Intel Platform Update (IPU) Update 2024.3, August 2024
More Information:
Security Advisories that affect BIOS:
- INTEL-SA-01038 – 2024.2 IPU - Intel® Core™ Ultra Processor Stream Cache Advisory
- Summary: A potential security vulnerability in the Intel® Core™ Ultra Processor stream cache mechanism may allow escalation of privilege. Intel is releasing microcode updates to mitigate this potential vulnerability.
- Severity: High
- INTEL-SA-01046 – 2024.2 IPU - Intel® Processor Stream Cache Advisory
- Summary: A potential security vulnerability in some Intel® Processor stream cache mechanisms may allow escalation of privilege. Intel is releasing microcode updates to mitigate this potential vulnerability.
- Severity: High
- INTEL-SA-00999 – 2024.3 IPU - Intel® Chipset Firmware Advisory
- Summary: Potential security vulnerabilities in Intel® Converged Security and Manageability Engine (CSME), Intel® Active Management Technology (AMT), Intel® Standard Manageability, Intel® PROSet/Wireless and Intel® Killer™ Wi-Fi software may allow escalation of privilege, denial of service, or information disclosure. Intel is releasing firmware updates to mitigate these potential vulnerabilities.
- Severity: Medium
- INTEL-SA-01083 – 2024.3 IPU - SMI Transfer Monitor Advisory
- Summary: A potential security vulnerability in SMI Transfer monitor (STM) may allow escalation of privilege. Intel is releasing microcode updates to mitigate this potential vulnerability.
- Severity: High
- INTEL-SA-01100 – 2024.3 IPU - Intel® Xeon® Processor Advisory
- Summary: A potential security vulnerability in some 3rd, 4th, and 5th Generation Intel® Xeon® Processors may allow escalation of privilege. Intel is releasing firmware updates to mitigate this potential vulnerability.
- Severity: Medium
- INTEL-SA-01118 – 2024.3 IPU - 3rd Generation Intel® Xeon® Scalable Processor Advisory
- Summary: A potential security vulnerability in some 3rd Generation Intel® Xeon® Scalable Processors may allow denial of service. Intel is releasing microcode updates to mitigate this potential vulnerability.
- Severity: Medium
- INTEL-SA-01103 – 2024.3 IPU - Intel® Processor RAPL Interface Advisory
- Summary: A potential security vulnerability in the Running Average Power Limit (RAPL) interface for some Intel® Processors may allow information disclosure. Intel is releasing firmware updates to mitigate this potential vulnerability.
- Severity: Medium
Addendum to INTEL-SA-01103
Advisory Overview
Security Vulnerability in Intel RAPL Interface (CVE-2024-23984) – Supermicro has been made aware of a potential security vulnerability affecting Intel processors, identified as CVE-2024-23984. This vulnerability resides in the Running Average Power Limit (RAPL) interface, which may allow an authenticated local user to escalate privileges or disclose sensitive information by reading energy usage data.
Affected Products
This issue impacts Supermicro motherboards powered by certain Intel Xeon® processors across the X12 and X13 product families. Supermicro has collaborated with Intel to provide mitigation strategies to address this vulnerability.
