Launching soon: The world's first vendor agnostic bug scrubLearn more & join waitlist
OPERATIONAL DEFECT DATABASE
...
...
Security vulnerabilities in StoreOnce platforms using HPE ProLiant DL380 Gen10 servers, which use certain Intel Chipset firmware, could be locally exploited to allow escalation of privilege or denial of service attacks. For more information on this vulnerability, refer to following HPE Security Bulletin: HPESBHF04242 rev.3 - Certain HPE Servers using certain Intel Chipset Firmware, INTEL-SA-00470, 2021.2 IPU, Multiple Vulnerabilities
This document applies to all HPE StoreOnce Gen4 Systems.
To resolve this issue, update the Server Platform Services (SPS) firmware. The SPS firmware relies on the Innovation Engine (IE) firmware, so IE firmware also needs to be updated. This update will need to be performed manually. NOTE : Updating these components requires the system to be powered off and the update must be performed from the HPE Integrated Lights-Out (iLO) management console. The firmware management tool for HPE StoreOnce systems supports updates only when the system is powered on. Using the upgrade package, and with the server being powered off, the SPS firmware update can be performed manually, through the HPE iLO management console: Log into the HPE StoreOnce Management Console. Go to Settings and from the three options available under Actions , choose Shut down to power off the system. Log into iLO Management Console. Go to the Firmware & OS Software option and upload both of the following files, one after the another, to the iLO Repository via the iLO Repository option on the right-hand side. Packages to be uploaded: Innovation Engine (IE) Server Platform Services (SPS) Start by adding the IE firmware package that was uploaded earlier to the queue using the Add to queue option in the right-hand side, and select the corresponding file name from the drop-down. Using the same process, add the SPS firmware package to the queue. IMPORTANT : The customer must strictly follow the order of adding the IE firmware package to the queue first , and then add the SPS firmware package. Navigate to the Installation Queue and check if both the tasks are present. Power on the server by selecting Power & Thermal > Server Power > Momentary Press . While the system is coming up, the IE firmware update progress displays in the POST screen, as shown below: After the IE firmware is flashed, the SPS firmware update progress is displayed, as shown below: Once the system is up, both IE and SPS should be in the updated version 0.2.3.0. and 04.01.04.901, respectively. This can be verified in the firmware list under the Firmware & OS Software option, which is located on the left-hand side. This firmware update also resolves the issue of SPS Authentication Failure, which was observed during POST and in IML Event logs. RECEIVE PROACTIVE UPDATES : Receive support alerts (such as Customer Advisories), as well as updates on drivers, software, firmware, and customer replaceable components, proactively in your e-mail through HPE Support Alerts. Sign up for Support Alerts at the following URL: HPE Email Preference Center