Note: This is an archival copy of Security Sun Alert 257329 as previously published on http://sunsolve.sun.com.
Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1020386.1.
Article ID : 1020386.1
Article Type : Sun Alerts (SURE)
Last reviewed : 2009-08-13
Audience : PUBLIC
Copyright Notice: Copyright © 2010, Oracle Corporation and/or its affiliates.

A Security Vulnerability in Certain System Board Firmware Revisions of Sun Fire V215 Servers with XVR-100 Graphic Cards may Allow an Unprivileged User to Panic the System

Category
Security

Release Phase
Resolved

Bug Id
6691343

Product
Sun Fire V215 Server

Date of Resolved Release
13-Jul-2009

A security vulnerability in certain system board firmware revisions of Sun Fire V215 servers with XVR-100 graphic cards may allow an unprivileged user to panic the system:

1. Impact

On Sun Fire V215 servers with XVR-100 graphic cards and certain system board revisions, a security vulnerability in the system board firmware may allow a local or remote unprivileged user to panic the system and thereby cause a Denial of Service (DoS).

2. Contributing Factors

This issue can occur on the following platform:
  • Sun Fire V215 Server with an XVR-100 graphics card without patch 142186-01
This issue only affects Sun Fire V215 servers which are equipped with system boards 375-3463 dash level -04 or later AND XVR-100 graphic cards. Sun Fire V215 system boards 375-3463 with dash level -03 or lower, and all 375-3464-xx boards, are not affected by this issue.

To determine the installed system board part number and dash level, the Solaris prtfru(1M) command can be used:
    $ prtfru -x
    ...
    <UNIX_Timestamp32 value="Thu Dec 20 02:21:59 EST 2007"/>
    <Fru_Description value="ASSY,MBD,2X1.5GHZ,0MB,SEATTLE"/>  <<--- System Board
    <Manufacture_Loc value="Shunde,China"/>
    <Sun_Part_No value="3753463"/>    <<--- System board part number
    <Sun_Serial_No value="3J00SM"/>
    <Vendor_Name value="Mitac International"/>
    <Initial_HW_Dash_Level value="07"/>  <<--- Dash level
    <Initial_HW_Rev_Level value="50"/>
    <Fru_Shortname value="MB"/>
To determine if an XVR-100 graphic card is present, the following command can be used:
    # prtdiag | grep XVR-100
    pci  188 +ISER-LEFT/PCI1  SUNW,XVR-100 (display)  SUNW,375-3290
    okay  /pci@1e,600000/pci@0/pci@9/pci@0/pci@8/SUNW,XVR-100@1
To determine if a -04 board has already received the fix from patch 142186-01, do the following:

From the OBP prompt:
  1. ok begin-select /pci@1e,600000/pci@0
  2. ok my-address my-space 200.0010 or 1000 " map-in" $call-parent
  3. ok value reg : plx@ reg + l@ lbflip ;
  4. ok h# c00 plx@ .
* Returned value should be 0x7fff3743

3. Symptoms

If the described issue occurs, the system may experience a PCIe related panic similar to the following:
    panic[cpu1]/thread=30001bd89a0: px#0: Fatal PCIe Fabric Error has occurred...
    px:px_err_fabric_intr+ec (300000ade00, 31, 300000d5618, 300000a...
    px:px_msiq_intr+1c0 (300003f1e08, 300003e0d30, 12bd2d4, 0, 3000

4. Workaround



There is no workaround for this issue.  Please see the Resolution section below.




5. Resolution



This issue is addressed in the following release:
  • Sun Fire V215 Server with patch 142186-01 or later
Note: New Sun Fire V215 servers with the affected system boards 375-3463 dash level -04 or later, or replacement system boards 375-3463 dash level -04 or later shipped by Sun will need this patch applied if they are being installed in a V215 configuration with an XVR-100 graphics card. This is because this patch is only to be applied to Sun Fire V215 servers with an XVR-100 graphics card. Therefore, this cannot be pre-applied in the factory.


For more information
on Security Sun Alerts, see  1009886.1.

This Sun Alert notification is being provided
to you on
an "AS IS"
basis. This Sun Alert notification may contain information provided by
third parties. The issues described in this Sun Alert notification may
or may not impact your system(s). Sun makes no representations,
warranties, or guarantees as to the information contained herein. ANY
AND ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING WITHOUT LIMITATION
WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR
NON-INFRINGEMENT, ARE HEREBY DISCLAIMED. BY ACCESSING THIS DOCUMENT YOU
ACKNOWLEDGE THAT SUN SHALL IN NO EVENT BE LIABLE FOR ANY DIRECT,
INDIRECT, INCIDENTAL, PUNITIVE, OR CONSEQUENTIAL DAMAGES THAT ARISE OUT
OF YOUR USE OR FAILURE TO USE THE INFORMATION CONTAINED HEREIN. This
Sun Alert notification contains Sun proprietary and confidential
information. It is being provided to you pursuant to the provisions of
your agreement to purchase services from Sun, or, if you do not have
such an agreement, the Sun.com Terms of Use. This Sun Alert
notification may only be used for the purposes contemplated by these
agreements.




Copyright 2000-2009 Sun Microsystems, Inc., 4150 Network Circle,
Santa
Clara, CA 95054 U.S.A. All rights reserved.

Modification History

06-Aug-2009: Updated Contributing Factors section.

14-Aug-2009: Updated Resolution section.




References
 142186-01



                     


Attachments
This solution has no attachment