Microprocessor Side-Channel Vulnerabilities (CVE-2018-3639 and CVE-2018-3640): Impact on Dell EMC PowerEdge Servers, Storage (SC Series, PS Series, and PowerVault MD Series) and Networking products

Microprocessor Side-Channel Vulnerabilities (CVE-2018-3639 and CVE-2018-3640): Impact on Dell EMC PowerEdge Servers, Storage (SC Series, PS Series, and PowerVault MD Series) and Networking products


2018-08-017

CVE ID: CVE-2018-3639, CVE-2018-3640

Dell EMC is aware of the side-channel vulnerabilities described in CVE-2018-3639 (also known as Speculative Store Bypass) and CVE-2018-3640 (also known as Rogue System Register Read) affecting many modern microprocessors that were published by Google Project Zero and the Microsoft Security Response Center on May 21, 2018. An unprivileged attacker with local user access to the system could potentially exploit these vulnerabilities to read privileged memory data. For more information, please review security updates posted by Intel.

Dell EMC is investigating the impact of these issues on our products. We will update this article regularly with impact details and mitigation steps as they become available. Mitigation steps may vary by product and may require updates to processor microcode (BIOS), Operating System (OS), Virtual Machine Manager (VMM), and other software components.

Dell EMC recommends customers follow security best practices for malware protection to help prevent possible exploitation of these vulnerabilities until any future updates can be applied. These practices include, but are not limited to, promptly deploying software updates, avoiding unknown hyperlinks and websites, never downloading files or applications from unknown sources, and employing up-to-date anti-virus and advanced threat protection solutions.

Dell EMC PowerEdge Servers

There are two essential components that need to be applied to mitigate the above mentioned vulnerabilities:
1. System BIOS as listed in the Tables below
2. Operating System & Hypervisor updates.

The Product Tables have been updated and will be updated as microcode is released by Intel. If your product has an updated BIOS listed, Dell EMC recommends you upgrade to that BIOS and apply the appropriate OS patches to provide mitigation against the listed CVEs.

Dell EMC XC Series Hyper-converged Appliances.
Please see PowerEdge Server Product Tables.

Dell EMC Storage (SC Series, PS Series, and PowerVault MD Series) Products
Please see the Product Tables for the appropriate mitigations and analysis.

Dell EMC Networking Products
Please see the Product Tables for the appropriate mitigations and analysis.

For information on other Dell products, please see: http://dell.com/support/speculative-store-bypass.

Note: The tables below list products for which there is available BIOS/Firmware/Driver guidance. This information will be updated as additional information is available. If you do not see your platform, please check later.

The Server BIOS can be updated using the iDRAC or directly from the Operating System. Additional methods are provided in this article.

These are the minimum required BIOS versions.

BIOS/Firmware/Driver updates for PowerEdge Server, Storage (including server leveraged storage platforms), and Networking Products


Dell Storage Product Line
Assessment
EqualLogic PS Series Not applicable.
CPU used in the product is not impacted by reported issues. CPU used is Broadcom MIPS processor without speculative execution.
Dell EMC SC Series (Compellent) No additional security risk.
To take advantage of these vulnerabilities, an attacker first must be able to run malicious code on the targeted system. The product is designed to prevent users from loading and executing any external and/or untrusted code on the system. The reported issues do not introduce any additional security risk to the product.
Dell Storage MD3 and DSMS MD3 Series
Dell PowerVault Tape Drives & Libraries
Dell Storage FluidFS Series (includes: FS8600, FS7600, FS7610, FS7500, NX3600, NX3610, NX3500) No additional security risk.
To take advantage of these vulnerabilities, an attacker first must be able to run malicious code on the targeted system. Access to the product to load external and/or potentially untrusted code is restricted to users with root or root-equivalent privileges only. The reported issues do not introduce any additional security risk to the product, provided the recommended best practices to protect the access of highly privileged account are followed.
Dell Storage Virtual Appliance
Assessment
Dell Storage Manager Virtual Appliance (DSM VA - Compellent) No additional security risk.
To take advantage of these vulnerabilities, an attacker first must be able to run malicious code on the targeted system. Access to the product to load external and/or potentially untrusted code is restricted to users with root or root-equivalent privileges only. The reported issues do not introduce any additional security risk to the product, provided the recommended best practices to protect the access of highly privileged account are followed. Customers are strongly advised to patch the virtual host environment where the product is deployed for full protection.
Dell Storage Integration tools for VMWare (Compellent)
Dell EqualLogic Virtual Storage Manager (VSM - EqualLogic)
Dell Storage Product Line
Assessment
Dell Storage NX family Impacted.
See relevant PowerEdge Server information for BIOS patch information. Follow relevant operating system vendor recommendations for OS level mitigation.
Dell Storage DSMS family


