メインコンテンツに移動
About Supermicro Security Center

The Supermicro Security Center is the established source for product security updates and information from Supermicro, a global leader in enterprise computing, storage, networking, and green computing technology. We strive for continuous improvement in our security practices.

The security of our customers is a top priority; hence we have put measures in place to safeguard the operation of your Supermicro servers and storage systems. Servers and storage systems as they exist today are becoming more versatile yet more complex with the need to be secured. With threat actors, Supermicro is developing defense mechanisms to protect users and customers and thus bring our security knowledge to the highest in the industry. Supermicro recognizes that customers expect to deploy products that meet high-security standards; therefore, our response is designed for the highest level of protection.

Supermicro recommends that you follow security best practices, including keeping your operating system up-to-date and running the latest versions of firmware and all software.

Lifecycle Cyber Security Product Protection

Supermicro offers three server products made exclusively in the US. By centralizing manufacturing in US factories, system integrity is preserved. These “Made in the USA” products reduce the opportunity for foreign cybersecurity intrusion and are available for customers worldwide. To learn more about this program, go to the Made in the USA solution page.

Supermicro strictly manages cybersecurity practices throughout our entire supply chain system, to include a broader “cradle to grave” approach to keeping our products secure from sourcing and production, through operation, to a natural end of life.

Sourcing

  • Supplier Management
  • Visual Inspections
  • X-Ray checks of motherboards
  • Supplier ISO certifications

Manufacturing

  • Secure Global Production
  • Made in the USA
  • Resilient Manufacturing

Supply Chain Protection

  • Attestation
  • Delivery Services
  • Traceability Tracking
  • DFARS for US Federal
  • Intrusion Detection

Run-Time Security

  • Root of Trust
  • NIST 800-193
  • AMD SEV and SME
  • Intel SGX
  • Enforced Strong Passwords

End of Life

  • Recycling
  • Green Initiatives
  • NIST 800-88 Erase
  • Forensics Assistance
  • Data management retention

Supermicro Supply Chain Security

Supermicro’s customer-focused culture requires 100% precision and quality, so Supermicro tests its products at every step. Using machine-based tests, that are both fully automated and manual, Supermicro checks every motherboard.

Watch the video on how Supermicro delivers responsive, reliable, and secure processes for supply chain management.

Play Video
Product Security at Supermicro

Supermicro’s best practices are designed to meet its product security requirements that are supported by rich security functionality and features. These features assure customers that Supermicro's products meet industry security standards.

Product Security Standards and Specifications

Last Updated:

Supermicro regards the security of your data center with the highest importance. Supermicro is providing a list of standards and specifications for the newly-released X14/H14 as well as X13/H13 and X12/H12 families of servers and storage systems. These built-in capabilities will serve as a guideline for establishing secure operations within your data center. Review the list below.

CategorySecurity SpecificationsIntel X14 ProductsAMD H14 ProductsIntel X13 ProductsAMD H13 ProductsIntel X12 ProductsAMD H12 Products
HardwareSilicon Root of Trust
Chassis Intrusion Protection
Trusted Platform Module (TPM) 2.0
BMC TPM1  
Intel Boot Guard  
Intel® Software Guard Extensions (Intel® SGX)1  
AMD Secure Processor  
AMD Secure Memory Encryption (SME)  
AMD Secure Encrypted Virtualization (SEV)  
BIOS/BMCSecure Boot
Secure Drive Erase
Secure Flash
Secure Firmware Updates
Cryptographically signed firmware
Secure Redfish API3
Password Security
USB dynamic enable/disable  
HDD Password
BMC Unique Password
Automatic Firmware Recovery
Anti-rollback
Runtime BMC Protections  
System Lockdown
Supply Chain Security: Remote Attestation  
Drive Key Management (Super-Guardians)  
IPMI 2.0 User Locking
Security State Monitoring
Security Protocol and Data Model (SPDM) Management2
StandardsNIST SP 800-193
NIST SP 800-147b
NIST SP 800-88

Notes:

  • Certain features may not apply to all products.
  • 1 On select models and configurations
  • 2 Planned on Q4 CY2024
  • 3 TLS v1.2 / v1.3 supported. RMCP+ Cipher Suite3 / 17 supported
BMC Firmware Security

The Baseboard Management Controller (BMC) provides remote access to multiple users at different locations for networking. BMC allows a system administrator to monitor system health and manage computer events remotely. BMC is used with an (Intelligent Platform Management Interface) IPMI Management utility which makes it possible to control and monitor servers centrally. BMC has a wide range of security features that address customer requirements.

BMC Security Guide

Take advantage of the BMC Security Features

Download

Security Best Practices for managing servers with BMC features enabled in Datacenters

Learn about BMC Security Best Practices

Dynamic System Verification Leveraging the Attestation Process

Detect any changes in the hardware and firmware using system attestation

Cryptographically Signed BMC Firmware

Learn about Security functionality to cryptographically sign the BMC Firmware and BIOS

BMC Unique Password Security Feature

Learn how to benefit from BMC Unique Password

セキュリティ警告と勧告

Vulnerability in Supermicro BMC IPMI firmware, “Terrapin”, October 2024

A security issue has been discovered in select Supermicro motherboards. Terrapin vulnerability allows an attacker to downgrade secure signature algorithms and disable specific security measures. The Terrapin attack requires an active Man-in-the-Middle attacker.

