una prioridad, por lo que hemos puesto en marcha medidas para salvaguardar el funcionamiento de sus servidores Supermicro y sistemas de almacenamiento. Los servidores y sistemas de almacenamiento, tal y como existen hoy en día, son cada vez más versátiles y a la vez más complejos, por lo que necesitan estar protegidos. Con los actores de amenazas, Supermicro está desarrollando mecanismos de defensa para proteger a los usuarios y clientes y así llevar nuestros conocimientos de seguridad a los más altos de la industria. Supermicro reconoce que los clientes esperan desplegar productos que cumplan con altos estándares de seguridad; por lo tanto, nuestra respuesta está diseñada para el más alto nivel de protección.
Supermicro recomienda seguir las mejores prácticas de seguridad, incluyendo mantener actualizado el sistema operativo y ejecutar las últimas versiones del firmware y de todo el software.
Ciclo de vida de la ciberseguridad Protección de productos
Supermicro ofrece tres productos de servidor fabricados exclusivamente en Estados Unidos. Al centralizar la fabricación en fábricas estadounidenses, se preserva la integridad del sistema. Estos productos "Made in the USA" reducen la posibilidad de intrusiones extranjeras en la ciberseguridad y están disponibles para clientes de todo el mundo. Para obtener más información sobre este programa, visite la página de la solución Made in the USA.
Supermicro gestiona estrictamente las prácticas de ciberseguridad en todo nuestro sistema de cadena de suministro, para incluir un enfoque más amplio "de la cuna a la tumba" para mantener nuestros productos seguros desde el abastecimiento y la producción, pasando por el funcionamiento, hasta el final natural de la vida útil.
Las mejores prácticas de Supermicro están diseñadas para cumplir los requisitos de seguridad de sus productos, que están respaldados por una amplia funcionalidad y características de seguridad. Estas características garantizan a los clientes que los productos de Supermicro cumplen los estándares de seguridad del sector.
Última actualización:
Supermicro concede la máxima importancia a la seguridad de su centro de datos. Supermicro proporciona una lista de estándares y especificaciones para las familias de servidores y sistemas de almacenamiento X14/H14 recientemente lanzados, así como X13/H13 y X12/H12. Estas capacidades integradas servirán como guía para establecer operaciones seguras dentro de su centro de datos. Consulte la lista a continuación.
| Category | Security Specifications | Intel X14 Products | AMD H14 Products | Intel X13 Products | AMD H13 Products | Intel X12 Products | AMD H12 Products |
|---|---|---|---|---|---|---|---|
| Hardware | Silicon Root of Trust | ✔ | ✔ | ✔ | ✔ | ✔ | ✔ |
| Chassis Intrusion Protection | ✔ | ✔ | ✔ | ✔ | ✔ | ✔ | |
| Trusted Platform Module (TPM) 2.0 | ✔ | ✔ | ✔ | ✔ | ✔ | ✔ | |
| BMC TPM1 | ✔ | ✔ | ✔ | ✔ | |||
| Intel Boot Guard | ✔ | ✔ | ✔ | ||||
| Intel® Software Guard Extensions (Intel® SGX)1 | ✔ | ✔ | ✔ | ||||
| AMD Secure Processor | ✔ | ✔ | ✔ | ||||
| AMD Secure Memory Encryption (SME) | ✔ | ✔ | ✔ | ||||
| AMD Secure Encrypted Virtualization (SEV) | ✔ | ✔ | ✔ | ||||
| BIOS/BMC | Secure Boot | ✔ | ✔ | ✔ | ✔ | ✔ | ✔ |
| Secure Drive Erase | ✔ | ✔ | ✔ | ✔ | ✔ | ✔ | |
| Secure Flash | ✔ | ✔ | ✔ | ✔ | ✔ | ✔ | |
| Secure Firmware Updates | ✔ | ✔ | ✔ | ✔ | ✔ | ✔ | |
| Cryptographically signed firmware | ✔ | ✔ | ✔ | ✔ | ✔ | ✔ | |
| Secure Redfish API3 | ✔ | ✔ | ✔ | ✔ | ✔ | ✔ | |
| Password Security | ✔ | ✔ | ✔ | ✔ | ✔ | ✔ | |
| USB dynamic enable/disable | ✔ | ✔ | |||||
| HDD Password | ✔ | ✔ | ✔ | ✔ | ✔ | ✔ | |
| BMC Unique Password | ✔ | ✔ | ✔ | ✔ | ✔ | ✔ | |
| Automatic Firmware Recovery | ✔ | ✔ | ✔ | ✔ | ✔ | ✔ | |
| Anti-rollback | ✔ | ✔ | ✔ | ✔ | ✔ | ✔ | |
| Runtime BMC Protections | ✔ | ✔ | ✔ | ✔ | |||
| System Lockdown | ✔ | ✔ | ✔ | ✔ | ✔ | ✔ | |
| Supply Chain Security: Remote Attestation | ✔ | ✔ | ✔ | ✔ | |||
| Drive Key Management (Super-Guardians) | ✔ | ✔ | ✔ | ✔ | |||
| IPMI 2.0 User Locking | ✔ | ✔ | ✔ | ✔ | |||
| Security State Monitoring | ✔ | ✔ | ✔ | ✔ | |||
| Security Protocol and Data Model (SPDM) Management2 | ✔ | ✔ | ✔ | ✔ | |||
| Standards | NIST SP 800-193 | ✔ | ✔ | ✔ | ✔ | ✔ | ✔ |
| NIST SP 800-147b | ✔ | ✔ | ✔ | ✔ | ✔ | ✔ | |
| NIST SP 800-88 | ✔ | ✔ | ✔ | ✔ | ✔ | ✔ |
Notes:
- Certain features may not apply to all products.
