Privacy policy

Our website uses cookies to give you the most optimal experience online by: measuring our audience, understanding how our webpages are viewed and improving consequently the way our website works, providing you with relevant and personalized marketing content.
You have full control over what you want to activate. You can accept the cookies by clicking on the “Accept all cookies” button or customize your choices by selecting the cookies you want to activate. You can also decline all non-necessary cookies by clicking on the “Decline all cookies” button. Please find more information on our use of cookies and how to withdraw at any time your consent on our privacy policy.

Managing your cookies

Our website uses cookies. You have full control over what you want to activate. You can accept the cookies by clicking on the “Accept all cookies” button or customize your choices by selecting the cookies you want to activate. You can also decline all non-necessary cookies by clicking on the “Decline all cookies” button.

Necessary cookies

These are essential for the user navigation and allow to give access to certain functionalities such as secured zones accesses. Without these cookies, it won’t be possible to provide the service.
Matomo on premise

Marketing cookies

These cookies are used to deliver advertisements more relevant for you, limit the number of times you see an advertisement; help measure the effectiveness of the advertising campaign; and understand people’s behavior after they view an advertisement.
Adobe Privacy policy | Marketo Privacy Policy | MRP Privacy Policy | AccountInsight Privacy Policy | Triblio Privacy Policy

Social media cookies

These cookies are used to measure the effectiveness of social media campaigns.
LinkedIn Policy

Our website uses cookies to give you the most optimal experience online by: measuring our audience, understanding how our webpages are viewed and improving consequently the way our website works, providing you with relevant and personalized marketing content. You can also decline all non-necessary cookies by clicking on the “Decline all cookies” button. Please find more information on our use of cookies and how to withdraw at any time your consent on our privacy policy.

Skip to main content

UEFI vulnerabilities affecting BullSequana servers VU796611

Vulnerabilities affecting BullSequana servers

On February 1st, 2022, CERT-CC, Insyde Inc., and Binarly Inc. collectively disclosed a set of vulnerabilities affecting InsydeH2O Hardware-2-Operating System (H2O) UEFI Bios.
These vulnerabilities generalize to all Intel and AMD chipset configurations a 2020 vulnerability affecting a version of InsydeH2O that supported a specific Intel chipset (CVE-2020-5953). They affect any product using UEFI Bios based on InsydeH2O, including some BullSequana products.
Atos is liaising closely with its suppliers and investigating the exact nature of these vulnerabilities to provide validated remediation.
The management part of the platforms (BMC) is not affected by these vulnerabilities. The vulnerability lies in the computing part of the servers.
An administrative access to the host would allow to implement hardly detectable malware in the System Management Mode (SMM) area. Under certain circumstances, these vulnerabilities could help to circumvent secure boot and other security features which preserve the integrity of the platform firmware.

See attached Security Bulletin for more details.

Security Bulletin

Read the security bulletin
Posted on: March 10th, 2022

 

Contact PSIRT team:

Share this article

Follow us on

Related links

Protecting your business to face cybersecurity challenges
Atos Managed Security Services – Advanced Detection and Response
Security Operation Center, SOC