Integrated BMC and OpenBMC Firmware Advisory

Summary:

Potential security vulnerabilities in the Integrated Baseboard Management Controller (BMC) and OpenBMC firmware in some Intel® platforms may allow escalation of privilege or denial of service. Intel is releasing firmware updates to mitigate these potential vulnerabilities.

---

Vulnerability Details:

CVEID: CVE-2021-39296 (Non-Intel issued)

Description: Issue affecting netipmid (IPMI lan+) interface. An attacker might craft IPMI messages to gain root access to the BMC bypassing authentication.

CVSS Base Score: 10.0 Critical

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

CVEID: CVE-2022-35729

Description: Out of bounds read in firmware for OpenBMC in some Intel® platforms before version 0.72 may allow unauthenticated user to potentially enable denial of service via network access.

CVSS Base Score: 7.5 High

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVEID: CVE-2022-29494

Description: Improper input validation in firmware for OpenBMC in some Intel® platforms before versions egs-0.91-179 and bhs-04-45 may allow an authenticated user to potentially enable denial of service via network access.

CVSS Base Score: 6.5 Medium

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CVEID: CVE-2021-39295 (Non-Intel issued)

Description: Issue affecting netipmid (IPMI lan+) interface. An attacker might craft IPMI messages to cause denial of service to the BMC.

CVSS Base Score: 6.1 Medium

CVSS Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:L

CVEID: CVE-2022-29493

Description: Uncaught exception in webserver for the Integrated BMC in some Intel® platforms before versions 2.86, 2.09 and 2.78 may allow a privileged user to potentially enable denial of service via network access.

CVSS Base Score: 4.5 Medium

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:H

Affected Products:

Integrated BMC firmware before versions 2.86, 2.09 and 2.78 in some Intel® platforms.

OpenBMC firmware before versions 0.72, wht-1.01-61, egs-0.91-179 in some Intel® platforms.

Recommendations:

Intel recommends updating Integrated BMC firmware to versions 2.86, 2.09 and 2.78 or later.

Intel recommends updating OpenBMC firmware to versions 0.72, wht-1.01-61, egs-0.91-179 or later.

Chipset/SOC or Processor

|

Mitigated Version or higher

|

Mitigation URL

—|—|—

Intel® C620 series chipset

2nd Gen Intel® Xeon® Scalable processor

Intel® Xeon® W processor 3200 series

1st Gen Intel® Xeon® Scalable processor

Intel® Xeon® W processor 3100 series

|

BMC

V2.86

|

BMC (Commercial)

Intel® C250 series chipset__

Intel® Xeon® E processor

|

BMC v2.09

|

Intel recommends that users update to the latest version provided by the system manufacturer that addresses these issues.

Intel® C620A series chipset

_ _

3rd Gen Intel® Xeon® Scalable processor

|

BMC v2.81

OpenBMC

wht-1.01-61

0.72

|

BMC v2.81 (Commercial)

OpenBMC 1.01.75

Intel recommends that users update to the latest version provided by the system manufacturer that addresses these issues.

Intel® C740 series chipset

|

OpenBMC

egs-0.91-179

|

Intel recommends that users update to the latest version provided by the system manufacturer that addresses these issues.

Acknowledgements:

The following issues were found internally by Intel, CVE-2022-29493, CVE-2022-29494, CVE-2022-35729. Intel would like to thank Ignacio Hernandez, Tomasz Bagniuk, Witold Kryszak, Piotr Dorozynski.

Intel, and nearly the entire technology industry, follows a disclosure practice called Coordinated Disclosure, under which a cybersecurity vulnerability is generally publicly disclosed only after mitigations are available.