Mitigation and Workarounds
After a detailed investigation we confirmed that mitigation for this issue requires both the 2024.3 IPU and the relevant Linux OS patch: Running Average Power Limit Energy Reporting
- Apply OS Linux patch to the Linux systems
- Apply microcode patch to all systems with Intel SGX enabled
Affected Platforms and BIOS version numbers that contain the fix:
| X13-Catlow | BIOS version that contains the fix |
|---|---|
| X13SCL-IF | v 2.0 |
| X13SCL-F | v 2.0 |
| X13SCH | v 2.0 |
| X13SCD-F | v 2.0 |
| X13SCW | v 2.0 |
| B4SC1 | v 2.0 |
| X12-Cedar Island | BIOS version that contains the fix |
|---|---|
| X12QCH+ | v 2.0 |
| X13-Eagle Stream | BIOS version that contains the fix |
|---|---|
| X13DEH | v 2.4 |
| X13DEG-OAD | v 2.4 |
| X13DEG-OA | v 2.4 |
| X13DGU | v 2.4 |
| X13QEH+ | v 2.4 |
| X13DAi-T | v 2.4 |
| X13DDW | v 2.4 |
| B13DEE | v 2.4 |
| B13DET | v 2.4 |
| B13SEE-CPU-25G | v 2.4 |
| B13SEG | v 2.4 |
| X13DEG-M | v 2.4 |
| X13DEG-QT | v 2.4 |
| X13DEG-R | v 2.4 |
| X13DEG-PVC | v 2.4 |
| X13DEi(-T) | v 2.4 |
| X13DEM | v 2.4 |
| X13DET-B | v 2.4 |
| X13DSF-A | v 2.4 |
| X13SEDW-F | v 2.4 |
| X13SEED-F/SF | v 2.4 |
| X13SEFR-A | v 2.4 |
| X13SEI-TF/-F | v 2.4 |
| X13SEM-TF | v 2.4 |
| X13SET-G/-GC | v 2.4 |
| X13SET-PT | v 2.4 |
| X13SEVR-SP13F | v 2.4 |
| X13SEW | v 2.4 |
| X13SEW-TF-OS1 | v 2.4 |
| X13OEi | v 2.4 |
| X11-Greenlow refresh Server | BIOS version that contains the fix |
|---|---|
| X11SSD-F | v 3.4 |
| X11SSH-(C)TF | v 3.4 |
| X11SSH-(LN4)F | v 3.4 |
| X11SSL(-F) | v 3.4 |
| X11SSL-C/nF | v 3.4 |
| X11SSM(-F) | v 3.4 |
| X11SSW-(4)TF | v 3.4 |
| X11SSW-F | v 3.4 |
| X11SSA-F/X11SSi-LN4F | v 3.4 |
| X11SSE-F | v 3.4 |
| X11SSH-G(T)F-1585(L) | v 3.4 |
| X11SSV-M4F | v 3.4 |
| B2SS2-F | v 3.4 |
| B2SS2-CPU/-(C)F | v 3.4 |
| B2SS1/2(-H)-MTF | v 3.4 |
| X12-Idaville | BIOS version that contains the fix |
|---|---|
| X12SDV-SPT4F | v 1.8 |
| X12SDV-SP6F | v 1.8 |
| X12SDV-SPT8F | v 1.8 |
| B3SD1 | v 1.8 |
| X11-Mehlow Server | BIOS version that contains the fix |
|---|---|
| X11SCW | v 2.5 |
| X11SCD | v 2.5 |
| X11SCM | v 2.5 |
| X11SCL-LN4F | v 2.5 |
| X11SCE | v 2.5 |
| X11SCH | v 2.5 |
| X11SCL-F | v 2.5 |
| X11SCL | v 2.5 |
| X11-Mehlow Workstation | BIOS version that contains the fix |
|---|---|
| X11SCA-F | v 2.6 |
| X11SCQ/L | v 2.6 |
| X11SCV-Q/L | v 2.6 |
| X11SCZ-F/Q | v 2.6 |
| B2SC1 | v 2.6 |
| B2SC2 | v 2.6 |
| B11SCG-CTF | v 2.6 |
| B11SCG-ZTF | v 2.6 |
| X13-Raptor Lake | BIOS version that contains the fix |
|---|---|
| X13SRN-H/-E/-WOHS | v 3.3 |
| X12-Tatlow | BIOS version that contains the fix |
|---|---|
| X12STW | v 2.1 |
| X12STH | v 2.1 |
| X12STD | v 2.1 |
| X12STE | v 2.1 |
| X12STL-IF | v 2.1 |
| X12STL-F | v 2.1 |
| B3ST1 | v 2.1 |
| X12-Tiger Lake | BIOS version that contains the fix |
|---|---|
| X12STN | v 1.8 |
| X11-Whiskey Lake | BIOS version that contains the fix |
|---|---|
| X11SWN | v 2.1 |
| X12-Whitley | BIOS version that contains the fix |
|---|---|
| B12DPE-6 | v 2.1 |
| B12DPT-6 | v 2.1 |
| B12SPE-CPU | v 2.1 |
| X12DAi-N6 | v 2.1 |
| X12DGO-6 | v 2.1 |
| X12DGQ-R | v 2.1 |
| X12DPG-AR | v 2.1 |
| X12DPG-OA6 | v 2.1 |
| X12DPG-OA6-GD2 | v 2.1 |
| X12DPG-QR | v 2.1 |
| X12DPG-QBT6 | v 2.1 |
| X12DPG-QT6 | v 2.1 |
| X12DPG-U6 | v 2.1 |
| X12DPi-N(T)6 | v 2.1 |
| X12DPL-i6/NT6 | v 2.1 |
| X12DDW-A6 | v 2.1 |
| X12DGU | v 2.1 |
| X12DHM-6 | v 2.1 |
| X12DPD-A/AM25 | v 2.1 |
| X12DPFR-AN6 | v 2.1 |
| X12DPT-B6 | v 2.1 |
| X12DPT-PT6/-PT46 | v 2.1 |
| X12DPU-6 | v 2.1 |
| X12DSC-6 | v 2.1 |
| X12DSC-A6 | v 2.1 |
| X12SPO-(NT)F | v 2.1 |
| X12SPM Series | v 2.1 |
| X12SPW-(T)F, X12SPW-(T)F | v 2.1 |
| X12SPL-LN4F | v 2.1 |
| X12SPZ-SPLN6F/LN4F | v 2.1 |
| X12SPi-TF | v 2.1 |
| X12SPA-TF | v 2.1 |
| X12SPED-F | v 2.1 |
| X12SPG-NF | v 2.1 |
| X12SPT-PT | v 2.1 |
| X12SPT-G | v 2.1 |
| X12DPi | v 2.1 |
| X11-Purley Refresh | BIOS version that contains the fix |
|---|---|
| X11SPi-TF | v 4.4 |
| X11SPG-TF | v 4.4 |
| X11SPH-nCT(P)F | v 4.4 |
| X11SPL-F | v 4.4 |
| X11SPM-(T)F/TPF | v 4.4 |
| X11SPW-(C)TF | v 4.4 |
| X11DPi-N/NT/Ni | v 4.4 |
| X11DAi-N | v 4.4 |
| X11DGQ-R | v 4.4 |
| X11DPG-HGX2 | v 4.4 |
| X11DPG-OT | v 4.4 |
| X11DPS-RE | v 4.4 |
| X11DAC | v 4.4 |
| X11DGO | v 4.4 |
| X11QPH+ | v 4.4 |
| X11QPL | v 4.4 |
| X11OPi | v 4.4 |
| B11DPT | v 4.4 |
| B11DPE | v 4.4 |
| B11QPI/-T | v 4.4 |
| X11DPD-L/M25 | v 4.4 |
| X11DPG-QT (32MB) | v 4.4 |
| X11DPG-QT (64MB) | v 4.4 |
| X11DPL-i | v 4.4 |
| X11DPU | v 4.4 |
| X11DPU-V | v 4.4 |
| X11DPU-R | v 4.4 |
| X11DPX-T | v 4.4 |
| X11DSC+ | v 4.4 |
| X11DDW-L/N(T) | v 4.4 |
| X11DPFF-SN | v 4.4 |
| X11DPFR-S(N) | v 4.4 |
| X11DPH-T(Q)(F) | v 4.4 |
| X11DPT-B | v 4.4 |
| X11DPT-PS | v 4.4 |
| X11DPU-Z+ | v 4.4 |
| B11SPE | v 4.4 |
| X13-Alder Lake | BIOS version that contains the fix |
|---|---|
| B4SA1-CPU | v 3.3 |
| X13SAE | v 3.3 |
| X13SAE-F | v 3.3 |
| X13SAN-H/-E/-L/-C | v 3.3 |
| X13SAQ | v 3.3 |
| X13SAV-LVDS | v 3.3 |
| X13SAV-PS | v 3.3 |
| X13SAZ-F | v 3.3 |
| X13SAZ-Q | v 3.3 |
| X12/C9-Comet Lake | BIOS version that contains the fix |
|---|---|
| X12SAE/X12SCA-F | v 3.1 |
| X12SCQ | v 3.1 |
| X12SCV-LVDS | v 3.1 |
| X12SCV-W | v 3.1 |
| X12SCZ-TLN4F/QF/F | v 3.1 |
| C9Z490-PGW | v 3.1 |
| X12/C9-Rocket Lake | BIOS version that contains the fix |
|---|---|
| X12SAE-5 | v 1.7 |
| X12SCA-5F | v 1.7 |
| C9Z590-CG(W) | v 1.7 |