Knowledge Base

Microprocessor Side-Channel Vulnerabilities (CVE-2017-5715, CVE-2017-5753, CVE-2017-5754): Impact on Dell products


CVE ID: CVE-2017-5715, CVE-2017-5753, CVE-2017-5754

Dell is aware of the new side-channel analysis vulnerabilities, known as Meltdown and Spectre, affecting many modern microprocessors that were discovered and published by a team of security researchers on January 3, 2018. No "real-world" exploits of these vulnerabilities have been reported to date, though researchers have produced proof-of-concepts.

Patch Guidance:

There are two essential components that need to be applied to mitigate the above-mentioned vulnerabilities:

  1. Apply the firmware update via BIOS update listed below, see the table in Dell Consumer and Commercial Client Products Affected section below.
  2. Apply the applicable operating system patch, see the OS Patch Guidance section below.

Dell will update this article with information as it becomes available, including impacted products and remediation steps.

Dell recommends customers follow security best practices for malware protection, in general, to protect against possible exploitation of these vulnerabilities. These practices include promptly adopting software updates, avoiding unrecognized hyperlinks and websites, not downloading files or applications from unknown sources and following secure password protocols. Customers should also use security software to help protect against malware (advanced threat prevention software or anti-virus).

Notes:

Dell Consumer and Commercial Client Products Affected:

The systems below are affected and can receive patched firmware via Dell BIOS release (BIOS Update). Dates in this list are estimates provided for customer planning purposes and will be updated with links to download packages when available:

Notes:
  • Prior to installing the BIOS releases, please ensure Windows Updates are up to date.
  • The dates listed are estimated availability dates, as each release is thoroughly tested before release.
  • Dates mentioned below are in US format of MM/DD/YY
  • These patches may also include the firmware component of the Intel ME/TXE Advisory (INTEL-SA-00086), please refer to the Dell Knowledge Base on the Intel ME/TXE advisory for complete details.

Intel has communicated a potential issue with the microcode included in these BIOS updates for the Intel 4th generation (Haswell) and Intel 5th generation (Broadwell) processors listed below. This issue is currently under investigation by Intel and we will provide further updates as available. Refer to Intel’s Security Issue Update: Addressing Reboot Issues, for more information.

