SB2023051155 - Multiple vulnerabilities in HPE ProLiant Gen10 and Gen10 Plus Servers

Main Vulnerability Database SB2023051155

SB2023051155 - Multiple vulnerabilities in HPE ProLiant Gen10 and Gen10 Plus Servers

Published: May 11, 2023

Security Bulletin ID SB2023051155

Severity

Low

Patch available

YES

Number of vulnerabilities 15

Exploitation vector Remote access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 15 secuirty vulnerabilities.

1) Input validation error (CVE-ID: CVE-2022-23818)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient input validation on the model specific VM_HSAVE_PA register. A local user perform a denial of service (DoS) attack.

2) Buffer overflow (CVE-ID: CVE-2021-46762)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error in the SMU. A local user can corrupt SMU SRAM and perform a denial of service (DoS) attack.

3) Improper Certificate Validation (CVE-ID: CVE-2021-26406)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient parsing of Owner's Certificate Authority (OCA) certificates in SEV (AMD Secure Encrypted Virtualization) and SEV-ES user application. A local user can perform a denial of service (DoS) attack.

4) Time-of-check Time-of-use (TOCTOU) Race Condition (CVE-ID: CVE-2021-26356)

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to a race condition in ASP bootloader. A local user can tamper with the SPI ROM, corrupt S3 data and gain access to sensitive information.

5) Stack-based buffer overflow (CVE-ID: CVE-2023-20520)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error in ASP Bootloader. A local user can trigger a stack-based buffer overflow and execute arbitrary code with elevated privileges.

6) Input validation error (CVE-ID: CVE-2021-46764)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient input validation of DRAM addresses in SMU. A local user can overwrite sensitive memory locations within the ASP and perform a denial of service (DoS) attack.

7) Out-of-bounds write (CVE-ID: CVE-2023-20524)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error. A a compromised ASP can send malformed commands to an ASP on another CPU, trigger an out-of-bounds write and execute arbitrary code with elevated privileges.

8) Buffer overflow (CVE-ID: CVE-2021-46775)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error in ABL. A local user can trigger memory corruption and execute arbitrary code with elevated privileges.

9) Input validation error (CVE-ID: CVE-2021-46769)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to insufficient syscall validation in the ASP Bootloader. A local privileged user can execute arbitrary DMA copies and escalate privileges on the system.

10) Input validation error (CVE-ID: CVE-2021-46756)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient input validation in SVC_MAP_USER_STACK in the ASP (AMD Secure Processor) bootloader. A local user with a malicious Uapp or ABL can send malformed or invalid syscall to the bootloader and perform a denial of service (DoS) attack.

11) Out-of-bounds write (CVE-ID: CVE-2021-46763)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error in the SMU. A local user can trigger an out-of-bounds write and execute arbitrary code with elevated privileges.

12) Input validation error (CVE-ID: CVE-2021-26397)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to insufficient address validation. A local user with a compromised ABL and UApp can corrupt sensitive memory locations and escalate privileges on the system.

13) Input validation error (CVE-ID: CVE-2021-26379)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to insufficient input validation of mailbox data in the SMU. A local user can coerce the SMU to corrupt SMRAM and execute arbitrary code with elevated privileges.

14) Memory leak (CVE-ID: CVE-2021-26371)

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due memory leak. A compromised or malicious ABL or UApp can send a SHA256 system call to the bootloader and expose ASP memory to userspace.

15) Buffer overflow (CVE-ID: CVE-2021-26354)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error in ASP. A malicious process can issue a system call from a compromised ABL, which can cause arbitrary memory values to be initialized to zero, leading to loss of integrity and a potential crash.

Remediation

Install update from vendor's website.

References

https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=hpesbhf04471en_us