Out-of-Bounds Write Vulnerability in HPE ProLiant DL/ML/SY/XL and Alletra Servers, (CVE-2021-38578)

Published On: Aug 16, 2024 18:36

Advisory No: TZCERT-SA-24-0008

Source: HPE ProLiant DL/ML/SY/XL, Alletra Servers, HPE Synergy, HPE Edgeline, HPE Compute Edge Server

Software Affected: HPE ProLiant DL/ML/SY/XL, Alletra Servers, HPE Synergy, HPE Edgeline, HPE Compute Edge Server

Overview

HPE ProLiant DL/ML/SY/XL, Alletra Servers, HPE Synergy, HPE Edgeline, and HPE Compute Edge Server are vulnerable to critical severity vulnerability. The attackers can leverage the vulnerability to cause a buffer overflow.

Description

The critical-severity vulnerability affecting several HP products has a CVSS score of 9.8 and is tracked as CVE-2021-38578. The vulnerability results from existing CommBuffer checks in SmmEntryPoint not catching underflow when computing BufferSize. Successful exploitation of this vulnerability could allow the attacker to cause a buffer overflow which may lead to code execution of the affected device.

Impact

Successful exploitation of this vulnerability may allow an attacker to take control of the vulnerable system

Solution

HP has released security patches to address the vulnerability. Users and administrators are encouraged to apply necessary updates.

Subscribe To TZ - CERT Newsletter

A digest of Tanzania Computer Emergency Response Team coverage of cyber-security news across the globe.

Subscribe
Report Incident