Note: This is an archival copy of Security Sun Alert 257329 as previously published on
Latest version of this security advisory is available from as Sun Alert 1020386.1.
Article ID : 1020386.1
Article Type : Sun Alerts (SURE)
Last reviewed : 2009-08-13
Audience : PUBLIC
Copyright Notice: Copyright © 2010, Oracle Corporation and/or its affiliates.

A Security Vulnerability in Certain System Board Firmware Revisions of Sun Fire V215 Servers with XVR-100 Graphic Cards may Allow an Unprivileged User to Panic the System


Release Phase

Bug Id

Sun Fire V215 Server

Date of Resolved Release

A security vulnerability in certain system board firmware revisions of Sun Fire V215 servers with XVR-100 graphic cards may allow an unprivileged user to panic the system:

1. Impact

On Sun Fire V215 servers with XVR-100 graphic cards and certain system board revisions, a security vulnerability in the system board firmware may allow a local or remote unprivileged user to panic the system and thereby cause a Denial of Service (DoS).

2. Contributing Factors

This issue can occur on the following platform:
  • Sun Fire V215 Server with an XVR-100 graphics card without patch 142186-01
This issue only affects Sun Fire V215 servers which are equipped with system boards 375-3463 dash level -04 or later AND XVR-100 graphic cards. Sun Fire V215 system boards 375-3463 with dash level -03 or lower, and all 375-3464-xx boards, are not affected by this issue.

To determine the installed system board part number and dash level, the Solaris prtfru(1M) command can be used:
    $ prtfru -x
<UNIX_Timestamp32 value="Thu Dec 20 02:21:59 EST 2007"/>
<Fru_Description value="ASSY,MBD,2X1.5GHZ,0MB,SEATTLE"/>  <<--- System Board
<Manufacture_Loc value="Shunde,China"/>
<Sun_Part_No value="3753463"/>    <<--- System board part number
<Sun_Serial_No value="3J00SM"/>
<Vendor_Name value="Mitac International"/>
<Initial_HW_Dash_Level value="07"/>  <<--- Dash level
<Initial_HW_Rev_Level value="50"/>
<Fru_Shortname value="MB"/>
To determine if an XVR-100 graphic card is present, the following command can be used:
    # prtdiag | grep XVR-100
pci 188 +ISER-LEFT/PCI1 SUNW,XVR-100 (display) SUNW,375-3290
okay /pci@1e,600000/pci@0/pci@9/pci@0/pci@8/SUNW,XVR-100@1
To determine if a -04 board has already received the fix from patch 142186-01, do the following:

From the OBP prompt:
  1. ok begin-select /pci@1e,600000/pci@0
  2. ok my-address my-space 200.0010 or 1000 " map-in" $call-parent
  3. ok value reg : plx@ reg + l@ lbflip ;
  4. ok h# c00 plx@ .
* Returned value should be 0x7fff3743

3. Symptoms

If the described issue occurs, the system may experience a PCIe related panic similar to the following:
    panic[cpu1]/thread=30001bd89a0: px#0: Fatal PCIe Fabric Error has occurred...
px:px_err_fabric_intr+ec (300000ade00, 31, 300000d5618, 300000a...
px:px_msiq_intr+1c0 (300003f1e08, 300003e0d30, 12bd2d4, 0, 3000

4. Workaround

There is no workaround for this issue.  Please see the Resolution section below.

5. Resolution

This issue is addressed in the following release:
  • Sun Fire V215 Server with patch 142186-01 or later
Note: New Sun Fire V215 servers with the affected system boards 375-3463 dash level -04 or later, or replacement system boards 375-3463 dash level -04 or later shipped by Sun will need this patch applied if they are being installed in a V215 configuration with an XVR-100 graphics card. This is because this patch is only to be applied to Sun Fire V215 servers with an XVR-100 graphics card. Therefore, this cannot be pre-applied in the factory.

For more information on Security Sun Alerts, see 1009886.1.

This Sun Alert notification is being provided to you on an "AS IS" basis. This Sun Alert notification may contain information provided by third parties. The issues described in this Sun Alert notification may or may not impact your system(s). Sun makes no representations, warranties, or guarantees as to the information contained herein. ANY AND ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING WITHOUT LIMITATION WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NON-INFRINGEMENT, ARE HEREBY DISCLAIMED. BY ACCESSING THIS DOCUMENT YOU ACKNOWLEDGE THAT SUN SHALL IN NO EVENT BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, PUNITIVE, OR CONSEQUENTIAL DAMAGES THAT ARISE OUT OF YOUR USE OR FAILURE TO USE THE INFORMATION CONTAINED HEREIN. This Sun Alert notification contains Sun proprietary and confidential information. It is being provided to you pursuant to the provisions of your agreement to purchase services from Sun, or, if you do not have such an agreement, the Terms of Use. This Sun Alert notification may only be used for the purposes contemplated by these agreements.

Copyright 2000-2009 Sun Microsystems, Inc., 4150 Network Circle, Santa Clara, CA 95054 U.S.A. All rights reserved.

Modification History
06-Aug-2009: Updated Contributing Factors section.
14-Aug-2009: Updated Resolution section.



This solution has no attachment