Client Products

Model Number

BIOS Release

Alienware 13 R2 1.4.4
Alienware 13 R3 1.2.3
Alienware 15 R2 1.4.4
Alienware 15 R3 1.2.3
Alienware 17 R2 1/26/2018
Alienware 17 R4 1.2.3
Alienware Area-51 R2 In Process
Alienware Area-51 R4 1.1.3
Alienware Area-51 R5 1/26/2018
Alienware Aurora R5 1.0.16
Alienware Aurora R6 1.0.12
Alienware Aurora R7 In Process
Alienware Steam Machine 200 2.0.10
Alienware Steam Machine 201 1.0.11
Alienware X51 R3 1.0.11
ChengMing 3967 1.2.2
ChengMing 3977 1.3.2
Edge Gateway 3000 series 2/2/2018
Edge Gateway 5000 (Commercial) 2/2/2018
Edge Gateway 5100 (Industrial) 2/2/2018
Embedded Box PC 3000 In Process
Embedded Box PC 5000 1.4.2
Inspiron 11 (3137) SFX Platform In Process
Inspiron 11 (3162) In Process
Inspiron 11 (3164) In Process
Inspiron 11 (3168) In Process
Inspiron 11 (3169) 1.4.0
Inspiron 11 (3179) 1.3.3
Inspiron 11 2-in-1 (3153) 1.18.2
Inspiron 11 2-in-1 (3158) 1.18.2
Inspiron 13 2-in-1 (5368) 1.15.2
Inspiron 13 2-in-1 (5378) 1.22.3
Inspiron 13 2-in-1 (5379) 1.3.2
Inspiron 13 2-in-1 (7348) In Process
Inspiron 13 2-in-1 (7353) 1.18.2
Inspiron 13 2-in-1 (7359) 1.18.2
Inspiron 13 2-in-1 (7373) 1.5.4
Inspiron 13 2-in-1 (7378) 1.22.3
Inspiron 14 (3459) 1.5.3
Inspiron 14 (3462) 1.9.2
Inspiron 14 (3467) 2.1.3
Inspiron 14 (3468) 1.8.3
Inspiron 14 (5439) In Process
Inspiron 14 (5468) 1.4.2
Inspiron 14 (7437) In Process
Inspiron 14 (7460) 1.4.2
Inspiron 14 Gaming (7466) 1.2.1
Inspiron 14 Gaming (7467) 1.4.0
Inspiron 15 (3559) 1.5.3
Inspiron 15 (3567) 2.1.3
Inspiron 15 (3568) 1.8.3
Inspiron 15 (5566) 1.4.2
Inspiron 15 (5567) 1.1.9
Inspiron 15 (7537) In Process
Inspiron 15 (7559) 1.2.7
Inspiron 15 (7560) 1.4.2
Inspiron 15 (7572) 1.1.0
Inspiron 15 2-in-1 (5568) 1.15.2
Inspiron 15 2-in-1 (5578) 1.22.3
Inspiron 15 2-in-1 (5579) 1.3.2
Inspiron 15 2-in-1 (7568) 1.18.2
Inspiron 15 2-in-1 (7569) 1.15.2
Inspiron 15 2-in-1 (7573) 1.5.4
Inspiron 15 2-in-1 (7579) 1.22.3
Inspiron 15 Gaming (5577) 1.0.8
Inspiron 15 Gaming (7566) 1.2.1
Inspiron 15 Gaming (7567) 1.4.0
Inspiron 15 Gaming (7577) 1.3.2
Inspiron 15R (5537) In Process
Inspiron 17 (5767) 1.1.9
Inspiron 17 (7737) In Process
Inspiron 17 2-in-1 (7773) 1.3.2
Inspiron 17 2-in-1 (7778) 1.15.2
Inspiron 17 2-in-1 (7779) 1.22.3
Inspiron 17R (5737) In Process
Inspiron 20 AIO (3052) In Process
Inspiron 20 AIO (3059) 2.8.1
Inspiron 20 AIO (3064) 2.2.2
Inspiron 22 (3263) 1.7.0
Inspiron 22 AIO (3263) 1.7.0
Inspiron 22 AIO (3264) 2.2.2
Inspiron 23 (5348) A09
Inspiron 2350 In Process
Inspiron 24 AIO (3452) In Process
Inspiron 24 AIO (3459) 2.8.1
Inspiron 24 AIO (3464) 2.2.2
Inspiron 24 AIO (5459) 2.8.0
Inspiron 24 AIO (5488) 2.4.2
Inspiron 24 AIO (7459) 1.7.1
Inspiron 3147 In Process
Inspiron 3148 In Process
Inspiron 3250 3.5.2
Inspiron 3252 In Process
Inspiron 3268 1.6.0
Inspiron 3458 In Process
Inspiron 3476 1/26/2018
Inspiron 3537 In Process
Inspiron 3558 In Process
Inspiron 3576 1/26/2018
Inspiron 3650 3.5.2
Inspiron 3662 2.5.0
Inspiron 3668 1.6.0
Inspiron 3737 In Process
Inspiron 5370 1.3.1
Inspiron 5442 In Process
Inspiron 5447 In Process
Inspiron 5452 In Process
Inspiron 5457 1.3.2
Inspiron 5458 In Process
Inspiron 5459 1.4.1
Inspiron 5542 In Process
Inspiron 5547 In Process
Inspiron 5552 In Process
Inspiron 5557 1.3.2
Inspiron 5558 In Process
Inspiron 5559 1.4.1
Inspiron 5570 1.0.9
Inspiron 5758 In Process
Inspiron 5759 1.4.1
Inspiron 5770 1.0.9
Inspiron 7347 In Process
Inspiron 7370 1.5.4
Inspiron 7472 1.1.0
Inspiron 7570 1.5.4
Latitude 3150 In Process
Latitude 3160 In Process
Latitude 3180 1/26/2018
Latitude 3189 1/26/2018
Latitude 3330 In Process
Latitude 3340 A15
Latitude 3350 A12
Latitude 3379 1.0.21
Latitude 3380 1.3.5
Latitude 3390 2-in-1 1/26/2018
Latitude 3450 A15
Latitude 3460 A12
Latitude 3470 1.10.1
Latitude 3480 1.5.5
Latitude 3490 1/26/2018
Latitude 3540 In Process
