BSA-2019-785
21646
16 April 2019
16 April 2019
Closed
Low
9.8
N/A
CVE-2019-6260
Summary Security Advisory ID : BSA-2019-785 Component : BMC/IPMI Revision : 1.0: Initial
The ASPEED ast2400 and ast2500 Baseband Management Controller (BMC) hardware and firmware implement Advanced High-performance Bus (AHB) bridges, which allow arbitrary read and write access to the BMC's physical address space from the host (or from the network in unusual cases where the BMC console uart is attached to a serial concentrator). This CVE applies to the specific cases of iLPC2AHB bridge Pt I, iLPC2AHB bridge Pt II, PCIe VGA P2A bridge, DMA from/to arbitrary BMC memory via X-DMA, UART-based SoC Debug interface, LPC2AHB bridge, PCIe BMC P2A bridge, and Watchdog setup. More at: https://www.flamingspork.com/blog/2019/01/23/cve-2019-6260:-gaining-control-of-bmc-from-the-host-processor/
Products Confirmed Not Vulnerable
Brocade hardware does not support the Impacted components.
No Brocade Fibre Channel technology products from Broadcom are currently known to be affected by this vulnerability.
Note: Brocade Manageability products are not vulnerable to Baseboard Management Controller (BMC) Security Vulnerabilities regarding systems using the ASPEED AST2400 and AST2500 system-on-chips (SoCs). However, since the environment that runs the products is not under Brocade's control, Brocade recommends Customers to apply recommendation from the vendors.
Revision History
Version | Change | Date |
---|---|---|
1.0 | Initial Publication | April 16, 2019 |