Chip giant Intel has issued an alert over 13 security bugs in its version of the baseboard management controller (BMC) firmware for Intel Server products, including one critical flaw that could leak information or allow an attacker to escalate privileges.
BMC firmware has been in the spotlight this year, due to several flaws that allow attackers to hijack cloud servers, as well as for vulnerabilities in big-brand server products that are difficult to patch.
BMCs, which are used by multiple hardware makers, are part of a subsystem that enables admins to manage and monitor systems outside the view of the host system’s CPU, firmware, and operating system.
Intel was the main proponent of the computer interface for this subsystem, known as the intelligent Platform Management Interface (IPMI), which allows admins to do things to a system remotely underneath the operating system and firmware layer.
In other words, BMCs are part of a powerful set of capabilities. However, hardware makers aren’t always careful about how they’re secured – and these are the types of bugs that military hackers would probably look for.
New attacks on firmware, which have higher privileges than the Windows kernel, was one reason Microsoft is launching new ‘Secured-core’ PCs.
This effort drew on lessons it learned from hackers trying to bypass digital-rights management (DRM) technologies it uses to protect Xbox content. Otherwise, attacks on BMC firmware are largely invisible to antivirus technologies such as Microsoft Defender.
Intel doesn’t offer much detail about the BMC firmware flaws affecting its server products, however it describes the critical flaw as a ‘Heap corruption’ bug in the Intel BMC firmware that “may allow an unauthenticated user to potentially enable information disclosure, escalation of privilege and/or denial of service via network access”. It has a severity rating of 9 out of a possible 10.
Collectively, the 13 flaws affect a dizzying array of models from Intel’s Server Board, Compute Module, and Server System line of products. Dozens of models from each product line are affected.
Intel Server Boards that are affected, including model numbers BBS2600BPB, BBS2600BPQ, BBS2600BPS, BBS2600BPBR, BBS2600BPQR, BBS2600BPSR, S2600WF0, S2600WFQ, S2600WFT, S2600WF0R, S2600WFQR, S2600WFTR, S2600STB, S2600STQ, S2600STBR, S2600STQR, BBS2600STB, BBS2600STQ, BBS2600STBR, and BBS2600STQR.
Intel Compute Modules that are affected include model numbers HNS2600BPB, HNS2600BPQ, HNS2600BPS, HNS2600BPB24, HNS2600BPQ24, HNS2600BPS24, HNS2600BPBLC, HNS2600BPBLC24, HNS2600BPBR, HNS2600BPBRX, HPCHNS2600BPBR, HNS2600BPQR, HPCHNS2600BPQR, HNS2600BPSR, HPCHNS2600BPSR, HNS2600BPB24R, HNS2600BPB24RX, HNS2600BPQ24R, HNS2600BPS24R, HNS2600BPBLCR, HNS2600BPBLC24R, S9256WK1HLC, S9248WK1HLC, S9232WK1HLC, S9248WK2HLC, S9232WK2HLC, S9248WK2HAC, and S9232WK2HAC.
Intel Server Systems affected include R1304WF0YS, R1304WFTYS, R1208WFTYS, R2308WFTZS, R2208WF0ZS, R2208WFTZS, R2208WFQZS, R2312WF0NP, R2312WFTZS, R2312WFQZS, R2224WFQZS, R2224WFTZS, R1208WFTYSR, HPCR1208WFTYSR, R1304WF0YSR, HPCR1304WF0YSR, R1304WFTYSR, HPCR1304WFTYSR, R2208WFTZSR, R2208WFTZSRX, HPCR2208WFTZSR, HPCR2208WFTZSRX, R2208WF0ZSR, HPCR2208WF0ZSR, R2224WFTZSR, HPCR2224WFTZSR, R2308WFTZSR, HPCR2308WFTZSR, R2312WFTZSR, HPCR2312WFTZSR, R2312WF0NPR, HPCR2312WF0NPR, R2208WFQZSR, HPCR2208WFQZSR, R1208WFQYSR, and HPCR1208WFQYSR.
Intel says the flaws “were found internally by Intel”, but it thanks Daniel Medina Velazquez for finding the critical flaw that is tracked as CVE-2019-11171.
To address the issue, Intel recommends users of its BMC firmware update to version 2.18 or later.