Latitude 3550 A15
Latitude 3560 A12
Latitude 3570 1.10.1
Latitude 3580 1.5.5
Latitude 3590 1/26/2018
Latitude 5175 1.0.29
Latitude 5179 1.0.29
Latitude 5280 1.8.1
Latitude 5285 1.3.1
Latitude 5288 1.8.1
Latitude 5289 1.10.1
Latitude 5290 1.1.7
Latitude 5290 2-in-1 1.1.0
Latitude 5404 A14
Latitude 5414 1.15.0
Latitude 5480 1.8.1
Latitude 5488 1.8.1
Latitude 5490 1.1.7
Latitude 5580 1.8.1
Latitude 5590 1.1.7
Latitude 7202 A18
Latitude 7204 A12
Latitude 7212 1.7.0
Latitude 7214 1.15.0
Latitude 7275 1.1.34
Latitude 7280 1.8.1
Latitude 7285 1.1.0
Latitude 7290 1.2.6
Latitude 7350 A14
Latitude 7370 1.15.3
Latitude 7380 1.8.1
Latitude 7389 1.10.1
Latitude 7390 1.2.6
Latitude 7390 2-in-1 1.1.3
Latitude 7404 A13
Latitude 7414 1.15.0
Latitude 7480 1.8.1
Latitude 7490 1.2.6
Latitude E5250 A18
Latitude E5270 1.18.6
Latitude E5430 2/7/2018
Latitude E5430 vPro 2/7/2018
Latitude E5440 A19
Latitude E5450 A18
Latitude E5470 1.18.6
Latitude E5530 2/7/2018
Latitude E5530 vPro 2/7/2018
Latitude E5540 A19
Latitude E5550 A18
Latitude E5570 1.18.6
Latitude E6230 2/7/2018
Latitude E6330 2/7/2018
Latitude E6430 2/7/2018
Latitude E6430 ATG 2/7/2018
Latitude E6430S 2/7/2018
Latitude E6430U 2/7/2018
Latitude E6440 A19
Latitude E6440 ATG 1/31/2018
Latitude E6530 2/7/2018
Latitude E6540 A22
Latitude E7240 A23
Latitude E7250 A18
Latitude E7270 1.18.5
Latitude E7440 A23
Latitude E7450 A18
Latitude E7470 1.18.5
OptiPlex 3010 In Process
OptiPlex 3011 AIO In Process
OptiPlex 3020 A16
OptiPlex 3020M A11
OptiPlex 3030 A11
OptiPlex 3040 1.6.1
OptiPlex 3046 1.3.1
OptiPlex 3050 1.7.7
OptiPlex 3050 AIO 1.8.1
OptiPlex 3240 AIO 1.5.21
OptiPlex 5040 1.8.1
OptiPlex 5050 1.7.7
OptiPlex 5250 1.8.1
OptiPlex 7010 In Process
OptiPlex 7020 A14
OptiPlex 7040 1.8.1
OptiPlex 7050 1.7.7
OptiPlex 7440 AIO 1.8.6
OptiPlex 7450 1.8.1
OptiPlex 9010 In Process
OptiPlex 9010 AIO 1/31/2018
OptiPlex 9020 A21
OptiPlex 9020 AIO A16
OptiPlex 9020M A15
OptiPlex 9030 A18
OptiPlex XE2 A21
Precision 3420 Tower 2.6.1
Precision 3510 1.18.6
Precision 3520 1.8.1
Precision 3620 Tower 2.6.1
Precision 5510 1.6.1
Precision 5520 1.7.0
Precision 5720 AIO 2.3.3
Precision 5810 Tower A24
Precision 5810 XL Tower A24
Precision 5820 XL Tower 1.2.1
Precision 7510 1.15.3
Precision 7520 1.9.0
Precision 7710 1.15.3
Precision 7720 1.9.0
Precision 7810 Tower A24
Precision 7810 XL Tower A24
Precision 7820 Tower 1.2.2
Precision 7910 Tower A24
Precision 7910 XL Tower A24
Precision 7920 Tower 1.2.2
Precision M2800 A12
Precision M4700 2/7/2018
Precision M4800 A21
Precision M6700 2/7/2018
Precision M6800 A21
Precision R7610 A15
Precision Rack 7910 2.7.0
Precision Rack 7920 1.2.71
Precision T1650 In Process
Precision T1700 A24
Precision T3610 A15
Precision T5610 A15
Precision T7610 A15
Venue 11 Pro (5130-32Bit) In Process
Venue 11 Pro (5130-64Bit) In Process
Venue 11 Pro (7130) A24
Venue 11 Pro (7130) MS In Process
Venue 11 Pro (7140) A14
Vostro 14 (3459) 1.3.1
Vostro 14 (3468) 2.1.5
Vostro 14 (5468) 1.4.2
Vostro 14 (5470) In Process
Vostro 15 (3559) 1.3.1
Vostro 15 (3562) 1/26/2018
Vostro 15 (3568) 2.1.5
Vostro 15 (5568) 1.4.2
Vostro 15 (7570) 1.3.2
Vostro 23 (3340) A07
Vostro 24 (5450) 2.8.0
Vostro 24 (5460 Kaby Lake) 2.4.2
Vostro 24 (5460) 1.4.0
Vostro 3052 In Process
Vostro 3250 3.5.2
Vostro 3252 In Process
Vostro 3267 1.6.0
Vostro 3268 1.6.0
Vostro 3458 In Process
Vostro 3558 In Process
Vostro 3650 3.5.2
Vostro 3653 3.5.2
Vostro 3660 1.6.0
Vostro 3667 1.6.0
Vostro 3668 1.6.0
Vostro 3669 1.6.0
Vostro 5370 1.3.1
Vostro 5459 1.1.3
Vostro 5471 1.3.1
Vostro 5560 In Process
XPS 12 (9250) 1.1.34
XPS 13 (9343) A14
XPS 13 (9350) 1.6.1
XPS 13 (9360) 2.5.0
XPS 13 (9370) 1.1.3
XPS 13 2-in-1 (9365) 1.2.1
XPS 15 (9550) 1.6.1
XPS 15 (9560) 1.7.0
XPS 27 AIO (7760) 2.3.3
XPS 8900 2.2.1
XPS 8910 1.1.5
XPS 8920 1.0.12
XPS 8930 In Process

