SB2023053018 - Multiple vulnerabilities in HPE Cray EX235a Accelerator Blade

Description

This security bulletin contains information about 11 secuirty vulnerabilities.

1) Input validation error (CVE-ID: CVE-2021-46769)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to insufficient syscall validation in the ASP Bootloader. A local privileged user can execute arbitrary DMA copies and escalate privileges on the system.

2) Buffer overflow (CVE-ID: CVE-2021-26354)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error in ASP. A malicious process can issue a system call from a compromised ABL, which can cause arbitrary memory values to be initialized to zero, leading to loss of integrity and a potential crash.

3) Memory leak (CVE-ID: CVE-2021-26371)

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due memory leak. A compromised or malicious ABL or UApp can send a SHA256 system call to the bootloader and expose ASP memory to userspace.

4) Input validation error (CVE-ID: CVE-2021-26379)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to insufficient input validation of mailbox data in the SMU. A local user can coerce the SMU to corrupt SMRAM and execute arbitrary code with elevated privileges.

5) Out-of-bounds write (CVE-ID: CVE-2021-46763)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error in the SMU. A local user can trigger an out-of-bounds write and execute arbitrary code with elevated privileges.

6) Input validation error (CVE-ID: CVE-2021-46756)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient input validation in SVC_MAP_USER_STACK in the ASP (AMD Secure Processor) bootloader. A local user with a malicious Uapp or ABL can send malformed or invalid syscall to the bootloader and perform a denial of service (DoS) attack.

7) Buffer overflow (CVE-ID: CVE-2021-46775)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error in ABL. A local user can trigger memory corruption and execute arbitrary code with elevated privileges.

8) Input validation error (CVE-ID: CVE-2021-46764)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient input validation of DRAM addresses in SMU. A local user can overwrite sensitive memory locations within the ASP and perform a denial of service (DoS) attack.

9) Stack-based buffer overflow (CVE-ID: CVE-2023-20520)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error in ASP Bootloader. A local user can trigger a stack-based buffer overflow and execute arbitrary code with elevated privileges.

10) Time-of-check Time-of-use (TOCTOU) Race Condition (CVE-ID: CVE-2021-26356)

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to a race condition in ASP bootloader. A local user can tamper with the SPI ROM, corrupt S3 data and gain access to sensitive information.

11) Buffer overflow (CVE-ID: CVE-2021-46762)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error in the SMU. A local user can corrupt SMU SRAM and perform a denial of service (DoS) attack.

Remediation

Install update from vendor's website.

References

• https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=hpesbhf04455en_us