Researchers in the UK have identified vulnerabilities in the power management bus (PMbus) for processors that can disable server boards.
The vulnerability, dubbed PMFault, was discovered by Zitai Chen and Prof David Oswald at the University of Birmingham in the widely used Supermicro X11SSL motherboard (above). It can be activated remotely to provide an over-voltage to the CPU, ‘bricking’ the board.
- Researchers find new security vulnerabilities in Intel processors
- Major security vulnerabilities found in DRAM
- CAN FD vulnerability threatens vehicle security
The voltage regulators used for power management on the server boards are connected to the CPU and the separate Baseboard Management Controller (BMC) via the I2C-based PMBus.
Remotely exploitable software weaknesses in the BMC or other processors with PMBus access can be used to access the PMBus and then perform hardware-based fault injection attacks on the main CPU.
The underlying weaknesses include insecure firmware encryption and signing mechanisms, a lack of authentication for the firmware upgrade process and the IPMI KCS control interface, as well as the motherboard design where the PMBus is connected to the BMC and SMBus by default.
The researchers started off showing that providing an undervoltage through the PMBus allows breaking the integrity guarantees of SGX enclaves, bypassing Intel’s countermeasures against previous undervolting attacks like Plundervolt/V0ltPwn.
Then they conducted experiments with an overvoltage outside the specified range has the potential of permanently damaging Intel Xeon CPUs, rendering the server inoperable. These can be carried out by a privileged software adversary and do not require physical access to the server motherboard or knowledge of the BMC login credentials.
Analysing the VRM voltage regulator interface at the hardware level shows that the PMBus can be used to control the CPU voltage.
To determine if the vulnerabilities can affect other server motherboards, the team also investigated the PMBus connections and usage on an ASRock E3C246D4I-2T and a Supermicro X12DPi-NT6.
The BMC firmware can also be exploited to send arbitrary PMBus commands to control the voltage of the CPU. Through several software vulnerabilities in the BMC, including incorrect firmware encryption and signing mechanisms, a lack of authentication for firmware upgrades and control interfaces, an attacker can manipulate the CPU voltage remotely because the PMBus is connected to the BMC and the System Management Bus (SMBus) by default.
As the BMC has an independent, external flash chip for its firmware, SGX attestation currently does not have the ability to verify its status. Crucially, because the software voltage-control interface in Model Specific Register (MSR) 0x150 is not used, Intel’s fix for the uldervolting vulnerability, CVE-2019-11157, does not address this attack.
Then there is the overvolting attack. By sending a certain sequence of PMBus commands, the researchers set the CPU voltage outside the specification, as high as 2.84 V, and permanently brick the Xeon CPU used on the board.
The team has disclosed the issues to Supermicro and they looked at possible countermeasures at different levels. These include a PMBusDetect tool for detecting if the VRM is connected to the PMBus. The mitigations had already been implemented on the X12 generation server boards.
The details of the experiments and source code can be found at: https://github.com/ zt-chen/PMFault and the common vulnerabilities and exposures (CVE) number CVE-2022-43309 has been reserved for PMFault.