Уязвимость на серверах HPE ProLiant BL/DL/ML — (CVE-2022-26006, CVE-2022-21198). И Supermicro X11, X12, X13.

Олег

  • 15 ноября 2022
Intel

Intel доводит до сведения HP и HPE информацию о потенциальной уязвимости повышения привилегий в BIOS для некоторых моделей процессоров Intel.

https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00688.html

Проблема касается серверов:

https://support.hpe.com/hpesc/public/docDisplay?docId=emr_na-hpesbhf04380en_us

  • HPE ProLiant BL460c Gen9 Server Blade - Prior to 3.04_08-04-2022 - Only CVE-2022-26006
  • HPE ProLiant BL480c Server Blade - Prior to 3.04_08-04-2022 - Only CVE-2022-26006
  • HPE ProLiant BL660c Gen9 Server - Prior to 3.04_08-04-2022 - Only CVE-2022-26006
  • HPE ProLiant DL60 Gen9 Server - Prior to 3.04_08-04-2022 - Only CVE-2022-26006
  • HPE ProLiant DL80 Gen9 Server - Prior to 3.04_08-04-2022 - Only CVE-2022-26006
  • HPE ProLiant DL160 Gen9 Server - Prior to 3.04_08-04-2022 - Only CVE-2022-26006
  • HPE ProLiant DL180 Gen9 Server - Prior to 3.04_08-04-2022 - Only CVE-2022-26006
  • HPE ProLiant DL120 Gen9 Server - Prior to 3.04_08-04-2022 - Only CVE-2022-26006
  • HPE ProLiant DL360 Gen9 Server - Prior to 3.04_08-04-2022 - Only CVE-2022-26006
  • HPE ProLiant DL380 Gen9 Server - Prior to 3.04_08-04-2022 - Only CVE-2022-26006
  • HPE ProLiant DL560 Gen9 Server - Prior to 3.04_08-04-2022 - Only CVE-2022-26006
  • HPE ProLiant ML110 Gen9 Server - Prior to 3.04_08-04-2022 - Only CVE-2022-26006
  • HPE ProLiant ML150 Gen9 Server - Prior to 3.04_08-04-2022 - Only CVE-2022-26006
  • HPE ProLiant ML350 Gen9 Server - Prior to 3.04_08-04-2022 - Only CVE-2022-26006
  • HPE ProLiant DL20 Gen10 Plus server - Prior to 1.64_10-20-2022 - Only CVE-2022-21198
  • HPE ProLiant MicroServer Gen10 Plus v2 - Prior to 1.64_10-20-2022 - Only CVE-2022-21198
  • HPE ProLiant ML30 Gen10 Plus server - Prior to 1.64_10-20-2022 - Only CVE-2022-21198

Пострадали ноутбуки и рабочие станций:

https://support.hp.com/us-en/document/ish_7176998-7177022-16/hpsbhf03819

Для устранения уязвимости требуется обновление BIOS.

CVE-2022-26006 (CVSS:3.1 6.5)

Уязвимые процессоры:

  • Intel Xeon Processor E5 v3 Family
  • Intel Xeon Processor E5 v4 Family
  • Intel Core X-Series Processors

CVE-2022-21198 (CVSS:3.1 5.9)

Уязвимые процессоры:

  • 11th Gen Intel Core processor
  • Intel Xeon W processor
  • 11th Gen Intel Core processor family
  • 11th Generation Intel Core Processor Family
  • 12th Generation Intel Core Processor Family
  • Intel Pentium Gold Processor Family
  • Intel Celeron Processor Family
  • 12th Generation Intel Core Processor Family
  • 12th Generation Intel Core Processor Family
  • Intel Pentium Gold Processor Family
  • Intel Celeron Processor Family
  • 10th Generation Intel Core Processor Family
  • Intel Core Processors with Intel Hybrid Technology
  • Intel Pentium Silver N6000 Processor Family, Intel Celeron N4000 and N5000 Processor Families
  • 10th Generation Intel Core Processors
  • 10th Generation Intel Core Processors
  • Intel Xeon W processor family
  • 10th Generation Intel Core Processor Family
  • Intel Xeon W processor family
  • 10th Gen Intel Core processor
  • 10000/1200 series
  • Pentium Gold processor series
  • Celeron processor 5000 series

UPD

И SuperMicro тоже:

https://www.supermicro.com/en/support/security_Intel_IPU2022.3_Update

Теги

💰 Поддержать проект

 

Похожие материалы

Почитать