A huge collection of 3400+ free website templates JAR theme com WP themes and more at the biggest community-driven free web design site
Home / security-advisories / HPE Superdome Flex, Superdome Flex 280 and Compute Scale-up Server 3200 Servers Arbitrary Code Execution (CVE-2021-38578)

HPE Superdome Flex, Superdome Flex 280 and Compute Scale-up Server 3200 Servers Arbitrary Code Execution (CVE-2021-38578)

Advisory No: TZCERT/SA/2024/04/19

Date of First Release: 19th April 2024

Source: Hewlett Packard Enterprise (HPE)

Software Affected: HPE Compute Scale-up Server 3200, HPE Superdome Flex 280 Server and HPE Superdome Flex Server

Overview:

Three HPE products are affected by the critical vulnerability. The vulnerability may allow an attacker to execute arbitrary code with root privilege on the affected system.

Description:

Compute Scale-up Server 3200, Superdome Flex 280 Server and Superdome Flex Server the products by HPE are affected by the 9.8 rating score vulnerability resulting from mishandling caused by CommBuffer checks. The CommBuffer checks currently implemented in SmmEntryPoint do not detect situations where there is an underflow in the computation of BufferSize. Exploitation of this vulnerability could allow the attacker to overwrite SMM memory leading to execution of arbitrary code with privilege elevation.

Impact:

Successful exploitation of this vulnerability may allow an unauthenticated attacker to take control of the affected system.

Solution:

HP has released security patches for this vulnerability. Users and administrators are encouraged to apply necessary updates.

References:

  1. https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbhf04633en_us&docLocale=en_US
  2. https://www.cvedetails.com/cve/CVE-2021-38578

Check Also

Remote Code Execution Vulnerabilities in IBM Operational Decision Manager, and IBM i Modernization Engine for Lifecycle Integration (CVE-2019-19919, CVE-2019-12384)

Advisory No: TZCERT/SA/2024/05/17-6 Date of First Release: 17th May 2024 Source: IBM Software Affected: IBM …