CVE-2024-10238

High

Published: 04 February 2025

Published

04 February 2025

Modified

15 April 2026

KEV Added

—

Patch

—

CVSS Score 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0011 28.5th percentile

Risk Priority 14 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-10238 is a high-severity Stack-based Buffer Overflow (CWE-121) vulnerability in Supermicro MBD-X12DPG-OA6 (inferred from references). Its CVSS base score is 7.2 (High).

Operationally, ranked at the 28.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match

prevent

Timely remediation via Supermicro firmware patches directly fixes the stack overflow in the image verification implementation.

SI-10 Information Input Validation good match

prevent

Input validation of firmware image fields like fld->used_bytes prevents specially crafted images from triggering the buffer overflow.

SI-16 Memory Protection partial match

prevent

Memory protection mechanisms such as stack canaries mitigate exploitation of the stack-based buffer overflow vulnerability.

NVD Description

A security issue in the firmware image verification implementation at Supermicro MBD-X12DPG-OA6. An attacker can upload a specially crafted image that will cause a stack overflow is caused by not checking fld->used_bytes.

Deeper analysisAI

CVE-2024-10238 is a stack-based buffer overflow vulnerability (CWE-121) in the firmware image verification implementation of the Supermicro MBD-X12DPG-OA6 motherboard. The issue arises from a failure to check the fld->used_bytes value, allowing a specially crafted firmware image to trigger the overflow. Published on February 4, 2025, it carries a CVSS v3.1 base score of 7.2 (AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H), indicating high severity due to its potential for significant impact.

An attacker with high privileges (PR:H), such as an administrator with access to the system's firmware update mechanisms, can exploit this vulnerability over the network (AV:N) with low complexity (AC:L) and no user interaction required (UI:N). By uploading a maliciously crafted firmware image, the attacker can trigger the stack overflow, potentially achieving high confidentiality, integrity, and availability impacts (C:H/I:H/A:H) within the unchanged scope (S:U), such as arbitrary code execution or full system compromise on the affected Supermicro motherboard.

Supermicro has published a security advisory addressing this and related BMC/IPMI issues, available at https://www.supermicro.com/en/support/security_BMC_IPMI_Jan_2025, which likely includes firmware updates or patches for mitigation. Security practitioners should apply these updates promptly to affected systems.