Systems Management for PowerEdge Server Products
Component
Assessment
iDRAC: 14G, 13G, 12G, 11G
Not impacted.
To take advantage of these vulnerabilities, an attacker first must be able to run malicious code on the targeted system. The product is designed to prevent users from loading and executing any external and/or untrusted code on the system. The reported issues do not introduce any additional security risk to the product.
Chassis Management Controller (CMC): 14G, 13G, 12G, 11G
Not impacted.
To take advantage of these vulnerabilities, an attacker first must be able to run malicious code on the targeted system. The product is designed to prevent users from loading and executing any external and/or untrusted code on the system. The reported issues do not introduce any additional security risk to the product.
Generation Models BIOS version
14G R740, R740XD, R640, R940, XC740XD, XC640, XC940 1.4.8
R840, R940xa 1.1.3
R540, R440, T440, XR2 1.4.8
T640 1.4.8
C6420, XC6420 1.4.9
FC640, M640, M640P 1.4.8
C4140 1.2.10
Generation Models BIOS version
13G R830 1.8.0
T130, R230, T330, R330, NX430 2.5.0
R930 2.5.2
R730, R730XD, R630, NX3330, NX3230, DSMS630, DSMS730, XC730, XC703XD, XC630 2.8.0
C4130 2.8.0
M630, M630P, FC630 2.8.0
FC430 2.8.0
M830, M830P, FC830 2.8.0
T630 2.8.0
R530, R430, T430, XC430, XC430Xpress 2.8.0
R530XD 1.8.0
C6320, XC6320 2.8.0
T30 1.0.14
Generation Models BIOS version
12G R920 1.8.0
R820 2.5.0
R520 2.6.0
R420 2.6.0
R320, NX400 2.6.0
T420 2.6.0
T320 2.6.0
R220 1.10.3
R720, R720XD, NX3200, XC72XD 2.7.0
R620, NX3300 2.7.0
M820 2.7.0
M620 2.7.0
M520 2.7.0
M420 2.7.0
T620 2.7.0
T20 A18
C5230 1.4.0
C6220 2.5.6
C6220II 2.9.0
C8220, C8220X 2.9.0
Generation Models BIOS version
11G R710 6.6.0
NX3000 In Process
R610 6.6.0
T610 6.6.0
R510 1.14.0
NX3100 In Process
R410 1.14.0
NX300 In Process
T410 1.14.0
R310 1.14.0
T310 1.14.0
NX200 In Process
T110 1.12.0
T110-II 2.10.0
R210 1.12.0
R210-II 2.10.0
R810 2.11.0
R910 2.12.0
T710 6.6.0
M610, M610X 6.6.0
M710 6.6.0
M710HD 8.3.1
M910 2.12.0
C1100 3B25
C2100 In Process
C5220 2.3.0
C6100 1.81
Models BIOS version
DSS9600, DSS9620, DSS9630 1.4.9
DSS1500, DSS1510, DSS2500 2.8.0
DSS7500 2.8.0

Models BIOS/Firmware/Driver version
OS10 Basic VM In process
OS10 Enterprise VM In process
S OS-Emulator In process
Z OS-Emulator In process
S3048-ON OS10 Basic In process
S4048-ON OS10 Basic In process
S4048T-ON OS10 Basic In process
S6000-ON OS Basic In process
S6010-ON OS10 Basic In process
Z9100 OS10 Basic In process
Networking - Fixed Port Switches
Platforms BIOS/Firmware/Driver version
Mellanox SB7800 Series, SX6000 Series In process
Models BIOS/Firmware/Driver version
W-3200, W-3400, W-3600, W-6000, W-620, W-650, W-651 In process
W-7005, W-7008, W-7010, W-7024, W-7030, W-7200 Series, W-7205 In process
W-AP103, W-AP103H, W-AP105, W-AP114, W-AP115, W-AP124, W-AP125, W-AP134, W-AP135, W-AP175 In process
W-AP204, W-AP205, W-AP214, W-AP215, W-AP224, W-AP225, W-AP274, W-AP275 In process
W-AP68, W-AP92, W-AP93, W-AP93H In process
W-IAP103, W-IAP104, W-IAP105, W-IAP108, W-IAP109, W-IAP114, W-IAP115, W-IAP134, W-IAP135 In process
W-IAP155, W-IAP155P, W-IAP175P, W-IAP175AC, W-IAP204, W-IAP205, W-IAP214, W-IAP215 In process
W-IAP-224, W-IAP225, W-IAP274, W-IAP275, W-IAP3WN, W-IAP3P, W-IAP92, W-IAP93 In process
W-Series Access Points - 205H, 207, 228, 277, 304, 305, 314, 315, 324, 325, 334, 335 In process
W-Series Controller AOS In process
W-Series FIPS In process
Models BIOS/Firmware/Driver version
W-Airwave In Process - Ensure Hypervisor has appropriate patches.
W-ClearPass Hardware Appliances In process
W-ClearPass Virtual Appliances In Process - Ensure Hypervisor has appropriate patches.
W-ClearPass 100 Software In process


External references




Need more help?
Find additional PowerEdge and PowerVault articles

Visit and ask for support in our Communities

Create an online support Request



Article ID: SLN309851

Last Date Modified: 09/14/2018 10:15 AM


Rate this article

Accurate
Useful
Easy to understand
Was this article helpful?
Yes No
Send us feedback
Comments cannot contain these special characters: <>()\
Sorry, our feedback system is currently down. Please try again later.

Thank you for your feedback.