  • CVE-2023-48795
詳細へ

BIOS Vulnerabilities, September 2024

Supermicro is aware of two potential vulnerabilities in the BIOS firmware. These vulnerabilities may allow an attacker to write to SMRAM and hijack the RIP/EIP. They affect Supermicro BIOS in the Denverton platform. Supermicro is not aware of any public announcements or malicious use of these vulnerabilities that are described in this advisory.

  • CVE-2020-8738
  • CVE-2024-44075
詳細へ

Intel Platform Update (IPU) Update 2024.3, August 2024

This update applies to the X11, X12, and X13 families of products powered by Intel Xeon® and other Intel processors. Intel Platform Update (IPU) combines the delivery of security updates that may have been previously provided individually.

  • INTEL-SA-01038 – 2024.2 IPU - Intel® Core™ Ultra Processor Stream Cache Advisory
  • INTEL-SA-01046 – 2024.2 IPU - Intel® Processor Stream Cache Advisory
  • INTEL-SA-00999 – 2024.3 IPU - Intel® Chipset Firmware Advisory
  • INTEL-SA-01083 – 2024.3 IPU - SMI Transfer Monitor Advisory
  • INTEL-SA-01100 – 2024.3 IPU - Intel® Xeon® Processor Advisory
  • INTEL-SA-01118 – 2024.3 IPU - 3rd Generation Intel® Xeon® Scalable Processor Advisory
詳細へ

AMD Security Vulnerabilities, August 2024

This update applies to the H11, H12 and H13 families of products powered by 1st/2nd/3rd/4th Gen AMD EPYC™ Processors. This update also applies to M11/M12 and H13 family of products powered by Ryzen™ Threadripper™ processor. Potential vulnerabilities in various platform components were discovered and have been mitigated in AMD EPYC™ and AMD Ryzen™ AGESA™ PI packages.

  • AMD-SB-4004 – AMD Client Vulnerabilities – August 2024
  • AMD-SB-3003 – AMD Server Vulnerabilities – August 2024
詳細へ

AMD Security Bulletin AMD-SB-7014, August 2024

Supermicro is aware of the security vulnerability where an attacker with root access may modify the configuration of System Management Mode (SMM) even when SMM Lock is enabled. This issue affects AMD EPYC™ 1st, 2nd, 3rd and 4th Gen Processors and H11, H12, and H13 generations of products.

  • CVE-2023-31315
詳細へ

AMD Security Bulletin AMD-SB-3011, August 2024

Supermicro is aware of the security issue where a malicious hypervisor may be able to decrypt the memory of a Secure Encrypted Virtualization–Secure Nested Paging (SEV-SNP) guest VM after it is decommissioned. This issue affects AMD EPYC™ 3rd and 4th Gen Processors. motherboards. This vulnerability affects BIOS in Supermicro H12 and H13 products.

  • CVE-2023-31355
  • CVE-2024-21978
  • CVE-2024-21980
詳細へ

PKFAIL: Vulnerability in Supermicro BIOS firmware, July 2024

Supermicro has fixed the security vulnerability issue known as “PKFAIL”. This new vulnerability may allow malicious actors to launch advanced firmware-level threats from an operating system. It was determined that some Supermicro products used insecure Platform Keys (PK) which represent the Root of Trust for BIOS. These insecure keys were generated by American Megatrends International (AMI), and they were supplied as a reference example to Supermicro.

詳細へ

OpenSSH “regreSSHion” Vulnerability, July 2024

A security vulnerability with the critical signal handler race condition in OpenSSH, known as “regreSSHion” has been discovered in the BMC firmware of select Supermicro motherboards. This vulnerability may result in unauthenticated remote code execution (RCE) with root privileges.

  • CVE-2024-6387
詳細へ

BIOS Vulnerabilities, July 2024

Supermicro is aware of potential vulnerabilities in the BIOS firmware. These vulnerabilities affect select X11 motherboards. Supermicro is not aware of any public announcements or malicious use of these vulnerabilities that are described in this advisory.

  • CVE-2024-36432
  • CVE-2024-36433
  • CVE-2024-36434
詳細へ

Vulnerability in Supermicro BMC IPMI firmware, July 2024

A security issue has been discovered in select Supermicro motherboards. This issue affects the web server component of their BMC. This potential vulnerability in Supermicro BMC may come from a buffer overflow in the “GetValue” function of the firmware that is caused by a lack of checking the input value.

  • CVE-2024-36435
詳細へ

AMD Security Bulletin AMD-SB-1041, June 2024

Supermicro is aware of the potential weakness in AMD SPI protection features. This issue affects AMD EPYC™ 1st, 2nd and 3rd Gen Processor motherboards. This vulnerability affects BIOS in Supermicro H11 and H12 products.

