HPE Community
Servers - General
1820473 Members
3302 Online
109624 Solutions
New Discussion юеВ

Buffer overflow in BIOS for proliant Gen10

 
itsequans
Visitor

тАО02-16-2023 06:26 AM - last edited on тАО02-23-2023 08:08 PM by

тАО02-16-2023 06:26 AM - last edited on тАО02-23-2023 08:08 PM by

Buffer overflow in BIOS for proliant Gen10

Did you know that it looks like to exist a buffer overflow in Proliant Gen10 servers over UEFI ?

When you set a boot option and the UEFI device path is longer than 256 characters, once this option is enabled, you enter a buffer overflow making the BIOS corrupted, and having the ILO card unable to communicate longer with the motherboard and the BIOS unable to communicate too with the power management. Sometimes you can aloso crash the BIOS at the boot and get a strange red screen similar to the famous Microosoift blue screen.

The only solution in such situation is to hard reset the BIOS with a jumper directly on the motherboard

0 Kudos
Reply
2 REPLIES 2
support_s
System Recommended

тАО02-16-2023 07:27 AM

тАО02-16-2023 07:27 AM

Query: Buffer overflow in BIOS for proliant Gen10

System recommended content:

1. HPESBHF04211 rev.1 - HPE Gen10 and Gen10 Plus Servers Using Integrated Lights-Out 5 (iLO 5), Remote Buffer Overflow

2. HPESBHF04133 rev.2 - HPE ProLiant Servers, Apollo Products, Moonshot and Edgeline Blades, and Storage Products with Integrated Lights-Out 5 (iLO 5), Multiple Remote and Local Vulnerabilities

 

Please click on "Thumbs Up/Kudo" icon to give a "Kudo".

 

Thank you for being a HPE valuable community member.


Accept or Kudo

0 Kudos
Reply
Suman_1978
HPE Pro

тАО02-20-2023 09:02 PM

тАО02-20-2023 09:02 PM

Re: Buffer overflow in BIOS for proliant Gen10

Hi,

Please check if the issue you are referring to is mentioned in the bulletin.

HPESBHF04192 rev.2 - HPE ProLiant and ProLiant Server Blades, Apollo, and Synergy Gen10 and Gen10 Plus Servers, Multiple Local Vulnerabilities in UEFI BIOS

HPESBHF04211 rev.1 - HPE Gen10 and Gen10 Plus Servers Using Integrated Lights-Out 5 (iLO 5), Remote Buffer Overflow

To report a potential security vulnerability for any HPE supported product:
Web Form: https://www.hpe.com/info/report-security-vulnerability

Thank You!
I work with HPE but opinions expressed here are mine.
Recent Support Video Releases



I work at HPE
HPE Support Center offers support for your HPE services and products when and how you need it. Get started with HPE Support Center today.
[Any personal opinions expressed are mine, and not official statements on behalf of Hewlett Packard Enterprise]
Accept or Kudo
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.