- 1 On select models and configurations
- 2 Planned on Q4 CY2024
- 3 TLS v1.2 / v1.3 supported. RMCP+ Cipher Suite3 / 17 supported
El Baseboard Management Controller (BMC) proporciona acceso remoto a múltiples usuarios en diferentes ubicaciones para la conexión en red. El BMC permite al administrador del sistema supervisar el estado del sistema y gestionar los eventos del ordenador de forma remota. BMC se utiliza con una utilidad de gestión IPMI (Intelligent Platform Management Interface) que permite controlar y supervisar los servidores de forma centralizada. BMC dispone de una amplia gama de funciones de seguridad que responden a las necesidades de los clientes.
Buenas prácticas de seguridad para la gestión de servidores con funciones de BMC habilitadas en centros de datos
Verificación dinámica de sistemas aprovechando el proceso de certificación
Detectar cualquier cambio en el hardware y el firmware mediante la atestación del sistema.
Firmware BMC firmado criptográficamente
Más información sobre la funcionalidad de seguridad para firmar criptográficamente el firmware del BMC y la BIOS
Función de seguridad de contraseña única de BMC
Descubra cómo beneficiarse de BMC Unique Password
Vulnerability in Supermicro BMC IPMI firmware, “Terrapin”, October 2024
A security issue has been discovered in select Supermicro motherboards. Terrapin vulnerability allows an attacker to downgrade secure signature algorithms and disable specific security measures. The Terrapin attack requires an active Man-in-the-Middle attacker.
- CVE-2023-48795
BIOS Vulnerabilities, September 2024
Supermicro is aware of two potential vulnerabilities in the BIOS firmware. These vulnerabilities may allow an attacker to write to SMRAM and hijack the RIP/EIP. They affect Supermicro BIOS in the Denverton platform. Supermicro is not aware of any public announcements or malicious use of these vulnerabilities that are described in this advisory.
- CVE-2020-8738
- CVE-2024-44075
Intel Platform Update (IPU) Update 2024.3, August 2024
This update applies to the X11, X12, and X13 families of products powered by Intel Xeon® and other Intel processors. Intel Platform Update (IPU) combines the delivery of security updates that may have been previously provided individually.
- INTEL-SA-01038 – 2024.2 IPU - Intel® Core™ Ultra Processor Stream Cache Advisory
- INTEL-SA-01046 – 2024.2 IPU - Intel® Processor Stream Cache Advisory
- INTEL-SA-00999 – 2024.3 IPU - Intel® Chipset Firmware Advisory
- INTEL-SA-01083 – 2024.3 IPU - SMI Transfer Monitor Advisory
- INTEL-SA-01100 – 2024.3 IPU - Intel® Xeon® Processor Advisory
- INTEL-SA-01118 – 2024.3 IPU - 3rd Generation Intel® Xeon® Scalable Processor Advisory
AMD Security Vulnerabilities, August 2024
This update applies to the H11, H12 and H13 families of products powered by 1st/2nd/3rd/4th Gen AMD EPYC™ Processors. This update also applies to M11/M12 and H13 family of products powered by Ryzen™ Threadripper™ processor. Potential vulnerabilities in various platform components were discovered and have been mitigated in AMD EPYC™ and AMD Ryzen™ AGESA™ PI packages.
- AMD-SB-4004 – AMD Client Vulnerabilities – August 2024
- AMD-SB-3003 – AMD Server Vulnerabilities – August 2024
AMD Security Bulletin AMD-SB-7014, August 2024
Supermicro is aware of the security vulnerability where an attacker with root access may modify the configuration of System Management Mode (SMM) even when SMM Lock is enabled. This issue affects AMD EPYC™ 1st, 2nd, 3rd and 4th Gen Processors and H11, H12, and H13 generations of products.
- CVE-2023-31315
AMD Security Bulletin AMD-SB-3011, August 2024
Supermicro is aware of the security issue where a malicious hypervisor may be able to decrypt the memory of a Secure Encrypted Virtualization–Secure Nested Paging (SEV-SNP) guest VM after it is decommissioned. This issue affects AMD EPYC™ 3rd and 4th Gen Processors. motherboards. This vulnerability affects BIOS in Supermicro H12 and H13 products.