  • CVE-2022-23829
詳細へ

AMD Security Bulletin AMD-SB-4007, May 2024

Supermicro is aware of the Memory leak vulnerabilities in AMD DXE (Drive Execution Environment) driver in Server and Client desktop and mobile APUs/CPUs may allow a highly privileged user to obtain sensitive information. This issue affects AMD EPYC™ 3rd Gen Processors. motherboards. This vulnerability affects BIOS in Supermicro H12 products.

  • CVE-2023-20594
  • CVE-2023-20597
詳細へ

Intel Platform Update (IPU) Update 2024.2, May 2024

This update applies to the X13 family of products powered by Intel Xeon® and other Intel processors. Intel Platform Update (IPU) combines the delivery of security updates that may have been previously provided individually.

  • INTEL-SA-01036 – 2024.2 IPU - Intel® TDX Module Software Advisory
  • INTEL-SA-01051 – 2024.2 IPU - Intel® Processor Advisory
  • INTEL-SA-01052 – 2024.2 IPU - Intel® Core™ Ultra Processor Advisory
詳細へ

Vulnerabilities in Supermicro BMC firmware, April 2024

Several security vulnerabilities have been discovered in select Supermicro boards. These issues (cross site scripting and command injection) may affect the web server component of Supermicro BMC IPMI (Web UI). An updated BMC firmware had been created to mitigate these potential vulnerabilities.

  • SMC-2024010010 (CVE: CVE-2024-36430)
  • SMC-2024010011 (CVE: CVE-2024-36431)
  • SMC-2024010012 (CVE: CVE-2023-33413)
詳細へ

Intel Platform Update (IPU) Update 2024.1 and INTEL-TA-00986, March 2024

This update applies to the X11, X12, and X13 families of products powered by Intel Xeon® and other Intel processors. Intel Platform Update (IPU) combines the delivery of security updates that may have been previously provided individually.

  • INTEL-SA-00898 – 2024.1 IPU - Intel® Atom® Processor Advisory
  • INTEL-SA-00923 – 2024.1 IPU - Intel® Chipset Software and SPS Advisory
  • INTEL-SA-00929 – 2024.1 IPU - BIOS Advisory
  • INTEL-SA-00950 – 2024.1 IPU OOB - Intel® Processor Advisory
  • INTEL-SA-00960 – 2024.1 IPU - Intel® Xeon® Processor Advisory
  • INTEL-SA-00972 – 2024.1 IPU - Intel® Processor Bus Lock Advisory
  • INTEL-SA-00982 – 2024.1 IPU - Intel® Processor Return Predictions Advisory
  • INTEL-SA-00986 – 4th Gen Intel® Xeon® Processor Advisory
  • INTEL-SA-01045 – 2024.1 IPU OOB - Intel® Xeon® D Processor Advisory
詳細へ

AMD Security Bulletin AMD-SB-7009, February 2024

Supermicro is aware of the AMD Processor Vulnerabilities. This issue affects AMD EPYC™ 1st Gen, AMD EPYC™ 2nd Gen, AMD EPYC™ 3rd Gen and 4th Gen Processors. This vulnerability affects Supermicro select H11, H12 and select H13 motherboards.

  • CVE-2023-20576
  • CVE-2023-20577
  • CVE-2023-20579
  • CVE-2023-20587
詳細へ

AMD Security Bulletin AMD-SB-3007, February 2024

Supermicro is aware of the SEV-SNP Firmware Vulnerabilities. This issue affects AMD EPYC™ 3rd Gen and 4th Gen Processors. This vulnerability affects Supermicro select H12 and select H13 motherboards.

  • CVE-2023-31346
  • CVE-2023-31347
詳細へ

PixieFAIL Vulnerability, January 2024

Supermicro is aware of a potential vulnerability known as “PixieFAIL” in the BIOS firmware. Multiple vulnerabilities were discovered in the TCP/IP stack (NetworkPkg) of Tianocore EDKII, an open source implementation of UEFI. These nine vulnerabilities that if exploited via network can lead to remote code execution, DoS attacks, DNS cache poisoning, and/or potential leakage of sensitive information. PixieFAIL affects Supermicro BIOS in select X11, X12, H11, H12, H13 and R12 products. Supermicro is not aware of any public announcements or malicious use of these vulnerabilities that is described in this advisory.

  • CVE-2023-45229
  • CVE-2023-45230
  • CVE-2023-45231
  • CVE-2023-45232
  • CVE-2023-45233
  • CVE-2023-45234
  • CVE-2023-45235
  • CVE-2023-45236
  • CVE-2023-45237
詳細へ

LogoFAIL Vulnerability, December 2023

Supermicro is aware of a potential vulnerability known as “LogoFAIL” in the BIOS firmware. Improper input validation in an image parser library used by BIOS may allow a privileged user to potentially enable escalation of privilege via local access. LogoFAIL affects Supermicro BIOS in select X11, X12, X13, H11, M12 and R12 products. Supermicro is not aware of any public announcements or malicious use of these vulnerabilities that is described in this advisory.

