CVE-2022-43309

Name of the Vulnerable Software and Affected Versions Supermicro X11SSL-CF HW Rev 1.01, BMC firmware version 1.63

Description The issue is related to the PMBus interface of the VRM module in Supermicro BMC controllers, where there is an incorrect assignment of permissions for a critical resource. Exploitation of this issue can allow an attacker to physically disable the CPU without the possibility of subsequent recovery. Researchers from the University of Birmingham discovered this vulnerability, which has been named PMFault, and it can be used to damage servers without physical access but with privileged access to the operating system.

Recommendations For Supermicro X11SSL-CF HW Rev 1.01, BMC firmware version 1.63, update the firmware to a version that contains the fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.