- CVE-2023-31355
- CVE-2024-21978
- CVE-2024-21980
PKFAIL: Vulnerability in Supermicro BIOS firmware, July 2024
Supermicro has fixed the security vulnerability issue known as “PKFAIL”. This new vulnerability may allow malicious actors to launch advanced firmware-level threats from an operating system. It was determined that some Supermicro products used insecure Platform Keys (PK) which represent the Root of Trust for BIOS. These insecure keys were generated by American Megatrends International (AMI), and they were supplied as a reference example to Supermicro.
Ver detallesOpenSSH “regreSSHion” Vulnerability, July 2024
A security vulnerability with the critical signal handler race condition in OpenSSH, known as “regreSSHion” has been discovered in the BMC firmware of select Supermicro motherboards. This vulnerability may result in unauthenticated remote code execution (RCE) with root privileges.
- CVE-2024-6387
BIOS Vulnerabilities, July 2024
Supermicro is aware of potential vulnerabilities in the BIOS firmware. These vulnerabilities affect select X11 motherboards. Supermicro is not aware of any public announcements or malicious use of these vulnerabilities that are described in this advisory.
- CVE-2024-36432
- CVE-2024-36433
- CVE-2024-36434
Vulnerability in Supermicro BMC IPMI firmware, July 2024
A security issue has been discovered in select Supermicro motherboards. This issue affects the web server component of their BMC. This potential vulnerability in Supermicro BMC may come from a buffer overflow in the “GetValue” function of the firmware that is caused by a lack of checking the input value.
- CVE-2024-36435
AMD Security Bulletin AMD-SB-1041, June 2024
Supermicro is aware of the potential weakness in AMD SPI protection features. This issue affects AMD EPYC™ 1st, 2nd and 3rd Gen Processor motherboards. This vulnerability affects BIOS in Supermicro H11 and H12 products.
- CVE-2022-23829
AMD Security Bulletin AMD-SB-4007, May 2024
Supermicro is aware of the Memory leak vulnerabilities in AMD DXE (Drive Execution Environment) driver in Server and Client desktop and mobile APUs/CPUs may allow a highly privileged user to obtain sensitive information. This issue affects AMD EPYC™ 3rd Gen Processors. motherboards. This vulnerability affects BIOS in Supermicro H12 products.
- CVE-2023-20594
- CVE-2023-20597
Intel Platform Update (IPU) Update 2024.2, May 2024
This update applies to the X13 family of products powered by Intel Xeon® and other Intel processors. Intel Platform Update (IPU) combines the delivery of security updates that may have been previously provided individually.
- INTEL-SA-01036 – 2024.2 IPU - Intel® TDX Module Software Advisory
- INTEL-SA-01051 – 2024.2 IPU - Intel® Processor Advisory
- INTEL-SA-01052 – 2024.2 IPU - Intel® Core™ Ultra Processor Advisory
Vulnerabilities in Supermicro BMC firmware, April 2024
Several security vulnerabilities have been discovered in select Supermicro boards. These issues (cross site scripting and command injection) may affect the web server component of Supermicro BMC IPMI (Web UI). An updated BMC firmware had been created to mitigate these potential vulnerabilities.
- SMC-2024010010 (CVE: CVE-2024-36430)
- SMC-2024010011 (CVE: CVE-2024-36431)
- SMC-2024010012 (CVE: CVE-2023-33413)
Intel Platform Update (IPU) Update 2024.1 and INTEL-TA-00986, March 2024
This update applies to the X11, X12, and X13 families of products powered by Intel Xeon® and other Intel processors. Intel Platform Update (IPU) combines the delivery of security updates that may have been previously provided individually.
- INTEL-SA-00898 – 2024.1 IPU - Intel® Atom® Processor Advisory
- INTEL-SA-00923 – 2024.1 IPU - Intel® Chipset Software and SPS Advisory
- INTEL-SA-00929 – 2024.1 IPU - BIOS Advisory
- INTEL-SA-00950 – 2024.1 IPU OOB - Intel® Processor Advisory
- INTEL-SA-00960 – 2024.1 IPU - Intel® Xeon® Processor Advisory
- INTEL-SA-00972 – 2024.1 IPU - Intel® Processor Bus Lock Advisory
- INTEL-SA-00982 – 2024.1 IPU - Intel® Processor Return Predictions Advisory
- INTEL-SA-00986 – 4th Gen Intel® Xeon® Processor Advisory
- INTEL-SA-01045 – 2024.1 IPU OOB - Intel® Xeon® D Processor Advisory
AMD Security Bulletin AMD-SB-7009, February 2024
Supermicro is aware of the AMD Processor Vulnerabilities. This issue affects AMD EPYC™ 1st Gen, AMD EPYC™ 2nd Gen, AMD EPYC™ 3rd Gen and 4th Gen Processors. This vulnerability affects Supermicro select H11, H12 and select H13 motherboards.