  • CVE-2023-39538
  • CVE-2023-39539
詳細へ

Vulnerabilities in Supermicro BMC IPMI Firmware, December 2023

  • CVE-2023-33411: IPMI BMC SSDP/UPnP web server directory traversal and iKVM access allowing the rebooting of the BIOS
  • CVE-2023-33412: IPMI BMC administrative web interface virtual floppy/USB remote command execution
  • CVE-2023-33413: IPMI BMC devices use hardcoded configuration file encryption keys, allowing the attacker to craft and upload a malicious configuration file packages to gain remote command execution.
詳細へ

AMD Security Bulletin AMD-SB-3005

Supermicro is aware of the AMD INVD Instruction security vulnerability. This issue affects 1st Gen AMD EPYC™ Processors (SEV and SEV-ES), 2nd Gen AMD EPYC™ Processors (SEV and SEV-ES), and 3rd Gen AMD EPYC™ Processors (SEV, SEV-ES, SEV-SNP). This vulnerability affects Supermicro H11 and H12 motherboards.

  • CVE-2023-20592
詳細へ

Intel Platform Update (IPU) Update 2023.4 and INTEL-SA-00950, November 2023

This update applies to the X11, X12, and X13 families of products powered by Intel Xeon® and other Intel processors. Intel Platform Update (IPU) combines the delivery of security updates that may have been previously provided individually.

  • INTEL-SA-00924 – 2023.4 IPU – BIOS Advisory
  • INTEL-SA-00950 – Intel® Processor Advisory
詳細へ

AMD Security Vulnerabilities, November 2023

This update applies to the H11, H12 and H13 families of products powered by 1st/2nd/3rd/4th Gen AMD EPYC™ Processors. This update also applies to M12 family of products powered by Ryzen™ Threadripper™ processor. Potential vulnerabilities in various platform components were discovered and have been mitigated in AMD EPYC™ and AMD Ryzen™ AGESA™ PI packages.

  • AMD-SN-4002 - AMD Client Vulnerabilities – November 2023
  • AMD-SN-3002 - AMD Server Vulnerabilities – November 2023
詳細へ

Vulnerabilities in Supermicro BMC IPMI firmware

Several security vulnerabilities have been discovered in select Supermicro boards. These issues (cross site scripting and command injection) may affect the web server component of Supermicro BMC IPMI (Web UI). An updated BMC firmware had been created to mitigate these potential vulnerabilities.

  • CVE-2023-40289
  • CVE-2023-40284
  • CVE-2023-40287
  • CVE-2023-40288
  • CVE-2023-40290
  • CVE-2023-40285
  • CVE-2023-40286
詳細へ

Variable Modification Due to Stack Overflow

A potential vulnerability was found in the Supermicro BIOS firmware. An attacker could exploit this vulnerability in the Supermicro motherboards by manipulating a variable to potentially hijack the control flow, allowing attackers with the kernel level privileges to escalate their privileges and potentially execute arbitrary code.

  • CVE-2023-34853
詳細へ

AMD Security Bulletin AMD-SB-7005

Supermicro is aware of the Return Address Predictor issue, also known as "INCEPTION." This issue affects AMD EPYC™ 3rd Gen and 4th Gen Processors. This vulnerability affects Supermicro select H12 and select H13 motherboards.

  • CVE-2023-20569
詳細へ

Intel Platform Update (IPU) Update 2023.3, August 2023

This update applies to the X11, X12, and X13 families of products powered by Intel Xeon® and other Intel processors. Intel Platform Update (IPU) combines the delivery of security updates that may have been previously provided individually.

  • INTEL-SA-00783 – 2023.2 IPU – Intel® Chipset Firmware Advisory
  • INTEL-SA-00813 – 2023.2 IPU – BIOS Advisory
  • INTEL-SA-00828 – 2023.2 IPU – Intel® Processor Advisory
  • INTEL-SA-00836 – 2023.2 IPU – Intel® Xeon® Scalable Processors Advisory
  • INTEL-SA-00837 – 2023.2 IPU – Intel® Xeon® Processor Advisory
詳細へ

AMD Security Bulletin AMD-SB-7008

Supermicro is aware of the cross-process information leak, also known as "Zenbleed". This issue affects AMD EPYC™ 7002 Processors also known as AMD “Zen 2” processors. This vulnerability affects Supermicro H11 and H12 motherboards.

  • CVE-2023-20593
詳細へ

Shell injection in the SMTP notifications

Vulnerability in the select supermicro boards may affect SMTP notification configurations. The vulnerability may allow unauthenticated bad actors to control user inputs such as the subject in the alert settings which may lead to an arbitrary execution of code.

  • CVE-2023-35861
詳細へ

Reflective Denial-of-Service (DoS) Amplification Vulnerability in Service Location Protocol SLP

The Service Location Protocol (SLP) allows an unauthenticated, remote attacker to register arbitrary services. This could allow the attacker to use spoofed UDP traffic to conduct a denial-of-service (DoS) attack with a significant amplification factor.

