CVE-2024-10239
Published: 04 February 2025
Summary
CVE-2024-10239 is a high-severity Stack-based Buffer Overflow (CWE-121) vulnerability in Supermicro MBD-X12DPG-OA6 (inferred from references). Its CVSS base score is 7.2 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 27.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Deeper analysis
CVE-2024-10239 is a stack-based buffer overflow vulnerability (CWE-121) in the firmware image verification implementation on Supermicro MBD-X12DPG-OA6 motherboards. The issue arises from an unchecked fat->fsd.max_fld value, allowing malformed firmware images to trigger the overflow during verification. It has a CVSS v3.1 base score of 7.2 (AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H), indicating high severity with potential for significant impact.
An attacker with administrator privileges (PR:H) can exploit this vulnerability over the network (AV:N) with low complexity (AC:L) and no user interaction required. By uploading a specially crafted firmware image, the attacker triggers the stack overflow, potentially achieving full confidentiality, integrity, and availability compromise (C:H/I:H/A:H) on the affected system in an unchanged scope (S:U).
Supermicro has issued a security advisory with mitigation guidance and patch information available at https://www.supermicro.com/en/support/security_BMC_IPMI_Jan_2025. Security practitioners should consult this resource for firmware updates and apply them promptly to affected MBD-X12DPG-OA6 systems.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-33599
Vulnerability details
A security issue in the firmware image verification implementation at Supermicro MBD-X12DPG-OA6 . An attacker with administrator privileges can upload a specially crafted image, which can cause a stack overflow due to the unchecked fat->fsd.max_fld.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Stack buffer overflow in authenticated firmware verification path directly enables local/remote admin to achieve arbitrary code execution and full system compromise.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Requires timely remediation of the specific stack overflow flaw in firmware image verification through vendor patches, directly preventing exploitation.
Mandates bounds checking and validation of firmware image fields like fat->fsd.max_fld to block malformed inputs causing stack overflows.
Provides defense-in-depth via stack protection mechanisms that mitigate exploitation of stack-based buffer overflows even if input validation fails.