- CVE-2023-20576
- CVE-2023-20577
- CVE-2023-20579
- CVE-2023-20587
AMD Security Bulletin AMD-SB-3007, February 2024
Supermicro is aware of the SEV-SNP Firmware Vulnerabilities. This issue affects AMD EPYC™ 3rd Gen and 4th Gen Processors. This vulnerability affects Supermicro select H12 and select H13 motherboards.
- CVE-2023-31346
- CVE-2023-31347
PixieFAIL Vulnerability, January 2024
Supermicro is aware of a potential vulnerability known as “PixieFAIL” in the BIOS firmware. Multiple vulnerabilities were discovered in the TCP/IP stack (NetworkPkg) of Tianocore EDKII, an open source implementation of UEFI. These nine vulnerabilities that if exploited via network can lead to remote code execution, DoS attacks, DNS cache poisoning, and/or potential leakage of sensitive information. PixieFAIL affects Supermicro BIOS in select X11, X12, H11, H12, H13 and R12 products. Supermicro is not aware of any public announcements or malicious use of these vulnerabilities that is described in this advisory.
- CVE-2023-45229
- CVE-2023-45230
- CVE-2023-45231
- CVE-2023-45232
- CVE-2023-45233
- CVE-2023-45234
- CVE-2023-45235
- CVE-2023-45236
- CVE-2023-45237
LogoFAIL Vulnerability, December 2023
Supermicro is aware of a potential vulnerability known as “LogoFAIL” in the BIOS firmware. Improper input validation in an image parser library used by BIOS may allow a privileged user to potentially enable escalation of privilege via local access. LogoFAIL affects Supermicro BIOS in select X11, X12, X13, H11, M12 and R12 products. Supermicro is not aware of any public announcements or malicious use of these vulnerabilities that is described in this advisory.
- CVE-2023-39538
- CVE-2023-39539
Vulnerabilities in Supermicro BMC IPMI Firmware, December 2023
- CVE-2023-33411: IPMI BMC SSDP/UPnP web server directory traversal and iKVM access allowing the rebooting of the BIOS
- CVE-2023-33412: IPMI BMC administrative web interface virtual floppy/USB remote command execution
- CVE-2023-33413: IPMI BMC devices use hardcoded configuration file encryption keys, allowing the attacker to craft and upload a malicious configuration file packages to gain remote command execution.
AMD Security Bulletin AMD-SB-3005
Supermicro is aware of the AMD INVD Instruction security vulnerability. This issue affects 1st Gen AMD EPYC™ Processors (SEV and SEV-ES), 2nd Gen AMD EPYC™ Processors (SEV and SEV-ES), and 3rd Gen AMD EPYC™ Processors (SEV, SEV-ES, SEV-SNP). This vulnerability affects Supermicro H11 and H12 motherboards.
- CVE-2023-20592
Intel Platform Update (IPU) Update 2023.4 and INTEL-SA-00950, November 2023
This update applies to the X11, X12, and X13 families of products powered by Intel Xeon® and other Intel processors. Intel Platform Update (IPU) combines the delivery of security updates that may have been previously provided individually.
- INTEL-SA-00924 – 2023.4 IPU – BIOS Advisory
- INTEL-SA-00950 – Intel® Processor Advisory
AMD Security Vulnerabilities, November 2023
This update applies to the H11, H12 and H13 families of products powered by 1st/
- AMD-SN-4002 - AMD Client Vulnerabilities – November 2023
- AMD-SN-3002 - AMD Server Vulnerabilities – November 2023
Vulnerabilities in Supermicro BMC IPMI firmware
Several security vulnerabilities have been discovered in select Supermicro boards. These issues (cross site scripting and command injection) may affect the web server component of Supermicro BMC IPMI (Web UI). An updated BMC firmware had been created to mitigate these potential vulnerabilities.
- CVE-2023-40289
- CVE-2023-40284
- CVE-2023-40287
- CVE-2023-40288
- CVE-2023-40290
- CVE-2023-40285
- CVE-2023-40286
Variable Modification Due to Stack Overflow
A potential vulnerability was found in the Supermicro BIOS firmware. An attacker could exploit this vulnerability in the Supermicro motherboards by manipulating a variable to potentially hijack the control flow, allowing attackers with the kernel level privileges to escalate their privileges and potentially execute arbitrary code.
- CVE-2023-34853
AMD Security Bulletin AMD-SB-7005
Supermicro is aware of the Return Address Predictor issue, also known as "INCEPTION." This issue affects AMD EPYC™ 3rd Gen and 4th Gen Processors. This vulnerability affects Supermicro select H12 and select H13 motherboards.
- CVE-2023-20569
Intel Platform Update (IPU) Update 2023.3, August 2023
This update applies to the X11, X12, and X13 families of products powered by Intel Xeon® and other Intel processors. Intel Platform Update (IPU) combines the delivery of security updates that may have been previously provided individually.
