Knowledge Base

Microprocessor Side-Channel Vulnerabilities (CVE-2017-5715, CVE-2017-5753, CVE-2017-5754): Impact on Dell EMC products (Dell Enterprise Servers, Storage and Networking)


CVE ID: CVE-2017-5715, CVE-2017-5753, CVE-2017-5754

Dell EMC is aware of the new side-channel analysis vulnerabilities (also known as Meltdown and Spectre) affecting many modern microprocessors that were discovered and published by a team of security researchers on January 3, 2018. We encourage customers to review the Security Advisories in the References section for more information.

Dell EMC is investigating this issue to identify any potential impact to products and will update this article with information as it becomes available, including impacted products and remediation steps.

There are two essential components that need to be applied to mitigate the above mentioned vulnerabilities:
  1. System BIOS as per Tables below
  2. Operating System & Hypervisor updates.
We encourage customers to review the appropriate Hypervisor/OS vendor security advisory. The References section below contains links to some of these vendors.

Dell EMC recommends customers to follow security best practices for malware protection in general to protect against possible exploitation of these analysis methods until any future updates can be applied. These practices include promptly adopting software updates, avoiding unrecognized hyperlinks and websites, and following secure password protocols.


Updates on other Dell products

External references

OS Patch Guidance


Dell Products requiring no patches or fixes for these three CVE vulnerabilities

Storage
  • EqualLogic PS Series
  • Dell EMC SC Series (Compellent)
  • Dell Storage FluidFS Series (includes: FS8600, FS7600, FS7610, FS7500, NX3600, NX3610, NX3500)
  • Dell Storage MD3 Series
  • Dell Storage Windows NAS Appliances (NX3330, NX3230, NX430)
  • Dell PowerVault Tape Drives & Libraries
  • Dell Storage Manager Virtual Appliance (DSM VA - Compellent)
  • Dell Storage Integration tools for VMWare (Compellent)
  • Dell EqualLogic Virtual Storage Manager (VSM - EqualLogic)
Systems Management for PowerEdge Server Products
Component
Assessment
iDRAC: 14G, 13G, 12G, 11G
Not impacted.
iDRAC is a closed system that does not allow external 3rd party code to be executed.
Chassis Management Controller (CMC): 14G, 13G, 12G, 11G
Not impacted.
CMC is a closed system that does not allow external 3rd party code to be executed.

The tables below lists those products for which there is an available BIOS update. These tables will be updated as more information is available. These BIOS updates include the necessary processor vendor provided microcode update.

Note: This information will be updated as information is available. If you do not see your platform, please check later.

Note: The BIOS can be updated using the iDRAC or directly from the Operating System. Additional methods are provided in this article.

BIOS updates for PowerEdge Server Products

Generation Models BIOS version
14G R740, R740XD, R640 1.2.71
R540, R440, T440 1.2.71
T640 1.2.71
C6420 1.2.71
FC640, M640, M640P 1.2.71
C4140 1.0.2
R940 1.2.81

*** Intel has communicated a potential issue with the microcode included in these BIOS updates for Intel Xeon Haswell and Broadwell processors listed below. This issue is currently under investigation by Intel and we will provide further updates as available. See Intel's statement for more details.

Intel® Xeon® Processor E3-1200 v4 Product Family
Intel® Xeon® Processor E5v4 Product Family
Intel® Xeon® Processor E7v3 Product Family
Intel® Xeon® Processor E5v3 Product Family
Intel® Xeon® Processor E3-1200 v3 Product Family

Generation Models BIOS version
13G R830 1.7.0 ***
T130, R230, T330, R330 2.4.1
R930 2.5.0 ***
R730, R730XD, R630 2.7.0 ***
C4130 2.7.0 ***
M630, M630P, FC630 2.7.0 ***
FC430 2.7.0 ***
M830, M830P, FC830 2.7.0 ***
T630 2.7.0 ***
R530, R430, T430 2.7.0 ***
C6320 2.7.0 ***
T30 1.0.12

Generation Models BIOS version
12G R920 ETA 2018-02-01
R820 ETA 2018-02-01
R520 ETA 2018-02-01
R420 ETA 2018-02-01
R320 ETA 2018-02-01
T420 ETA 2018-02-01
T320 ETA 2018-02-01
R220 1.10.1 ***
R720, R720XD ETA 2018-02-01
R620 ETA 2018-02-01
M820 ETA 2018-02-01
M620 ETA 2018-02-01
M520 ETA 2018-02-01
M420 ETA 2018-02-01
T620 ETA 2018-02-01
FM120x4 ETA 2018-02-01
T20 A15 ***
C6220 In process
C6220II In process
C8220 In process
C8220X In process

Generation Models BIOS version
11G R710 In process
R610 In process
T610 In process
R510 In process
R410 In process
T410 In process
R310 In process
T310 In process
T110 In process
T110-II In process
R210 In process
R210-II In process
R810 In process
R910 In process
T710 In process
M610, M610X In process
N710, M710HD In process
M910 In process

BIOS update for Dell Datacenter Scalable Solutions (DSS)

Models BIOS Version
DSS9600, DSS9620, DSS9630 1.2.71
DSS1500, DSS1510, DSS2500 2.7.0 ***
DSS7500 2.7.0 ***



Need more help?
Find additional PowerEdge and PowerVault articles

Visit and ask for support in our Communities

Create an online support Request



Article ID: SLN308588

Last Date Modified: 01/17/2018 03:37 PM


Rate this article

Accurate
Useful
Easy to understand
Was this article helpful?
Yes No
Send us feedback
Comments cannot contain these special characters: <>()\
Sorry, our feedback system is currently down. Please try again later.

Thank you for your feedback.