SOLVED SuperMicro fix for CVE-2019-6260

[blanchet]

CVE-2019-6260 is a serious vulnerability of the Baseband Management Controllers (BMC) ASPEED AST2400 and AST2500.
These chip are found in many SuperMicro motherboards that are very popular to build FreeNAS servers.
Fortunately, SuperMicro has released new BMC firmwares to address this flaw.

You may be interested by these new firmware, if you own a SuperMicro motherboard in the following generations:
X9, X10, X11, H8, H11, H12

 

[seanm]

SuperMicro's BIOS update instructions require creating a bootable DOS USB stick! How quaint. :)

Anyone know if using FreeDOS works? Otherwise where does one get DOS these days?!

 

[droeders]

SuperMicro's BIOS update instructions require creating a bootable DOS USB stick! How quaint. :)

Anyone know if using FreeDOS works? Otherwise where does one get DOS these days?!

I use FreeDOS to update the BIOS on my SM boards all the time. Mine are X11 series and Xeon-D.

 

[hervon]

Updated my X9SCM-F to bios 2.3 with FreeDOS (rufus) without issue.

 

[seanm]

Thanks. I succeed using Rufus to make a FreeDOS boot disk. Successfully upgraded my X10 based system from BIOS 3.1 to 3.1c.

 

[Yorick]

BIOS settings will be reset by the upgrade. If you customized for M.2 boot or power-loss, you'll need to redo those after the update.

And you'll need to switch to Dual or BIOS boot for the upgrade, then switch back to UEFI after, assuming FreeNAS is installed as UEFI boot.

 

[seanm]

Hmmm, I personally never touched any BIOS settings, but I wonder if iX does some BIOS configs on the systems they sell. In my case at least, any settings that got reset haven't changed any behaviour I can discern.

 

[Yorick]

The three settings I mentioned are the only ones I touched.
- UEFI-only boot
- AMI Native so it'll boot off the M.2 NVMe drive
- Power On instead of Last State so it'll survive a power failure

Last State should work but doesn't, not sure why. It's an easy enough change, FreeNAS is "Always On" anyway.