BSA-2019-785

Brocade Fabric OS

2 more products

21646

16 April 2019

16 April 2019

Closed

Low

9.8

N/A

CVE-2019-6260

Summary

Security Advisory ID : BSA-2019-785

Component : BMC/IPMI

Revision : 1.0: Initial


The ASPEED ast2400 and ast2500 Baseband Management Controller (BMC) hardware and firmware implement Advanced High-performance Bus (AHB) bridges, which allow arbitrary read and write access to the BMC's physical address space from the host (or from the network in unusual cases where the BMC console uart is attached to a serial concentrator). This CVE applies to the specific cases of iLPC2AHB bridge Pt I, iLPC2AHB bridge Pt II, PCIe VGA P2A bridge, DMA from/to arbitrary BMC memory via X-DMA, UART-based SoC Debug interface, LPC2AHB bridge, PCIe BMC P2A bridge, and Watchdog setup. More at:  https://www.flamingspork.com/blog/2019/01/23/cve-2019-6260:-gaining-control-of-bmc-from-the-host-processor/

Products Confirmed Not Vulnerable

Brocade hardware does not support the Impacted components.

No Brocade Fibre Channel technology products from Broadcom are currently known to be affected by this vulnerability.

Note: Brocade Manageability products are not vulnerable to Baseboard Management Controller (BMC) Security Vulnerabilities regarding systems using the ASPEED AST2400 and AST2500 system-on-chips (SoCs). However, since the environment that runs the products is not under Brocade's control, Brocade recommends Customers to apply recommendation from the vendors.
 

Revision History

Version Change Date
1.0 Initial Publication April 16, 2019