Skip to main content
  • Place orders quickly and easily
  • View orders and track your shipping status
  • Create and access a list of your products
  • Manage your Dell EMC sites, products, and product-level contacts using Company Administration.

Microprocessor Side-Channel Vulnerabilities (CVE-2018-3639 and CVE-2018-3640): Impact on Dell EMC PowerEdge Servers, Storage (SC Series, PS Series, and PowerVault MD Series) and Networking products

Summary: Dell EMC guidance to mitigate risk and resolution for the side-channel analysis vulnerabilities (also known as Speculative Store Bypass and Rogue System Register Read) servers, storage and networking products. For specific information on affected platforms and next steps to apply the updates, please refer to this guide. ...

This article may have been automatically translated. If you have any feedback regarding its quality, please let us know using the form at the bottom of this page.

Article Content


Symptoms

2018-11-09

CVE ID: CVE-2018-3639, CVE-2018-3640

Dell EMC is aware of the side-channel vulnerabilities described in CVE-2018-3639 (also known as Speculative Store Bypass) and CVE-2018-3640 (also known as Rogue System Register Read) affecting many modern microprocessors that were published by Google Project Zero and the Microsoft Security Response Center on May 21, 2018. An unprivileged attacker with local user access to the system could potentially exploit these vulnerabilities to read privileged memory data. For more information, please review security updates posted by Intel.

Dell EMC is investigating the impact of these issues on our products. We will update this article regularly with impact details and mitigation steps as they become available. Mitigation steps may vary by product and may require updates to processor microcode (BIOS), Operating System (OS), Virtual Machine Manager (VMM), and other software components.

Dell EMC recommends customers follow security best practices for malware protection to help prevent possible exploitation of these vulnerabilities until any future updates can be applied. These practices include, but are not limited to, promptly deploying software updates, avoiding unknown hyperlinks and websites, never downloading files or applications from unknown sources, and employing up-to-date anti-virus and advanced threat protection solutions.

Dell EMC PowerEdge Servers

There are two essential components that need to be applied to mitigate the above mentioned vulnerabilities:
 
1. System BIOS as listed in the Tables below
2. Operating System & Hypervisor updates.

The Product Tables have been updated and will be updated as microcode is released by Intel. If your product has an updated BIOS listed, Dell EMC recommends you upgrade to that BIOS and apply the appropriate OS patches to provide mitigation against the listed CVEs.

Dell EMC XC Series Hyper-converged Appliances.
Please see PowerEdge Server Product Tables.
 
Dell EMC Storage (SC Series, PS Series, and PowerVault MD Series) Products
Please see the Product Tables for the appropriate mitigations and analysis.

Dell EMC Networking Products
Please see the Product Tables for the appropriate mitigations and analysis.

For information on other Dell products, please see: Speculative Store ByPass (CVE-2018-3639, CVE-2018-3640) impact on Dell products .  

SLN309851_en_US__1icon Note: The tables below list products for which there is available BIOS/Firmware/Driver guidance. This information will be updated as additional information is available. If you do not see your platform, please check later.

The Server BIOS can be updated using the iDRAC or directly from the Operating System. Additional methods are provided in this article.

These are the minimum required BIOS versions.

BIOS/Firmware/Driver updates for PowerEdge Server, Storage (including server leveraged storage platforms), and Networking Products


 
 
 
Dell Storage Product Line
Assessment
EqualLogic PS Series Not applicable.
CPU used in the product is not impacted by reported issues. CPU used is Broadcom MIPS processor without speculative execution.
Dell EMC SC Series (Compellent) No additional security risk.
To take advantage of these vulnerabilities, an attacker first must be able to run malicious code on the targeted system. The product is designed to prevent users from loading and executing any external and/or untrusted code on the system. The reported issues do not introduce any additional security risk to the product.
Dell Storage MD3 and DSMS MD3 Series
Dell PowerVault Tape Drives & Libraries
Dell Storage FluidFS Series (includes: FS8600, FS7600, FS7610, FS7500, NX3600, NX3610, NX3500) No additional security risk.
To take advantage of these vulnerabilities, an attacker first must be able to run malicious code on the targeted system. Access to the product to load external and/or potentially untrusted code is restricted to users with root or root-equivalent privileges only. The reported issues do not introduce any additional security risk to the product, provided the recommended best practices to protect the access of highly privileged account are followed.
 
 
 
Dell Storage Virtual Appliance
Assessment
Dell Storage Manager Virtual Appliance (DSM VA - Compellent) No additional security risk.
To take advantage of these vulnerabilities, an attacker first must be able to run malicious code on the targeted system. Access to the product to load external and/or potentially untrusted code is restricted to users with root or root-equivalent privileges only. The reported issues do not introduce any additional security risk to the product, provided the recommended best practices to protect the access of highly privileged account are followed. Customers are strongly advised to patch the virtual host environment where the product is deployed for full protection.
Dell Storage Integration tools for VMWare (Compellent)
Dell EqualLogic Virtual Storage Manager (VSM - EqualLogic)
 
 
 
Dell Storage Product Line
Assessment
Dell Storage NX family Impacted.
See relevant PowerEdge Server information for BIOS patch information. Follow relevant operating system vendor recommendations for OS level mitigation.
Dell Storage DSMS family


Systems Management for PowerEdge Server Products
 
 
 
