Vulnerability in Supermicro BMC IPMI Firmware, January 2025

Vulnerability Disclosure:

The purpose of this disclosure is to communicate the potential vulnerabilities affecting Supermicro products that were reported by an external researcher.

Acknowledgment

Supermicro would like to acknowledge the work done by Alexander Tereshkin, NVIDIA Offensive Security Research Team for discovering potential vulnerability in Supermicro BMC IPMI Firmware.

Summary:

Several security issues have been discovered in select Supermicro motherboards. These issues affect Supermicro BMC Firmware.

CVE IDInternal IDSeverityDescription
CVE-2024-10237SMC-2024100039HighThere is a vulnerability in the BMC firmware image authentication design. An attacker can modify the firmware to bypass BMC inspection and bypass the signature verification process.
CVE-2024-10238SMC-2024100040HighA security issue in the firmware image verification implementation. An attacker can upload a specially crafted image that will cause a stack overflow that is caused by not checking fld->used_bytes
CVE-2024-10239SMC-2024100041HighA security issue in the firmware image verification implementation. An attacker can upload a specially crafted image that will cause a stack overflow that is caused by not checking fat->fsd.max_fld.

Affected products:

Supermicro BMC firmware in select X11, X12, H12, B12, X13, H13, B13, X14, H14, B14, G1, and G2 motherboards (and CMM6 modules).

Click to expand and see the complete list of affected products
MotherboardBMC Firmware version with the fix
X11DGQ3.77.13
X11DPD-L3.77.13
X11DPD-M253.77.13
X11DPFF-SN3.77.13
X11DPL-I-B3.77.13
X11DPL-I3.77.13
X11DPL-I3.77.13
X11DPS-R3.77.13
X11DPS-RE3.77.13
X11DPT-L3.77.13
X11DSC+3.77.13
X11DSF-E3.77.13
X11DSF3.77.13
X11SCW-F-AM0473.77.13
X11SCW-F-B3.77.13
X11SCW-F3.77.13
X11SCW-F3.77.13
X11SRI-IF3.77.13
B12DPT01.05.28
B12SPE-CPU-TF01.05.28
BH12SSI-M2501.05.28
B12DPT-601.05.29
H12SSFF-AN601.05.29
X12DPGA6-GD201.05.29
X12DPGA601.05.29
X12DPT-B01.05.29
X12DPT-B601.05.29
X12DPTT4601.05.29
X12SPTT01.05.29
X12DPT-B6S01.05.29
X12DPTT601.05.29
X12DPTS601.05.29
X12DPTT6S01.05.29
X12DPD-A6M2501.05.29
B12DPE-601.05.29
B12SPE-CPU-25G01.05.29
X12DGQ-R01.05.29
X12DPG-QR01.05.29
H12DSG-CPU6-TI03601.05.29
X12STW-F01.05.29
X12STW-TF01.05.29
B3ST1-CPU-00101.05.28
X13DEM01.03.38
X13DET-B01.03.38
X13DSF-A01.03.38
X13SEDW-F01.03.38
X13SEED-F01.03.38
X13SEED-SF01.03.38
X13SEFR-A01.03.38
X13SEM-F01.03.38
X13SEM-TF01.03.38
X13SETT01.03.38
X13SEVR-SP13F01.03.38
X13OEI-CPU01.03.38
B13DEE01.03.38
B13DET01.03.38
B13SEE-CPU-25G01.03.38
B13SEG01.03.38
B4SA1-CPU01.03.38
B4SC1-CPU01.03.38
H13QSH01.03.38
H13SRH01.03.38
H13SSF01.03.38
H13SSH01.03.38
G1SMH-G01.03.38
G1SMH01.03.38
G2DMH-G01.03.38
G2DMH-GI01.03.38
X13DEH01.03.38
X13SAW-F01.03.38
X13SAW-TLN4F01.03.38
X13SCW-F-B01.03.38
X13SCW-F01.03.38
X13SCW-F01.03.38
X14DBM-AP01.00.21.20
X14DBM-SP01.00.21.20
X14DBT-B01.00.21.20
X14DBT-FAP01.00.21.20
X14QBH+01.00.21.20
X14SBH-AP01.00.21.20
X14SBH01.00.21.20
X14SBM-TF01.00.21.20
X14SBM-TP4F01.00.21.20
X14SDV-20C-SP3F01.00.21.20
X14SDV-32C-SP3F01.00.21.20
X14SDV-36C-SP3F01.00.21.20
X14SDV-36CE-SP3F01.00.21.20
X14SDV-42C-SP3F01.00.21.20
H13DSGM01.03.38
B3SD1-20C-25G01.05.21
B14DBE01.00.21.21
B14DBT01.00.21.21
B14SBE-CPU-25G01.00.21.21
B14SBE-CPU-AP01.00.21.21
X14DBG-GD01.00.21.20
X14DBG-XAP01.00.21.20
X14SBT-G01.00.21.20
X14SBT-GAP01.00.21.20
X14SBHM01.00.21.20
H14DST-F01.00.21.20
MBB-CMM-601.01.05
MBM-CMM-601.01.05
X11SSW-F-B4.10
X11SSW-F4.10
X11SSW-F4.10
X11DPFF-SNR1.01.25
X11DPT-BR1.01.25

Remediation:

All affected Supermicro motherboard SKUs will require a BMC update to mitigate these potential vulnerabilities.

An updated BMC firmware has been created to mitigate these potential vulnerabilities. Please check Release notes for the resolution.

As an immediate workaround to reduce the attack surface, it is advised to follow the BMC Configuration Best Practices Guide.

Exploitation and Public Announcements:

Supermicro is not aware of any malicious use of these vulnerabilities in the wild.

Resources: