OpenBMC on PantsDown

Re: https://firmwaresecurity.com/2019/01/22/cve-2019-6260-pantsdown-gaining-control-of-bmc-from-the-host-processor/

[…]Solution: The mitigations are in the 2.6 level of OpenBMC for all supported SPEED-based platforms. The complete solution is platform dependent because it can involve patching both the BMC firmware and the host firmware. For example, disabling the iLPC2AHB bridge can be a bit of a finicky process. The host platform’s operating system may be impacted when the P2A bridge is disabled. The solution may require an updated ASPEED video driver. See Linux commit 71f677a.[…]

https://gerrit.openbmc-project.xyz/c/openbmc/docs/+/11164

https://github.com/openbmc/openbmc/issues/3475

CVE-2019-6260: PantsDown: Gaining control of BMC from the host processor

CVE-2019-6260: Gaining control of BMC from the host processor
Posted on 23/01/2019 by Stewart Smith

This is details for CVE-2019-6260 – which has been nicknamed “pantsdown” due to the nature of feeling that we feel that we’ve “caught chunks of the industry with their…” and combined with the fact that naming things is hard, so if you pick a bad name somebody would have to come up with a better one before we publish.

I expect OpenBMC to have a statement shortly.[…]

https://www.flamingspork.com/blog/2019/01/23/cve-2019-6260-gaining-control-of-bmc-from-the-host-processor/