- INTEL-SA-00783 – 2023.2 IPU – Intel® Chipset Firmware Advisory
- INTEL-SA-00813 – 2023.2 IPU – BIOS Advisory
- INTEL-SA-00828 – 2023.2 IPU – Intel® Processor Advisory
- INTEL-SA-00836 – 2023.2 IPU – Intel® Xeon® Scalable Processors Advisory
- INTEL-SA-00837 – 2023.2 IPU – Intel® Xeon® Processor Advisory
AMD Security Bulletin AMD-SB-7008
Supermicro is aware of the cross-process information leak, also known as "Zenbleed". This issue affects AMD EPYC™ 7002 Processors also known as AMD “Zen 2” processors. This vulnerability affects Supermicro H11 and H12 motherboards.
- CVE-2023-20593
Shell injection in the SMTP notifications
Vulnerability in the select supermicro boards may affect SMTP notification configurations. The vulnerability may allow unauthenticated bad actors to control user inputs such as the subject in the alert settings which may lead to an arbitrary execution of code.
- CVE-2023-35861
Reflective Denial-of-Service (DoS) Amplification Vulnerability in Service Location Protocol SLP
The Service Location Protocol (SLP) allows an unauthenticated, remote attacker to register arbitrary services. This could allow the attacker to use spoofed UDP traffic to conduct a denial-of-service (DoS) attack with a significant amplification factor.
- CVE-2023-29552
Media Information: Intel BootGuard OEM private keys have potentially been compromised, May 2023
Based on the analysis of how Supermicro generates and uses private keys, Supermicro products are not affected.
Intel Platform Update (IPU) Update 2023.2, May 2023
This update applies to the X11, X12, and X13 families of products powered by Intel Xeon® and other Intel processors. Intel Platform Update (IPU) combines the delivery of security updates that may have been previously provided individually.
- INTEL-SA-00807 – 2023.2 IPU – BIOS Advisory
AMD Security Vulnerabilities, May 2023
This update applies to the H11, H12 and H13 families of products powered by 1st/2nd/3rd/4th Gen AMD EPYC™ Processors. This update also applies to M12 family of products powered by Ryzen™ Threadripper™ processor. Potential vulnerabilities in various platform components were discovered and have been mitigated in AMD EPYC™ and AMD Ryzen™ AGESA™ PI packages.
- AMD-SN-4001 - AMD Client Vulnerabilities – May 2023
- AMD-SN-3001 - AMD Server Vulnerabilities – May 2023
SuperDoctor5 Advisory, March 2023
Researchers have identified a vulnerability in Supermicro SuperDoctor5 (SD5) that may allow any authenticated user on the web interface to remotely execute arbitrary commands on the system where SuperDoctor5 (SD5) is installed.
- CVE-2023-26795
Intel Platform Update (IPU) Update 2023.1, February 2023
This update applies to the X11, X12, and X13 families of products powered by Intel Xeon® and other Intel processors. Intel Platform Update (IPU) combines the delivery of security updates that may have been previously provided individually.
- INTEL-SA-00700 – 2023.1 IPU – Intel® Atom® and Intel® Xeon® Scalable Processors Advisory
- INTEL-SA-00717 – 2023.1 IPU – BIOS Advisory
- INTEL-SA-00718 – 2023.1 IPU – Intel® Chipset Firmware Advisory
- INTEL-SA-00730 – 2023.1 IPU – 3rd Gen Intel® Xeon® Scalable Processors Advisory
- INTEL-SA-00738 – 2023.1 IPU – Intel® Xeon® Processor Advisory
- INTEL-SA-00767 – 2023.1 IPU – Intel® Processor Advisory
Voltage Regulator Module (VRM) and Inter-Integrated Circuit (I²C) Overvolting/Undervolting, January 2023
Researchers have identified a vulnerability in The Board Management Controller (BMC) which may allow changes to the voltage to be outside the specified operating range for the CPU and therefore, affect normal computations.
- CVE-2022-43309
AMD Security Vulnerabilities, January 2023
This update applies to the H11 and H12 families of products powered by 1st/2nd/3rd/4th Gen AMD EPYC™ Processors. This update also applies to M12 family of products powered by Ryzen™ Threadripper™ processor. Potential vulnerabilities in various platform components were discovered and have been mitigated in AMD EPYC™ and AMD Ryzen™ AGESA™ PI packages.
- AMD-SN-1031 - AMD Client Vulnerabilities – January 2023
- AMD-SN-1032 - AMD Server Vulnerabilities – January 2023
Intel Platform Update (IPU) Update 2022.3, November 2022
This update applies to the X11, and X12 families of products powered by Intel Xeon® and other Intel processors. Intel Platform Update (IPU) combines the delivery of security updates that may have been previously provided individually.
- INTEL-SA-00610 - 2022.3 IPU – Intel® Chipset Firmware Advisory
- INTEL-SA-00668 - 2022.2 IPU – BIOS Advisory
OpenSSL Advisory, November 2022
OpenSSL versions from 3.x through 3.0.6 are found vulnerable to a high severity security vulnerability that can lead to crash or unexpected behavior. Supermicro products are not affected by this OpenSSL vulnerability.
- CVE-2022-3786
- CVE-2022-3602
Microsoft Windows Secure Boot Bypass, August 2022
Researchers have identified several vulnerabilities in Microsoft’s third-party bootloaders that can affect all computer systems using x64 UEFI Secure Boot.
- CVE-2022-34301
- CVE-2022-34302
- CVE-2022-34303
Intel Platform Update (IPU) Update 2022.2, August 2022
This update applies to the X11, and X12 families of products powered by Intel Xeon® and other Intel processors. Intel Platform Update (IPU) combines the delivery of security updates that may have been previously provided individually.
- INTEL-SA-00657 - 2022.2 IPU – Intel® Processor Advisory
- INTEL-SA-00669 - 2022.2 IPU – Intel® Chipset Firmware Advisory
- INTEL-SA-00686 - 2022.2 IPU – BIOS Advisory
Intel Platform Update (IPU) Update 2022.1, June 2022
This update applies to the X10, X11, and X12 families of products powered by Intel Xeon® and other Intel processors. Intel Platform Update (IPU) combines the delivery of security updates that may have been previously provided individually.
- INTEL-SA-00601 - 2022.1 IPU – BIOS Advisory
- INTEL-SA-00613 - 2022.1 IPU – Intel® Boot Guard and Intel® TXT Advisory
- INTEL-SA-00614 - 2022.1 IPU – Intel® SGX Advisory
- INTEL-SA-00615 - 2022.1 IPU – Intel® Processors MMIO Stale Data Advisory
- INTEL-SA-00616 - 2022.1 IPU – Intel® Xeon Advisory
- INTEL-SA-00617 - 2022.1 IPU – Intel® Processor Advisory
AMD Security Vulnerabilities, May 2022
This update applies to the H11 and H12 families of products powered by 1st/2nd/3rd Gen AMD EPYC™ Processors. This update also applies to M12 family of products powered by Ryzen™ Threadripper™ processor. Potential vulnerabilities in various platform components were discovered and have been mitigated in AMD EPYC™ and AMD Ryzen™ AGESA™ PI packages.
- AMD-SN-1027 - AMD Client Vulnerabilities – May 2022
- AMD-SN-1028 - AMD Server Vulnerabilities – May 2022
Intel Platform Update (IPU) Update 2021.2, February 2022
This update applies to the X10, X11, and X12 families of products powered by Intel Xeon® and other Intel processors. Intel Platform Update (IPU) combines the delivery of security updates that may have been previously provided individually.
- INTEL-SA-00470 - 2021.2 IPU – Intel® Chipset Firmware Advisory
- INTEL-SA-00527 - 2021.2 IPU – BIOS Advisory
- INTEL-SA-00532 - 2021.2 IPU – Intel® Processor Breakpoint Control Flow Advisory
- INTEL-SA-00561 - 2021.2 IPU – Intel® Processor Advisory
- INTEL-SA-00589 - 2021.2 IPU – Intel Atom® Processor Advisory
Supermicro’s response to Apache Log4j vulnerability
Supermicro is aware and joins the industry to mitigate the exposure caused by the high-priority CVE-2021-44228 (Apache Log4j 2) issue, also coined as “Log4Shell”, the CVE-2021-45046 (Apache Log4j 2) issue, and the CVE-2021-45105 (Apache Log4j 2) issue. Supermicro is also aware of the CVE-2021-4104 and CVE-2019-17571 issues for Apache Log4j 1.2.
Most Supermicro applications are not impacted by these five vulnerabilities. The only impacted application is Supermicro Power Manager (SPM). The issue will be addressed in a new version of Supermicro Power Manager (SPM) with the release pending ASAP. SPM will come with Log4j version 2.17.0.
Log4j 2
- CVE-2021-44228
- CVE-2021-45046
- CVE-2021-45105
Log4j 1.2
- CVE-2019-17571
- CVE-2021-4104
Intel Platform Update (IPU) Update 2021.2, November 2021
This update applies to the X10, X11, and X12 families of products powered by Intel Xeon® and other Intel processors. Intel Platform Update (IPU) combines the delivery of security updates that may have been previously provided individually.
- INTEL-SA-00528 - 2021.2 IPU – Intel® Atom® Processor Advisory
- INTEL-SA-00562 - 2021.1 IPU – BIOS Reference Code Advisory
AMD Security Vulnerabilities, November 2021
This update applies to the H11 and H12 families of products powered by 1st/2nd/3rd Gen AMD EPYC™ Processors. Potential vulnerabilities in various platform components were discovered and have been mitigated in AMD EPYC™ AGESA™ PI packages.
- AMD-SN-1021 - AMD Server Vulnerabilities – November 2021
Intel Security Advisory Intel-SA-00525, July 2021
- INTEL-SA-00525 – Intel BSSA (BIOS Shared SW Architecture) DFT Advisory
Intel-SA-00525 Security Advisory does not affect Supermicro BIOS.