  • CVE-2023-29552
詳細へ

Intel Platform Update (IPU) Update 2023.2, May 2023

This update applies to the X11, X12, and X13 families of products powered by Intel Xeon® and other Intel processors. Intel Platform Update (IPU) combines the delivery of security updates that may have been previously provided individually.

  • INTEL-SA-00807 – 2023.2 IPU – BIOS Advisory
詳細へ

AMD Security Vulnerabilities, May 2023

This update applies to the H11, H12 and H13 families of products powered by 1st/2nd/3rd/4th Gen AMD EPYC™ Processors. This update also applies to M12 family of products powered by Ryzen™ Threadripper™ processor. Potential vulnerabilities in various platform components were discovered and have been mitigated in AMD EPYC™ and AMD Ryzen™ AGESA™ PI packages.

  • AMD-SN-4001 - AMD Client Vulnerabilities – May 2023
  • AMD-SN-3001 - AMD Server Vulnerabilities – May 2023
詳細へ

SuperDoctor5 Advisory, March 2023

Researchers have identified a vulnerability in Supermicro SuperDoctor5 (SD5) that may allow any authenticated user on the web interface to remotely execute arbitrary commands on the system where SuperDoctor5 (SD5) is installed.

詳細へ

Intel Platform Update (IPU) Update 2023.1, February 2023

This update applies to the X11, X12, and X13 families of products powered by Intel Xeon® and other Intel processors. Intel Platform Update (IPU) combines the delivery of security updates that may have been previously provided individually.

  • INTEL-SA-00700 – 2023.1 IPU – Intel® Atom® and Intel® Xeon® Scalable Processors Advisory
  • INTEL-SA-00717 – 2023.1 IPU – BIOS Advisory
  • INTEL-SA-00718 – 2023.1 IPU – Intel® Chipset Firmware Advisory
  • INTEL-SA-00730 – 2023.1 IPU – 3rd Gen Intel® Xeon® Scalable Processors Advisory
  • INTEL-SA-00738 – 2023.1 IPU – Intel® Xeon® Processor Advisory
  • INTEL-SA-00767 – 2023.1 IPU – Intel® Processor Advisory
詳細へ

Voltage Regulator Module (VRM) and Inter-Integrated Circuit (I²C) Overvolting/Undervolting, January 2023

Researchers have identified a vulnerability in The Board Management Controller (BMC) which may allow changes to the voltage to be outside the specified operating range for the CPU and therefore, affect normal computations.

  • CVE-2022-43309
詳細へ

AMD Security Vulnerabilities, January 2023

This update applies to the H11 and H12 families of products powered by 1st/2nd/3rd/4th Gen AMD EPYC™ Processors. This update also applies to M12 family of products powered by Ryzen™ Threadripper™ processor. Potential vulnerabilities in various platform components were discovered and have been mitigated in AMD EPYC™ and AMD Ryzen™ AGESA™ PI packages.

  • AMD-SN-1031 - AMD Client Vulnerabilities – January 2023
  • AMD-SN-1032 - AMD Server Vulnerabilities – January 2023
詳細へ

Intel Platform Update (IPU) Update 2022.3, November 2022

This update applies to the X11, and X12 families of products powered by Intel Xeon® and other Intel processors. Intel Platform Update (IPU) combines the delivery of security updates that may have been previously provided individually.

  • INTEL-SA-00610 - 2022.3 IPU – Intel® Chipset Firmware Advisory
  • INTEL-SA-00668 - 2022.2 IPU – BIOS Advisory
詳細へ

OpenSSL Advisory, November 2022

OpenSSL versions from 3.x through 3.0.6 are found vulnerable to a high severity security vulnerability that can lead to crash or unexpected behavior. Supermicro products are not affected by this OpenSSL vulnerability.

  • CVE-2022-3786
  • CVE-2022-3602
詳細へ

Microsoft Windows Secure Boot Bypass, August 2022

Researchers have identified several vulnerabilities in Microsoft’s third-party bootloaders that can affect all computer systems using x64 UEFI Secure Boot.

  • CVE-2022-34301
  • CVE-2022-34302
  • CVE-2022-34303
詳細へ

Intel Platform Update (IPU) Update 2022.2, August 2022

This update applies to the X11, and X12 families of products powered by Intel Xeon® and other Intel processors. Intel Platform Update (IPU) combines the delivery of security updates that may have been previously provided individually.

  • INTEL-SA-00657 - 2022.2 IPU – Intel® Processor Advisory
  • INTEL-SA-00669 - 2022.2 IPU – Intel® Chipset Firmware Advisory
  • INTEL-SA-00686 - 2022.2 IPU – BIOS Advisory
詳細へ

Intel Platform Update (IPU) Update 2022.1, June 2022

This update applies to the X10, X11, and X12 families of products powered by Intel Xeon® and other Intel processors. Intel Platform Update (IPU) combines the delivery of security updates that may have been previously provided individually.

