"Vulnerabilities in PMBus Can Brick Server Boards"

Researchers in the UK have discovered vulnerabilities in the Power Management Bus (PMBus) for processors that can render server boards inoperable. Zitai Chen and David Oswald of the University of Birmingham identified the PMFault vulnerabilities in the widely used Supermicro X11SSL motherboard. It can be remotely activated to cause an over-voltage on the CPU and "brick" the board. The I2C-based PMBus connects the voltage regulators used for power management on server boards to the CPU and the separate Baseboard Management Controller (BMC). Software vulnerabilities in the BMC or other processors with PMBus access can be remotely exploited to get access to the PMBus and later execute hardware-based fault injection attacks on the main CPU. The vulnerabilities involve insecure firmware encryption and signing processes, as well as a lack of authentication for the firmware upgrade process and the IPMI KCS control interface. The underlying weaknesses also include a motherboard design in which the PMBus is, by default, connected to the BMC and SMBus. The researchers began demonstrating that providing an under-voltage through the PMBus enables breaking the integrity guarantees of SGX enclaves, bypassing Intel's countermeasures against previous undervolting attacks such as Plundervolt/V0ltPwn. They then experimented with an over-voltage outside of the specified range, which can permanently damage Intel Xeon CPUs and leave the server useless. These can be executed by a software adversary with elevated privileges. They do not require physical access to the server motherboard or knowledge of the BMC login credentials. Hardware-level analysis of the VRM voltage regulator interface reveals that the PMBus can be used to control the CPU voltage. This article continues to discuss the potential exploitation and impact of the vulnerabilities found in the PMBus. 

eeNews Power reports "Vulnerabilities in PMBus Can Brick Server Boards"