Thin Client Products
Model Number OS Version BIOS Release OS Release
Wyse 3030 Thin Client Windows Embedded Standard 7 In Process In Process
Wyse 3030 LT Thin Client Wyse ThinLinux 1.x (SLES) In Process In Process
Wyse 3040 Thin Client Wyse ThinLinux 1.x (SLES) 2/14/2018 In Process
Wyse 5010 Thin Client Windows Embedded Standard 7, Windows Embedded Standard 7 Premium, Windows Embedded 8 Standard In Process In Process
Wyse 5020 Thin Client Windows Embedded Standard 7, Windows Embedded Standard 7 Premium, Windows Embedded 8 Standard, WIE10 TH In Process In Process
Wyse 5020 Thin Client Wyse ThinLinux 1.x (SLES) In Process In Process

Wyse 5060 thin client

Windows Embedded Standard 7 Premium,

WIE10 RS

In Process

In Process

Wyse 5060 Thin Client Wyse ThinLinux 1.x (SLES) In Process In Process
Wyse 7010 Thin Client Windows Embedded Standard 7, Windows Embedded Standard 7 Premium, Windows Embedded 8 Standard In Process In Process
Wyse 7010 Thin Client Wyse ThinLinux 1.x (SLES) In Process In Process
Wyse 7020 Thin Client Windows Embedded Standard 7, Windows Embedded Standard 7 Premium, Windows Embedded 8 Standard, WIE10 TH In Process In Process
Wyse 7020 Thin Client Wyse ThinLinux 1.x (SLES) In Process In Process
Wyse 7040 Thin Client Windows Embedded Standard 7 Premium, WIE10 TH 1/22/2018 Available
Latitude 3460 Mobile Thin Client Windows Embedded Standard 7 Premium 1/22/2018 Available
Latitude E7270 Mobile Thin Client Windows Embedded Standard 7 Premium 1/22/2018 Available
Latitude 3480 Mobile Thin Client WIE10 RS 1/22/2018 Available
Latitude 5280 Mobile Thin Client WIE10 RS 1/22/2018 Available
Note:
  • ThinOS versions 8.4 and later are not affected.
    ThinOS, by design, is a "closed" OS, i.e., only Dell supplied software can run on ThinOS. There is no web browser or other interface to browse, download or install software on ThinOS. In version 8.4, ThinOS introduced digital signature verification of software updates / packages. Thus, users (including Administrators) cannot download or install other software on ThinOS, including malware that could exploit the vulnerabilities in the underlying CPU. Customers should update their devices to the latest version of ThinOS. Dell will continue to monitor the situation.

OS Patch Guidance:

The operating systems listed below are affected and should be updated by following the instructions provided in the advisory for the applicable operating system.

Microsoft Advisory: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180002

RedHat: https://access.redhat.com/security/vulnerabilities/speculativeexecution

SuSe: https://www.suse.com/support/kb/doc/?id=7022512

Ubuntu: https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SpectreAndMeltdown

ChromeOS: https://support.google.com/faqs/answer/7622138#chromeos

References:

Intel Security Advisory: https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00088&languageid=en-fr

AMD Update: http://www.amd.com/en/corporate/speculative-execution

Google Project Zero Blog Post: https://googleprojectzero.blogspot.com/2018/01/reading-privileged-memory-with-side.html

Research papers: https://meltdownattack.com





Artikel-id: SLN308587

Laatste wijzigingsdatum: 01/22/2018 07:49 AM


Beoordeel dit artikel

Nauwkeurig
Nuttig
Eenvoudig te begrijpen
Was dit artikel nuttig?
Ja Nee
Stuur ons feedback
Opmerkingen mogen geen speciale tekens bevatten: <>() \
Excuses, ons feedbacksysteem is momenteel offline. Probeert u het later nog eens.

Hartelijk dank voor uw feedback.