  • INTEL-SA-00601 - 2022.1 IPU – BIOS Advisory
  • INTEL-SA-00613 - 2022.1 IPU – Intel® Boot Guard and Intel® TXT Advisory
  • INTEL-SA-00614 - 2022.1 IPU – Intel® SGX Advisory
  • INTEL-SA-00615 - 2022.1 IPU – Intel® Processors MMIO Stale Data Advisory
  • INTEL-SA-00616 - 2022.1 IPU – Intel® Xeon Advisory
  • INTEL-SA-00617 - 2022.1 IPU – Intel® Processor Advisory
詳細へ

AMD Security Vulnerabilities, May 2022

This update applies to the H11 and H12 families of products powered by 1st/2nd/3rd Gen AMD EPYC™ Processors. This update also applies to M12 family of products powered by Ryzen™ Threadripper™ processor. Potential vulnerabilities in various platform components were discovered and have been mitigated in AMD EPYC™ and AMD Ryzen™ AGESA™ PI packages.

  • AMD-SN-1027 - AMD Client Vulnerabilities – May 2022
  • AMD-SN-1028 - AMD Server Vulnerabilities – May 2022
詳細へ

Intel Platform Update (IPU) Update 2021.2, February 2022

This update applies to the X10, X11, and X12 families of products powered by Intel Xeon® and other Intel processors. Intel Platform Update (IPU) combines the delivery of security updates that may have been previously provided individually.

  • INTEL-SA-00470 - 2021.2 IPU – Intel® Chipset Firmware Advisory
  • INTEL-SA-00527 - 2021.2 IPU – BIOS Advisory
  • INTEL-SA-00532 - 2021.2 IPU – Intel® Processor Breakpoint Control Flow Advisory
  • INTEL-SA-00561 - 2021.2 IPU – Intel® Processor Advisory
  • INTEL-SA-00589 - 2021.2 IPU – Intel Atom® Processor Advisory
詳細へ

Supermicro’s response to Apache Log4j vulnerability

Supermicro is aware and joins the industry to mitigate the exposure caused by the high-priority CVE-2021-44228 (Apache Log4j 2) issue, also coined as “Log4Shell”, the CVE-2021-45046 (Apache Log4j 2) issue, and the CVE-2021-45105 (Apache Log4j 2) issue. Supermicro is also aware of the CVE-2021-4104 and CVE-2019-17571 issues for Apache Log4j 1.2.

Most Supermicro applications are not impacted by these five vulnerabilities. The only impacted application is Supermicro Power Manager (SPM). The issue will be addressed in a new version of Supermicro Power Manager (SPM) with the release pending ASAP. SPM will come with Log4j version 2.17.0.

Log4j 2

  • CVE-2021-44228
  • CVE-2021-45046
  • CVE-2021-45105

Log4j 1.2

  • CVE-2019-17571
  • CVE-2021-4104
詳細へ

Intel Platform Update (IPU) Update 2021.2, November 2021

This update applies to the X10, X11, and X12 families of products powered by Intel Xeon® and other Intel processors. Intel Platform Update (IPU) combines the delivery of security updates that may have been previously provided individually.

  • INTEL-SA-00528 - 2021.2 IPU – Intel® Atom® Processor Advisory
  • INTEL-SA-00562 - 2021.1 IPU – BIOS Reference Code Advisory
詳細へ

AMD Security Vulnerabilities, November 2021

This update applies to the H11 and H12 families of products powered by 1st/2nd/3rd Gen AMD EPYC™ Processors. Potential vulnerabilities in various platform components were discovered and have been mitigated in AMD EPYC™ AGESA™ PI packages.

  • AMD-SN-1021 - AMD Server Vulnerabilities – November 2021
詳細へ

Intel Security Advisory Intel-SA-00525, July 2021

  • INTEL-SA-00525 – Intel BSSA (BIOS Shared SW Architecture) DFT Advisory

Intel-SA-00525 Security Advisory does not affect Supermicro BIOS.

詳細へ

Intel Platform Update (IPU) Update 2021.1, June 2021

This update applies to the X10, X11, and X12 families of products powered by Intel Xeon® and other Intel processors. Intel Platform Update (IPU) combines the delivery of security updates that may have been previously provided individually.

  • INTEL-SA-00442 - 2021.1 IPU – Intel VT-d Advisory
  • INTEL-SA-00459 - 2021.1 IPU – Intel-CSME-SPS-TXE-DAL-AMT-Advisory
  • INTEL-SA-00463 - 2021.1 IPU – BIOS Advisory
  • INTEL-SA-00464 - 2021.1 IPU – Intel Processor Advisory
  • INTEL-SA-00465 - 2021.1 IPU – Intel Processor Advisory
詳細へ

Supermicro’s response to Trickboot vulnerability, March 2021

Supermicro is aware of the Trickboot issue which is observed only with a subset of the X10 UP motherboards. Supermicro will be providing a mitigation for this vulnerability.

TrickBoot is a new functionality within the TrickBot malware toolset capable of discovering vulnerabilities and enabling attackers to read/write/erase the BIOS on the device.

