High
Summary:
Dell EMC VxRack SDDC contains operating system and firmware security updates to mitigate three known variants of speculative execution side-channel vulnerabilities.
On January 3, 2018, a team of security researchers disclosed a new class of side-channel analysis attacks (also known as Meltdown and Spectre) that affects many modern processors. An unprivileged attacker with local user access to the system could potentially leverage these attacks to read privileged memory data that would otherwise be inaccessible.
This advisory addresses the following known variants:
Variant 1 (CVE-2017-5753, Spectre): Bounds check bypass
Variant 2 (CVE-2017-5715, also Spectre): Branch target injection
Variant 3 (CVE-2017-5754, Meltdown): Rogue data cache load
For more information about these attacks, see CERT/CC Vulnerability Note VU#584653 and research papers published here.
On January 3, 2018, a team of security researchers disclosed a new class of side-channel analysis attacks (also known as Meltdown and Spectre) that affects many modern processors. An unprivileged attacker with local user access to the system could potentially leverage these attacks to read privileged memory data that would otherwise be inaccessible.
This advisory addresses the following known variants:
Variant 1 (CVE-2017-5753, Spectre): Bounds check bypass
Variant 2 (CVE-2017-5715, also Spectre): Branch target injection
Variant 3 (CVE-2017-5754, Meltdown): Rogue data cache load
For more information about these attacks, see CERT/CC Vulnerability Note VU#584653 and research papers published here.
Affected products:
Dell EMC VxRack SDDC
Resolution:
The following Dell EMC VxRack SDDC release addresses these vulnerabilities:
Dell EMC VxRack SDDC 5.1.2
Dell EMC recommends all customers upgrade at the earliest opportunity. For full protection, the host systems where virtual appliance is deployed must be patched as well. Check with your hardware system vendor and hypervisor vendor for any available updates for the host system.
Dell EMC recommends customers to follow security best practices for malware protection in general to protect against possible exploitation of these issues until updates can be applied.
Link to Remedies:
Customers can download software and firmware updates from the following link: https://www.dell.com/support/
Affected products:
Dell EMC VxRack SDDC
Resolution:
The following Dell EMC VxRack SDDC release addresses these vulnerabilities:
Dell EMC VxRack SDDC 5.1.2
Dell EMC recommends all customers upgrade at the earliest opportunity. For full protection, the host systems where virtual appliance is deployed must be patched as well. Check with your hardware system vendor and hypervisor vendor for any available updates for the host system.
Dell EMC recommends customers to follow security best practices for malware protection in general to protect against possible exploitation of these issues until updates can be applied.
Link to Remedies:
Customers can download software and firmware updates from the following link: https://www.dell.com/support/