Article Number: 000137307
CVE ID: CVE-2018-3615, CVE-2018-3620, CVE-2018-3646
Dell is aware of a recently disclosed class of CPU speculative execution vulnerabilities (CVE-2018-3615, CVE-2018-3620, and CVE-2018-3646) known collectively as "L1 Terminal Fault" (L1TF) that affect Intel microprocessors. For more information about these vulnerabilities, review the security advisory posted by Intel.
Dell is investigating the impact of these vulnerabilities on our products, and we are working with Intel and other industry partners to mitigate these vulnerabilities. Mitigation steps may vary by product and may include updates to firmware, operating system, and hypervisor components.
Dell EMC recommends customers follow security best practices for malware protection to help prevent possible exploitation of these vulnerabilities until any future updates can be applied. These practices include, but are not limited to, promptly deploying software updates, avoiding unknown hyperlinks and websites, never downloading files or applications from unknown sources, and employing up-to-date anti-virus and advanced threat protection solutions.
Dell EMC PowerEdge Servers/ XC Hyperconverged Appliances
There are two essential components that must be applied to mitigate the above mentioned vulnerabilities:
If your product has an updated BIOS listed, Dell recommends you upgrade to that BIOS and apply the appropriate operating system updates to provide mitigation against the listed CVEs.
Dell EMC Storage (SC Series, PS Series, and PowerVault MD Series) Products
See the Product Tables for the appropriate mitigations and analysis.
Dell EMC Networking Products
See the Product Tables for the appropriate mitigations and analysis.
For information about other Dell products, see KB article 145501: Speculative Execution Side-Channel Vulnerabilities “L1 Terminal Fault” (CVE-2017-3615, CVE-2018-3620, CVE-2018-3646) impact on Dell products.
|
Dell Storage Product Line
|
Assessment
|
| EqualLogic PS Series | Not applicable The CPU used in the product is not impacted by the reported issues. CPU used is Broadcom MIPS processor without speculative execution. |
| Dell EMC SC Series (Dell Compellent) | No additional security risk To take advantage of these vulnerabilities, an attacker first must be able to run malicious code on the targeted system. The product is designed to prevent users from loading and running any external or untrusted code on the system. The reported issues do not introduce any additional security risk to the product. |
| Dell Storage MD3 and DSMS MD3 Series | |
| Dell PowerVault Tape Drives and Libraries | |
| Dell Storage FluidFS Series (includes: FS8600, FS7600, FS7610, FS7500, NX3600, NX3610, NX3500) | No additional security risk To take advantage of these vulnerabilities, an attacker first must be able to run malicious code on the targeted system. Access to the product to load external or potentially untrusted code is restricted to users with root or root-equivalent privileges only. The reported issues do not introduce any additional security risk to the product, if the recommended best practices to protect the access of highly privileged accounts are followed. |
|
Dell Storage Virtual Appliance
|
Assessment
|
| Dell Storage Manager Virtual Appliance (DSM VA - Dell Compellent) | No additional security risk To take advantage of these vulnerabilities, an attacker first must be able to run malicious code on the targeted system. Access to the product to load external or potentially untrusted code is restricted to users with root or root-equivalent privileges only. The reported issues do not introduce any additional security risk to the product, if the recommended best practices to protect the access of highly privileged accounts are followed. Customers are advised to update the virtual host environment where the product is deployed for full protection. |
| Dell Storage Integration tools for VMware (Dell Compellent) | |
| Dell EqualLogic Virtual Storage Manager (VSM - EqualLogic) |
|
Dell Storage Product Line
|
Assessment
|
| Dell Storage NX family | Impacted. See relevant PowerEdge Server information for BIOS patch information. Follow relevant operating system vendor recommendations for operating system level mitigation. |
| Dell Storage DSMS family |
| Platforms | Assessment |
| C-Series - C1048P, C9010 | No Additional Security Risk To take advantage of these vulnerabilities, an attacker must first be able to run malicious code on the targeted system. Access to the product to load potentially untrusted code is restricted to users with root or root-equivalent privileges only. The reported issues do not introduce any additional security risk to the product, if the recommended best practices to protect access to highly privileged accounts are followed. |
| M I/O Aggregator | Not Applicable The CPU used in the products is not impacted by the reported issues. |
| MXL | |
| FX2 | |
| N11xx, N15xx, N20xx, N30xx | |
| N2128PX, N3128PX | |
| Navasota | |
| S55, S60 | |
| SIOM | |
| S-Series - Standard and -ON | No Additional Security Risk To take advantage of these vulnerabilities, an attacker must first be able to run malicious code on the targeted system. Access to the product to load potentially untrusted code is restricted to users with root or root-equivalent privileges only. The reported issues do not introduce any additional security risk to the product, if the recommended best practices to protect access to highly privileged accounts are followed. |
| Z-Series - Standard and ON |
| Platforms | Assessment |
| PowerConnect Series Switches | Not Applicable The CPU used in the products is not impacted by the reported issues. |
| C9000 Series Line Cards | |
| Mellanox SB7800 Series, SX6000 Series | No Additional Security Risk To take advantage of these vulnerabilities, an attacker must first be able to run malicious code on the targeted system. Access to the product to load potentially untrusted code is restricted to users with root or root-equivalent privileges only. The reported issues do not introduce any additional security risk to the product, if the recommended best practices to protect access to highly privileged accounts are followed. |
| Platform Software | Assessment |
| VM and Emulator | No Additional Security Risk To take advantage of these vulnerabilities, an attacker must first be able to run malicious code on the targeted system. Access to the product to load potentially untrusted code is restricted to users with root or root-equivalent privileges only. The reported issues do not introduce any additional security risk to the product, if the recommended best practices to protect access to highly privileged accounts are followed. Customers are advised to update the virtual host environment where the product is deployed for full protection. |
| OS10.4.0 and earlier Base and Enterprise | No Additional Security Risk To take advantage of these vulnerabilities, an attacker must first be able to run malicious code on the targeted system. Access to the product to load potentially untrusted code is restricted to users with root or root-equivalent privileges only. The reported issues do not introduce any additional security risk to the product, if the recommended best practices to protect access to highly privileged accounts are followed. |
| OS10.4.1 Base and Enterprise | |
| OS9 All Versions | Not Applicable The operating system is not vulnerable to this attack. |
| Platform | Assessment |
| W-Series | Not Applicable. The CPU used in the products is not impacted by the reported issues. |
| Wireless Appliances: | |
| W-Airwave | No Additional Security Risk To take advantage of these vulnerabilities, an attacker must first be able to run malicious code on the targeted system. Access to the product to load potentially untrusted code is restricted to users with root or root-equivalent privileges only. The reported issues do not introduce any additional security risk to the product, if the recommended best practices to protect access to highly privileged accounts are followed. Customers are advised to update the virtual host environment where the product is deployed for full protection. |
| W-ClearPass Hardware Appliances | |
| W-ClearPass Virtual Appliances | |
| W-ClearPass 100 Software | Not Applicable The Software operates in a Virtual Environment. Customers are advised to update the virtual host environment where the product is deployed. |
07 Oct 2021
5
Solution