詳細へ

BIOS detects GRUB2 boot loader vulnerability in Linux OS, November 2020

A flaw was found in GRUB2, prior to version 2.06. An attacker may use the GRUB2 flaw to hijack and tamper the GRUB verification process. BIOS will detect this condition and halt the boot with an error message.

  • CVE-2020-10713
詳細へ

Intel Platform Update (IPU) Update 2020.2, November 2020

This update applies to the X10, X11, and X12 families of products powered by Intel Xeon® and other Intel processors. Intel Platform Update (IPU) combines the delivery of security updates that may have been previously provided individually.

  • INTEL-SA-00358 – 2020.2 IPU – BIOS Advisory
  • INTEL-SA-00391 – 2020.2 IPU – Intel® CSME, SPS, TXE, and AMT Advisory
  • INTEL-SA-00389 – 2020.2 IPU – Intel® RAPL Advisory
  • INTEL-SA-00390 – Intel BIOS Platform Sample Code Advisory
詳細へ

Intel Monthly September Security Update, September 2020

This update applies to the X11 and X12 families of products powered by Intel Core® processors. Intel Monthly September Security Update combines the delivery of security updates that may have been previously provided individually.

Please note that X10 family of products is not affected by this announcement.

  • Intel-SA-00404 – Intel® AMT and Intel® ISM Advisory
詳細へ

Intel Platform Update (IPU) Update 2020.1, June 2020

This update applies to the X10 and X11 families of products powered by Intel Xeon® processors. Intel Platform Update (IPU) combines the delivery of security updates that may have been previously provided individually.

  • Intel-SA-00295 – Intel® CSME, SPS, TXE, AMT and DAL Advisory
  • Intel-SA-00320 – Special Register Buffer Data Sampling Advisory
  • Intel-SA-00322 – 2020.1 IPU BIOS Advisory
  • Intel-SA-00329 – Intel® Processors Data Leakage Advisory
  • Intel-SA-00260 – (updated) Intel® Processor Graphics 2019.2 QSR Update Advisory
詳細へ

Lot 9 of ErP (Eco-design) Compliance

Lot 9 regulations are a new set of product standards that deal with data storage devices such as enterprise-level servers. Learn how Supermicro meets European Union (EU) Eco-design requirements for servers and storage products as part of Lot 9 Compliance.

詳細へ

インテル 月次(2月)セキュリティアップデート、2020 年 2 月

このアップデートは、インテル® Core® プロセッサーを搭載した X11 ファミリーの製品に適用されます。インテル月次(2月)セキュリティアップデートは、これまでに個別に提供されていたセキュリティ更新プログラムを含んでいます。

  • Intel-SA-00307 – Escalation of Privilege, Denial of Service, Information Disclosure
詳細へ

インテル BIOS アップデート, INTEL-SA-00329, 2020 年 1 月

  • Intel-SA-00329 – Intel® Processors Data Leakage Advisory
詳細へ

インテル 月次(12月)セキュリティアップデート、2019 年 12 月

このアップデートは、インテル® Xeon® プロセッサーを搭載した X10 および X11 ファミリーの製品に適用されます。インテル月次(12月)セキュリティアップデートは、これまでに個別に提供されていたセキュリティ更新プログラムを含んでいます。

  • Intel-SA-00289 – Intel® Processors Voltage Settings Modification Advisory
  • Intel-SA-00317 – Unexpected Page Fault in Virtualized Environment Advisory
詳細へ

BMC の固有パスワードのセキュリティ機能、2019 年 11 月

Supermicro は、すべての新規 X10、X11、H11、H12、および、すべての次世代 Supermicro 製品の BMC ファームウェアスタックに、新しいセキュリティ機能を実装しました。Supermicro は BMC に固有パスワードを導入しました。

詳細へ

インテルプラットフォームアップデート(IPU)2019.2、2019 年11月

このアップデートは、インテル® Xeon® プロセッサーを搭載した X10 および X11 ファミリーの製品に適用されます。インテルプラットフォームアップデート(IPU)は、これまでに個別に提供されていたセキュリティ更新プログラムを含んでいます。

  • Intel-SA-00164 – Intel® Trusted Execution Technology 2019.2 IPU Advisory
  • Intel-SA-00219 – Intel® SGX 2019.2 with Intel® Processor Graphics IPU Update Advisory
  • Intel-SA-00220 – Intel® SGX and Intel® TXT Advisory
  • Intel-SA-00240 – Intel CPU Local Privilege Escalation Advisory
  • Intel-SA-00241 – Intel® CSME, Server Platform Services, Trusted Execution Engine, Intel® Active Management Technology and Dynamic Application Loader 2019.2 IPU Advisory
  • Intel-SA-00254 – Intel® System Management Mode 2019.2 IPU Advisory
  • Intel-SA-00260 – Intel® Processor Graphics 2019.2 IPU Advisory
  • Intel-SA-00270 – TSX Transaction Asynchronous Abort Advisory
  • Intel-SA-00271 – Voltage Modulation Technical Advisory
  • Intel-SA-00280 – BIOS 2019.2 IPU Advisory
詳細へ