Component
Assessment
iDRAC: 14G, 13G, 12G, 11G
Not impacted.
To take advantage of these vulnerabilities, an attacker first must be able to run malicious code on the targeted system. The product is designed to prevent users from loading and executing any external and/or untrusted code on the system. The reported issues do not introduce any additional security risk to the product.
Chassis Management Controller (CMC): 14G, 13G, 12G, 11G
Not impacted.
To take advantage of these vulnerabilities, an attacker first must be able to run malicious code on the targeted system. The product is designed to prevent users from loading and executing any external and/or untrusted code on the system. The reported issues do not introduce any additional security risk to the product.
Generation Models BIOS version
14G R740, R740XD, R640, R940, XC740XD, XC640, XC940 1.4.8
R840, R940xa 1.1.3
R540, R440, T440, XR2 1.4.8
T640 1.4.8
C6420, XC6420 1.4.9
FC640, M640, M640P 1.4.8
C4140 1.2.10
Generation Models BIOS version
13G R830 1.8.0
T130, R230, T330, R330, NX430 2.5.0
R930 2.5.2
R730, R730XD, R630, NX3330, NX3230, DSMS630, DSMS730, XC730, XC703XD, XC630 2.8.0
C4130 2.8.0
M630, M630P, FC630 2.8.0
FC430 2.8.0
M830, M830P, FC830 2.8.0
T630 2.8.0
R530, R430, T430, XC430, XC430Xpress 2.8.0
R530XD 1.8.0
C6320, XC6320 2.8.0
T30 1.0.14
Generation Models BIOS version
12G R920 1.8.0
R820 2.5.0
R520 2.6.0
R420 2.6.0
R320, NX400 2.6.0
T420 2.6.0
T320 2.6.0
R220 1.10.3
R720, R720XD, NX3200, XC72XD 2.7.0
R620, NX3300 2.7.0
M820 2.7.0
M620 2.7.0
M520 2.7.0
M420 2.7.0
T620 2.7.0
T20 A18
C5230 1.4.0
C6220 2.5.6
C6220II 2.9.0
C8220, C8220X 2.9.0
Generation Models BIOS version
11G R710 6.6.0
NX3000 6.6.0***
R610 6.6.0
T610 6.6.0
R510 1.14.0
NX3100 1.14.0***
R410 1.14.0
NX300 1.14.0***
T410 1.14.0
R310 1.14.0
T310 1.14.0
NX200 1.14.0***
T110 1.12.0
T110-II 2.10.0
R210 1.12.0
R210-II 2.10.0
R810 2.11.0
R910 2.12.0
T710 6.6.0
M610, M610X 6.6.0
M710 6.6.0
M710HD 8.3.1
M910 2.12.0
C1100 3B25
C2100 In Process
C5220 2.3.0
C6100 1.81
SLN309851_en_US__1icon ***Only update the BIOS using the Non-Packaged update on the 11G NX series platforms.

 

Models BIOS version
DSS9600, DSS9620, DSS9630 1.4.9
DSS1500, DSS1510, DSS2500 2.8.0
DSS7500 2.8.0

Models BIOS/Firmware/Driver version
OS10 Basic VM In process
OS10 Enterprise VM In process
S OS-Emulator In process
Z OS-Emulator In process
S3048-ON OS10 Basic In process
S4048-ON OS10 Basic In process
S4048T-ON OS10 Basic In process
S6000-ON OS Basic In process
S6010-ON OS10 Basic In process
Z9100 OS10 Basic In process
 
Networking - Fixed Port Switches
Platforms BIOS/Firmware/Driver version
Mellanox SB7800 Series, SX6000 Series In process
Models BIOS/Firmware/Driver version
W-3200, W-3400, W-3600, W-6000, W-620, W-650, W-651 In process
W-7005, W-7008, W-7010, W-7024, W-7030, W-7200 Series, W-7205 In process
W-AP103, W-AP103H, W-AP105, W-AP114, W-AP115, W-AP124, W-AP125, W-AP134, W-AP135, W-AP175 In process
W-AP204, W-AP205, W-AP214, W-AP215, W-AP224, W-AP225, W-AP274, W-AP275 In process
W-AP68, W-AP92, W-AP93, W-AP93H In process
W-IAP103, W-IAP104, W-IAP105, W-IAP108, W-IAP109, W-IAP114, W-IAP115, W-IAP134, W-IAP135 In process
W-IAP155, W-IAP155P, W-IAP175P, W-IAP175AC, W-IAP204, W-IAP205, W-IAP214, W-IAP215 In process
W-IAP-224, W-IAP225, W-IAP274, W-IAP275, W-IAP3WN, W-IAP3P, W-IAP92, W-IAP93 In process
W-Series Access Points - 205H, 207, 228, 277, 304, 305, 314, 315, 324, 325, 334, 335 In process
W-Series Controller AOS In process
W-Series FIPS In process
Models BIOS/Firmware/Driver version
W-Airwave In Process - Ensure Hypervisor has appropriate patches.
W-ClearPass Hardware Appliances In process
W-ClearPass Virtual Appliances In Process - Ensure Hypervisor has appropriate patches.
W-ClearPass 100 Software In process


External references

Cause

-

Resolution

-

Article Properties


Affected Product

Networking, Datacenter Scalable Solutions, PowerEdge, C Series, Entry Level & Midrange, Compellent (SC, SCv & FS Series), Legacy Storage Models

Last Published Date

30 Aug 2023

Version

7

Article Type

Solution