SB2023032119 - Multiple vulnerabilities in HPE ProLiant Gen10 and Gen10 Plus Servers

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2023032119

SB2023032119 - Multiple vulnerabilities in HPE ProLiant Gen10 and Gen10 Plus Servers

Published: March 21, 2023

Security Bulletin ID SB2023032119
Severity
Medium
Patch available
YES
Number of vulnerabilities 14
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

Medium 14% Low 86%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 14 secuirty vulnerabilities.


1) Resource management error (CVE-ID: CVE-2021-26348)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to failure to flush the Translation Lookaside Buffer (TLB) of the I/O memory management unit (IOMMU). A local user can force the IO device into writing data to memory it should not be able to access.


2) Time-of-check Time-of-use (TOCTOU) Race Condition (CVE-ID: CVE-2021-26350)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a race condition in the System Management Unit (SMU). A local user can obtain and manipulate the address of a message port register and perform a denial of service attack.

3) Out-of-bounds write (CVE-ID: CVE-2021-26312)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error caused by failure to flush the Translation Lookaside Buffer (TLB) of the I/O memory management unit (IOMMU). A local user can force an IO device to write to memory it should not be able to access and execute arbitrary code with elevated privileges.


4) Buffer overflow (CVE-ID: CVE-2021-26364)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error in an SMU mailbox register. A local user can force SMU to read outside of the SRAM address range and perform a denial of service attack.


5) Security features bypass (CVE-ID: CVE-2021-26349)

The vulnerability allows an attacker to compromise the guest OS.

The vulnerability exists due to failure to assign a new report ID to an imported guest. This can result in an SEV-SNP guest VM being tricked into trusting a dishonest Migration Agent (MA).


6) Out-of-bounds read (CVE-ID: CVE-2021-26388)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation in the BIOS directory that allows for searches to read beyond the directory table copy in RAM. A local user can perform a denial of service (DoS) attack.


7) Resource management error (CVE-ID: CVE-2021-26342)

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to the CPU may fail to flush the Translation Lookaside Buffer (TLB) in SEV guest VMs. A local user can execute a particular sequence of operations that includes creation of a new virtual machine control block (VMCB) and disclose the SEV guest memory contents.


8) Input validation error (CVE-ID: CVE-2021-26339)

The vulnerability allows a remote user to perform a denial of service (DoS) attack.

The vulnerability exists due to an error in the AMD CPU’s core logic when using specific code from an unprivileged VM. A remote user with low-privileged access to guest OS can send a specific x86 instruction sequence that triggers CPU core hang.


9) Buffer overflow (CVE-ID: CVE-2021-26372)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error in System Management Unit (SMU). A local user can trigger memory corruption and perform a denial of service (DoS) attack.

10) Buffer overflow (CVE-ID: CVE-2021-26378)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error in System Management Unit (SMU). A local user can trigger memory corruption and perform a denial of service (DoS) attack.

11) Buffer overflow (CVE-ID: CVE-2021-26375)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error in System Management Unit (SMU). A local user can trigger memory corruption and perform a denial of service (DoS) attack.


12) Input validation error (CVE-ID: CVE-2021-26376)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input in System Management Unit (SMU) FeatureConfig. A local user can re-enable certain features, which can lead to denial of service.


13) Time-of-check Time-of-use (TOCTOU) Race Condition (CVE-ID: CVE-2021-26347)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a race condition in the System Management Unit (SMU). A local user can force the DMA (Direct Memory Access) to reference an invalid DRAM address and perform a denial of service attack.


14) Buffer overflow (CVE-ID: CVE-2021-26373)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error in the System Management Unit (SMU). A local user can trigger a system voltage malfunction and perform a denial of service (DoS) attack.


Remediation

Install update from vendor's website.

References