Ver detallesIntel Platform Update (IPU) Update 2021.1, June 2021
This update applies to the X10, X11, and X12 families of products powered by Intel Xeon® and other Intel processors. Intel Platform Update (IPU) combines the delivery of security updates that may have been previously provided individually.
- INTEL-SA-00442 - 2021.1 IPU – Intel VT-d Advisory
- INTEL-SA-00459 - 2021.1 IPU – Intel-CSME-SPS-TXE-DAL-AMT-Advisory
- INTEL-SA-00463 - 2021.1 IPU – BIOS Advisory
- INTEL-SA-00464 - 2021.1 IPU – Intel Processor Advisory
- INTEL-SA-00465 - 2021.1 IPU – Intel Processor Advisory
Supermicro’s response to Trickboot vulnerability, March 2021
Supermicro is aware of the Trickboot issue which is observed only with a subset of the X10 UP motherboards. Supermicro will be providing a mitigation for this vulnerability.
TrickBoot is a new functionality within the TrickBot malware toolset capable of discovering vulnerabilities and enabling attackers to read/write/erase the BIOS on the device.
Read MoreBIOS detects GRUB2 boot loader vulnerability in Linux OS, November 2020
A flaw was found in GRUB2, prior to version 2.06. An attacker may use the GRUB2 flaw to hijack and tamper the GRUB verification process. BIOS will detect this condition and halt the boot with an error message.
- CVE-2020-10713
Intel Platform Update (IPU) Update 2020.2, November 2020
This update applies to the X10, X11, and X12 families of products powered by Intel Xeon® and other Intel processors. Intel Platform Update (IPU) combines the delivery of security updates that may have been previously provided individually.
- INTEL-SA-00358 – 2020.2 IPU – BIOS Advisory
- INTEL-SA-00391 – 2020.2 IPU – Intel® CSME, SPS, TXE, and AMT Advisory
- INTEL-SA-00389 – 2020.2 IPU – Intel® RAPL Advisory
- INTEL-SA-00390 – Intel BIOS Platform Sample Code Advisory
Intel Monthly September Security Update, September 2020
This update applies to the X11 and X12 families of products powered by Intel Core® processors. Intel Monthly September Security Update combines the delivery of security updates that may have been previously provided individually.
Please note that X10 family of products is not affected by this announcement.
- Intel-SA-00404 – Intel® AMT and Intel® ISM Advisory
Intel Platform Update (IPU) Update 2020.1, June 2020
This update applies to the X10 and X11 families of products powered by Intel Xeon® processors. Intel Platform Update (IPU) combines the delivery of security updates that may have been previously provided individually.
- Intel-SA-00295 – Intel® CSME, SPS, TXE, AMT and DAL Advisory
- Intel-SA-00320 – Special Register Buffer Data Sampling Advisory
- Intel-SA-00322 – 2020.1 IPU BIOS Advisory
- Intel-SA-00329 – Intel® Processors Data Leakage Advisory
- Intel-SA-00260 – (updated) Intel® Processor Graphics 2019.2 QSR Update Advisory
Lot 9 of ErP (Eco-design) Compliance
Lot 9 regulations are a new set of product standards that deal with data storage devices such as enterprise-level servers. Learn how Supermicro meets European Union (EU) Eco-design requirements for servers and storage products as part of Lot 9 Compliance.
Ver detallesIntel Monthly February Security Update, February 2020
This update applies to the X11 families of products powered by Intel Core® processors. Intel Monthly February Security Update combines the delivery of security updates that may have been previously provided individually.
- Intel-SA-00307 – Escalation of Privilege, Denial of Service, Information Disclosure
Intel BIOS Update, INTEL-SA-00329, January 2020
- Intel-SA-00329 – Intel® Processors Data Leakage Advisory
Intel Monthly December Security Update, December 2019
This update applies to the X10, and X11 families of products powered by Intel Xeon® processors. Intel Monthly December Security Update combines the delivery of security updates that may have been previously provided individually.
- Intel-SA-00289 – Intel® Processors Voltage Settings Modification Advisory
- Intel-SA-00317 – Unexpected Page Fault in Virtualized Environment Advisory
Intel Platform Update (IPU) Update 2019.2, November 2019
This update applies to the X10, and X11 families of products powered by Intel Xeon® processors. Intel Platform Update (IPU) combines the delivery of security updates that may have been previously provided individually.
- Intel-SA-00164 – Intel® Trusted Execution Technology 2019.2 IPU Advisory
- Intel-SA-00219 – Intel® SGX 2019.2 with Intel® Processor Graphics IPU Update Advisory
- Intel-SA-00220 – Intel® SGX and Intel® TXT Advisory
- Intel-SA-00240 – Intel CPU Local Privilege Escalation Advisory
- Intel-SA-00241 – Intel® CSME, Server Platform Services, Trusted Execution Engine, Intel® Active Management Technology and Dynamic Application Loader 2019.2 IPU Advisory
- Intel-SA-00254 – Intel® System Management Mode 2019.2 IPU Advisory
- Intel-SA-00260 – Intel® Processor Graphics 2019.2 IPU Advisory
- Intel-SA-00270 – TSX Transaction Asynchronous Abort Advisory
- Intel-SA-00271 – Voltage Modulation Technical Advisory
- Intel-SA-00280 – BIOS 2019.2 IPU Advisory
BMC/IPMI Security Vulnerability Update September 3, 2019
Researchers have identified several security related issues on the Virtual Media function of Supermicro BMCs that requires a BMC firmware update to address.
CVE-2019-16649
CVE-2019-16650
AMD Security Vulnerability: Secure Encrypted Virtualization Invalid ECC Curve Points (SEV ECC) in Linux Operating System vulnerability
CVE-2019-9836
Ver detallesIntel Security Vulnerability regarding Rowhammer style attack to leak information from certain DRAM modules
Intel-SA-00247 (CVE-2019-0174)
Ver detallesIntel Quarterly Security Release (QSR) Update 2019.1, May 2019
This update applies to the X8, X9, X10, and X11 families of products powered by Intel Xeon® processors. Quarterly Security Release (QSR) combines the delivery of security updates that may have been previously provided individually.
- INTEL-SA-00213 (CVE-2019-0089, CVE-2019-0090, CVE-2019-0086, CVE-2019-0091, CVE-2019-0092, CVE-2019-0093, CVE-2019-0094, CVE-2019-0096, CVE-2019-0097, CVE-2019-0098, CVE-2019-0099, CVE-2019-0153, CVE-2019-0170)
- INTEL-SA-00223 BIOS Not Affected
- INTEL-SA-00233(CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091)
BIOS updates for these issues are rolling out now. View the details below for impacted products and necessary BIOS updates.
Intel Quarterly Security Release (QSR) Update 2018.4, March 2019
This update applies only to the X11 family of products powered by Intel Xeon® processors. Quarterly Security Release (QSR) combines the delivery of security updates that may have been previously provided individually.
- INTEL-SA-00185 (CVE-2018-12188, CVE-2018-12189, CVE-2018-12190, CVE-2018-12191, CVE-2018-12192, CVE-2018-12199, CVE-2018-12198, CVE-2018-12200, CVE-2018-12187, CVE-2018-12196, CVE-2018-12185, CVE-2018-12208)
- INTEL-SA-00191 (CVE-2018-12201, CVE-2018-12202, CVE-2018-12203, CVE-2018-12205, CVE-2018-12204)
"Spoiler": New research Article on speculative execution in Intel processors
Ver detallesBaseboard Management Controller (BMC) Security Vulnerabilities regarding systems using the ASPEED AST2400 and AST2500 system-on-chips (SoCs)
- CVE-2019-6260
Spectre and Meltdown Side Channel Speculative Execution
- Intel SA-00115 (CVE-2018-3639, CVE-2018-3640)
- Intel-SA-00088 (CVE-2017-5715, CVE-2017-5753, CVE-2017-5754)
- Intel-SA-00161 (CVE-2018-3615, CVE-2018-3620, CVE-2018-3646)
Intel Security Vulnerabilities Regarding Intel® Management Engine (ME), Intel® Server Platform Services (SPS), and Intel® Trusted Execution Engine (TXE)
- Intel-SA-00086 (CVE-2017-5705, CVE-2017-5708, CVE-2017-5711, CVE-2017-5712, CVE-2017-5706, CVE-2017-5709, CVE-2017-5707, CVE-2017-571000)
BIOS/BMC Firmware Security updates prior to 2017
See Firmware Fixes to Common Vulnerabilities and Exposures published prior to 2017.
Supermicro pro-actively works with the security community to identify and strengthen security across our product line. Please find solutions to CVEs published on Supermicro firmware.
Ver detallesCommon Security FAQs: Choose category "Security"
Report a Product Security Issue
If you encountered a security issue with a Supermicro product, please send an e-mail to secure@supermicro.com with the following details:
- Product name/SKU
- Detailed report on the vulnerability
- Instructions to reproduce
- Any relevant CVEs
Please do not include any sensitive or confidential information in clear text emails – use PGP Key to encrypt your message. Supermicro Product Security Team will review your report and contact you to jointly resolve the issue.
Ver detallesManténgase conectado con las actualizaciones de seguridad de productos de Supermicro
Suscríbase hoy
Con el fin de iniciar una suscripción para recibir futuras alertas de seguridad Supermicro por favor siga los siguientes pasos:
1. Vaya a la parte superior derecha de la pantalla e inicie sesión o cree una cuenta de inicio de sesión único (SSO):
2. Seleccione "Gestionar preferencias de correo electrónico".
3. Compruebe "Notificaciones de actualizaciones de seguridad"
