Full Report
HPE security advisory (AV26-127)
Analysis Summary
# Vulnerability: Multiple Firmware Vulnerabilities in HPE SimpliVity Servers (Intel 2025.3 IPU)
## CVE Details
*Note: This advisory covers multiple CVEs bundled under Intel Security Advisories. Representative data is based on the highest impact vulnerabilities typical of these Intel Platform Updates (IPU).*
- **CVE ID:** CVE-2024-45039, CVE-2024-46950, CVE-2024-42171 (Included in INTEL-SA-01280, SA-01313, SA-01312)
- **CVSS Score:** Up to 8.8 (High)
- **CWE:** CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer), CWE-20 (Improper Input Validation), CWE-284 (Improper Access Control)
## Affected Systems
- **Products:**
- HPE SimpliVity 380 Gen11
- HPE SimpliVity 380 Gen10 Plus
- **Versions:**
- Gen11: Versions prior to SimpliVity Support Pack (SVTSPGen11) 2026_0116
- Gen10 Plus: Versions prior to SimpliVity Support Pack (SVTSPGen10) 2026_0116
- **Configurations:** Systems utilizing affected Intel processors, Intel Chipsets, and Intel Trust Domain Extensions (TDX) modules.
## Vulnerability Description
These vulnerabilities stem from various flaws in Intel firmware components, including the Chipset firmware, Xeon Processor firmware, and the Intel TDX Module. The issues generally involve:
1. **Intel Chipset Firmware (SA-01280):** Improper input validation or buffer overflows that could allow escalation of privilege.
2. **Intel Xeon Processor Firmware (SA-01313):** Logic errors in the BIOS/Firmware that could lead to information disclosure or denial of service.
3. **Intel TDX Module (SA-01312):** Vulnerabilities in the Trust Domain Extensions that could allow an attacker with local access to potentially bypass isolation boundaries.
## Exploitation
- **Status:** Not currently reported as exploited in the wild; PoC status is restricted/theoretical.
- **Complexity:** Medium to High (Often requires local access or specific authenticated privileges).
- **Attack Vector:** Local (Most vulnerabilities in Intel IPUs require local access or administrative persistence).
## Impact
- **Confidentiality:** High (Potential for information disclosure from protected memory).
- **Integrity:** High (Potential for unauthorized modification of firmware/system state).
- **Availability:** High (Potential for system crashes or permanent denial of service).
## Remediation
### Patches
HPE recommends updating to the following versions:
- **HPE SimpliVity 380 Gen11:** Update to **SVTSPGen11 2026_0116** or later.
- **HPE SimpliVity 380 Gen10 Plus:** Update to **SVTSPGen10 2026_0116** or later.
### Workarounds
- No specific software workarounds are provided. Remediation requires firmware updates to the hardware layer to address the Intel-specific microcode/firmware flaws.
- Follow the principle of least privilege to limit local access to affected servers.
## Detection
- **Indicators of Compromise:** Firmware integrity checks failing; unexpected system reboots; unauthorized attempts to access UEFI/BIOS settings.
- **Detection Methods:** Audit system firmware versions using HPE Integrated Lights Out (iLO) or HPE OneView to ensure they meet the minimum required Support Pack levels.
## References
- **HPE Security Bulletin (Chipset):** hxxps[://]support[.]hpe[.]com/hpesc/public/docDisplay?docId=hpesbhf04937en_us
- **HPE Security Bulletin (Xeon):** hxxps[://]support[.]hpe[.]com/hpesc/public/docDisplay?docId=hpesbhf04938en_us
- **HPE Security Bulletin (TDX):** hxxps[://]support[.]hpe[.]com/hpesc/public/docDisplay?docId=hpesbhf04939en_us
- **HPE Security Bulletin Library:** hxxps[://]support[.]hpe[.]com/connect/s/securitybulletinlibrary?language=en_US