BMC/IPMI セキュリティ脆弱性に関するアップデート 2019 年 9 月 3 日

研究者によって、Supermicro BMC の仮想メディア機能におけるセキュリティ関連の問題が特定されました。対処には BMC ファームウェアの更新が必要です。

CVE-2019-16649
CVE-2019-16650

詳細へ

AMD のセキュリティの脆弱性:Linuxオペレーティングシステムの脆弱性にともなう Secure Encrypted Virtualization Invalid ECC Curve Points(SEV ECC)

CVE-2019-9836

詳細へ

特定の DRAM モジュールからの情報リークに対しての Rowhammer スタイルの攻撃に関する Intel のセキュリティ脆弱性

Intel-SA-00247 (CVE-2019-0174)

詳細へ

Intel Quarterly Security Release(QSR)Update 2019.1、2019 年 5 月

このアップデートは、インテル® Xeon® プロセッサーを搭載する製品 X8、X9、X10、X11 ファミリーに適用されます。Quarterly Security Release(QSR)は、以前、個別に提供されたセキュリティ更新プログラムの配信を組み合わせたものです。

  • INTEL-SA-00213 (CVE-2019-0089, CVE-2019-0090, CVE-2019-0086, CVE-2019-0091, CVE-2019-0092, CVE-2019-0093, CVE-2019-0094, CVE-2019-0096, CVE-2019-0097, CVE-2019-0098, CVE-2019-0099, CVE-2019-0153, CVE-2019-0170)
  • INTEL-SA-00223 BIOS Not Affected
  • INTEL-SA-00233(CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091)

    これらの問題に対応する BIOS アップデートは現在公開されています。 影響を受ける製品および必要な BIOS アップデートについては、以下の詳細をご覧ください。

詳細へ

Intel Quarterly Security Release(QSR)Update 2018.4、2019 年 3 月

このアップデートは、インテル® Xeon® プロセッサーを搭載する X11 製品ファミリーにのみ適用されます。Quarterly Security Release(QSR)は、以前、個別に提供されたセキュリティ更新プログラムの配信を組み合わせたものです。

  • INTEL-SA-00185 (CVE-2018-12188, CVE-2018-12189, CVE-2018-12190, CVE-2018-12191, CVE-2018-12192, CVE-2018-12199, CVE-2018-12198, CVE-2018-12200, CVE-2018-12187, CVE-2018-12196, CVE-2018-12185, CVE-2018-12208)
  • INTEL-SA-00191 (CVE-2018-12201, CVE-2018-12202, CVE-2018-12203, CVE-2018-12205, CVE-2018-12204)
詳細へ

"Spoiler": インテルプロセッサーにおける投機的実行に関する新しい研究記事

詳細へ

ASPEED AST2400 および AST2500 システムオンチップ(SoC)を使用するシステムに関連する Baseboard Management Controller(BMC)のセキュリティ脆弱性

  • CVE-2019-6260
詳細へ

Spectre/Meltdown サイドチャネル投機的実行

  • Intel SA-00115 (CVE-2018-3639, CVE-2018-3640)
  • Intel-SA-00088 (CVE-2017-5715, CVE-2017-5753, CVE-2017-5754)
  • Intel-SA-00161 (CVE-2018-3615, CVE-2018-3620, CVE-2018-3646)
詳細へ

インテル® マネジメント・エンジン(ME)、インテル® サーバー・プラットフォーム・サービス(SPS)、および、インテル® トラステッド・エグゼキューション・エンジン(TXE)に関するインテルのセキュリティ脆弱性について

  • Intel-SA-00086 (CVE-2017-5705, CVE-2017-5708, CVE-2017-5711, CVE-2017-5712, CVE-2017-5706, CVE-2017-5709, CVE-2017-5707, CVE-2017-571000)
詳細へ

BIOS/BMC ファームウェア 2017年より前のセキュリティアップデート

2017年以前に公表された「共通脆弱性・暴露」のファームウェア修正版をご覧ください。

Supermicroは、セキュリティコミュニティと積極的に連携し、当社の製品ライン全体のセキュリティを特定し強化します。Supermicroのファームウェアで公開されているCVEの解決策をご覧ください。

詳細へ

Common Security FAQs: Choose category "Security"

Report a Product Security Issue

Report a Product Security Issue

If you encountered a security issue with a Supermicro product, please send an e-mail to secure@supermicro.com with the following details:

  • Product name/SKU
  • Detailed report on the vulnerability
  • Instructions to reproduce
  • Any relevant CVEs

Please do not include any sensitive or confidential information in clear text emails – use PGP Key to encrypt your message. Supermicro Product Security Team will review your report and contact you to jointly resolve the issue.

詳細へ

Get connected with product security updates from Supermicro
Subscribe today

In order to initiate a subscription to receive future Supermicro Security alerts please take the following steps:

1. Go to the upper right portion of your screen and sign in or create a Single Sign-On (SSO) account:

2. Select “Manage Email Preferences”

3.Check “Security Update Notifications”