メインコンテンツに移動
Voltage Regulator Module (VRM) and Inter-Integrated Circuit (I²C) Overvolting/Undervolting, January 2023

Vulnerability Disclosure:

This disclosure communicates that an external group contacted Supermicro about the potential vulnerability of Supermicro products.

Acknowledgment:

Supermicro would like to acknowledge the work done by the researchers from the University of Birmingham in the UK for discovering a potential vulnerability in the X11SSL-CF motherboard.

Findings:

The Board Management Controller (BMC) has an Inter-Integrated Circuit (I²C) bus, which may allow changes to the voltage to be outside the specified operating range for the CPU and therefore, affect normal computations.

CVE:

  • CVE: CVE-2022-43309
  • Severity: High
  • Found: Externally

Affected products:

Products affected are the Supermicro X11, X12, H11, and H12 product lines that have the Intelligent Platform Management Interface (IPMI).

Solution:

All affected Supermicro motherboard SKUs will require a BMC update to mitigate this potential vulnerability.

Supermicro will release the following firmware updates to mitigate this potential vulnerability:

  • New signed BMC firmware for all affected Supermicro motherboard SKUs

Please Note:

  • If you have BMC OEM firmware, please contact your technical representative.
  • If you have unsigned BMC firmware and prefer to keep it, please contact technical support team at Supermicro.
  • X11 and H11 products require signed BMC firmware. It is important to note that once updated, signed BMC firmware cannot be rolled back to unsigned BMC firmware.

An updated BMC firmware had been created. Supermicro is currently testing and validating affected products. Please check Release Notes for the resolution.

Resources: