Microprocessor Side-Channel Vulnerabilities (CVE-2018-3639 and CVE-2018-3640): Impact on Dell EMC PowerEdge Servers, Storage (SC Series, PS Series, and PowerVault MD Series) and Networking products
Summary: Dell EMC guidance to mitigate risk and resolution for the side-channel analysis vulnerabilities (also known as Speculative Store Bypass and Rogue System Register Read) servers, storage and networking products. For specific information on affected platforms and next steps to apply the updates, please refer to this guide. ...
This article applies to
This article does not apply to
This article is not tied to any specific product.
Not all product versions are identified in this article.
Symptoms
2018-11-09
CVE ID: CVE-2018-3639, CVE-2018-3640
Dell EMC is aware of the side-channel vulnerabilities described in CVE-2018-3639 (also known as Speculative Store Bypass) and CVE-2018-3640 (also known as Rogue System Register Read) affecting many modern microprocessors that were published by Google Project Zero and the Microsoft Security Response Center on May 21, 2018. An unprivileged attacker with local user access to the system could potentially exploit these vulnerabilities to read privileged memory data. For more information, please review security updates posted by Intel.
Dell EMC is investigating the impact of these issues on our products. We will update this article regularly with impact details and mitigation steps as they become available. Mitigation steps may vary by product and may require updates to processor microcode (BIOS), Operating System (OS), Virtual Machine Manager (VMM), and other software components.
Dell EMC recommends customers follow security best practices for malware protection to help prevent possible exploitation of these vulnerabilities until any future updates can be applied. These practices include, but are not limited to, promptly deploying software updates, avoiding unknown hyperlinks and websites, never downloading files or applications from unknown sources, and employing up-to-date anti-virus and advanced threat protection solutions.
Dell EMC PowerEdge Servers
There are two essential components that need to be applied to mitigate the above mentioned vulnerabilities:
The Product Tables have been updated and will be updated as microcode is released by Intel. If your product has an updated BIOS listed, Dell EMC recommends you upgrade to that BIOS and apply the appropriate OS patches to provide mitigation against the listed CVEs.
Dell EMC XC Series Hyper-converged Appliances.
Please see PowerEdge Server Product Tables.
Dell EMC Storage (SC Series, PS Series, and PowerVault MD Series) Products
Please see the Product Tables for the appropriate mitigations and analysis.
Dell EMC Networking Products
Please see the Product Tables for the appropriate mitigations and analysis.
For information on other Dell products, please see: Speculative Store ByPass (CVE-2018-3639, CVE-2018-3640) impact on Dell products .
Note: The tables below list products for which there is available BIOS/Firmware/Driver guidance. This information will be updated as additional information is available. If you do not see your platform, please check later.
The Server BIOS can be updated using the iDRAC or directly from the Operating System. Additional methods are provided in this article.
These are the minimum required BIOS versions.
Systems Management for PowerEdge Server Products
***Only update the BIOS using the Non-Packaged update on the 11G NX series platforms.
CVE ID: CVE-2018-3639, CVE-2018-3640
Dell EMC is aware of the side-channel vulnerabilities described in CVE-2018-3639 (also known as Speculative Store Bypass) and CVE-2018-3640 (also known as Rogue System Register Read) affecting many modern microprocessors that were published by Google Project Zero and the Microsoft Security Response Center on May 21, 2018. An unprivileged attacker with local user access to the system could potentially exploit these vulnerabilities to read privileged memory data. For more information, please review security updates posted by Intel.
Dell EMC is investigating the impact of these issues on our products. We will update this article regularly with impact details and mitigation steps as they become available. Mitigation steps may vary by product and may require updates to processor microcode (BIOS), Operating System (OS), Virtual Machine Manager (VMM), and other software components.
Dell EMC recommends customers follow security best practices for malware protection to help prevent possible exploitation of these vulnerabilities until any future updates can be applied. These practices include, but are not limited to, promptly deploying software updates, avoiding unknown hyperlinks and websites, never downloading files or applications from unknown sources, and employing up-to-date anti-virus and advanced threat protection solutions.
Dell EMC PowerEdge Servers
There are two essential components that need to be applied to mitigate the above mentioned vulnerabilities:
The Product Tables have been updated and will be updated as microcode is released by Intel. If your product has an updated BIOS listed, Dell EMC recommends you upgrade to that BIOS and apply the appropriate OS patches to provide mitigation against the listed CVEs.
Dell EMC XC Series Hyper-converged Appliances.
Please see PowerEdge Server Product Tables.
Dell EMC Storage (SC Series, PS Series, and PowerVault MD Series) Products
Please see the Product Tables for the appropriate mitigations and analysis.
Dell EMC Networking Products
Please see the Product Tables for the appropriate mitigations and analysis.
For information on other Dell products, please see: Speculative Store ByPass (CVE-2018-3639, CVE-2018-3640) impact on Dell products .
Note: The tables below list products for which there is available BIOS/Firmware/Driver guidance. This information will be updated as additional information is available. If you do not see your platform, please check later.
The Server BIOS can be updated using the iDRAC or directly from the Operating System. Additional methods are provided in this article.
These are the minimum required BIOS versions.
BIOS/Firmware/Driver updates for PowerEdge Server, Storage (including server leveraged storage platforms), and Networking Products
|
Dell Storage Product Line
|
Assessment
|
| EqualLogic PS Series | Not applicable. CPU used in the product is not impacted by reported issues. CPU used is Broadcom MIPS processor without speculative execution. |
| Dell EMC SC Series (Compellent) | No additional security risk. To take advantage of these vulnerabilities, an attacker first must be able to run malicious code on the targeted system. The product is designed to prevent users from loading and executing any external and/or untrusted code on the system. The reported issues do not introduce any additional security risk to the product. |
| Dell Storage MD3 and DSMS MD3 Series | |
| Dell PowerVault Tape Drives & Libraries | |
| Dell Storage FluidFS Series (includes: FS8600, FS7600, FS7610, FS7500, NX3600, NX3610, NX3500) | No additional security risk. To take advantage of these vulnerabilities, an attacker first must be able to run malicious code on the targeted system. Access to the product to load external and/or potentially untrusted code is restricted to users with root or root-equivalent privileges only. The reported issues do not introduce any additional security risk to the product, provided the recommended best practices to protect the access of highly privileged account are followed. |
|
Dell Storage Virtual Appliance
|
Assessment
|
| Dell Storage Manager Virtual Appliance (DSM VA - Compellent) | No additional security risk. To take advantage of these vulnerabilities, an attacker first must be able to run malicious code on the targeted system. Access to the product to load external and/or potentially untrusted code is restricted to users with root or root-equivalent privileges only. The reported issues do not introduce any additional security risk to the product, provided the recommended best practices to protect the access of highly privileged account are followed. Customers are strongly advised to patch the virtual host environment where the product is deployed for full protection. |
| Dell Storage Integration tools for VMWare (Compellent) | |
| Dell EqualLogic Virtual Storage Manager (VSM - EqualLogic) |
|
Dell Storage Product Line
|
Assessment
|
| Dell Storage NX family | Impacted. See relevant PowerEdge Server information for BIOS patch information. Follow relevant operating system vendor recommendations for OS level mitigation. |
| Dell Storage DSMS family |
Systems Management for PowerEdge Server Products
|
Component
|
Assessment
|
|
iDRAC: 14G, 13G, 12G, 11G
|
Not impacted.
To take advantage of these vulnerabilities, an attacker first must be able to run malicious code on the targeted system. The product is designed to prevent users from loading and executing any external and/or untrusted code on the system. The reported issues do not introduce any additional security risk to the product. |
|
Chassis Management Controller (CMC): 14G, 13G, 12G, 11G
|
Not impacted.
To take advantage of these vulnerabilities, an attacker first must be able to run malicious code on the targeted system. The product is designed to prevent users from loading and executing any external and/or untrusted code on the system. The reported issues do not introduce any additional security risk to the product. |
| Generation | Models | BIOS version |
| 13G | R830 | 1.8.0 |
| T130, R230, T330, R330, NX430 | 2.5.0 | |
| R930 | 2.5.2 | |
| R730, R730XD, R630, NX3330, NX3230, DSMS630, DSMS730, XC730, XC703XD, XC630 | 2.8.0 | |
| C4130 | 2.8.0 | |
| M630, M630P, FC630 | 2.8.0 | |
| FC430 | 2.8.0 | |
| M830, M830P, FC830 | 2.8.0 | |
| T630 | 2.8.0 | |
| R530, R430, T430, XC430, XC430Xpress | 2.8.0 | |
| R530XD | 1.8.0 | |
| C6320, XC6320 | 2.8.0 | |
| T30 | 1.0.14 |
| Generation | Models | BIOS version |
| 12G | R920 | 1.8.0 |
| R820 | 2.5.0 | |
| R520 | 2.6.0 | |
| R420 | 2.6.0 | |
| R320, NX400 | 2.6.0 | |
| T420 | 2.6.0 | |
| T320 | 2.6.0 | |
| R220 | 1.10.3 | |
| R720, R720XD, NX3200, XC72XD | 2.7.0 | |
| R620, NX3300 | 2.7.0 | |
| M820 | 2.7.0 | |
| M620 | 2.7.0 | |
| M520 | 2.7.0 | |
| M420 | 2.7.0 | |
| T620 | 2.7.0 | |
| T20 | A18 | |
| C5230 | 1.4.0 | |
| C6220 | 2.5.6 | |
| C6220II | 2.9.0 | |
| C8220, C8220X | 2.9.0 |
| Generation | Models | BIOS version |
| 11G | R710 | 6.6.0 |
| NX3000 | 6.6.0*** | |
| R610 | 6.6.0 | |
| T610 | 6.6.0 | |
| R510 | 1.14.0 | |
| NX3100 | 1.14.0*** | |
| R410 | 1.14.0 | |
| NX300 | 1.14.0*** | |
| T410 | 1.14.0 | |
| R310 | 1.14.0 | |
| T310 | 1.14.0 | |
| NX200 | 1.14.0*** | |
| T110 | 1.12.0 | |
| T110-II | 2.10.0 | |
| R210 | 1.12.0 | |
| R210-II | 2.10.0 | |
| R810 | 2.11.0 | |
| R910 | 2.12.0 | |
| T710 | 6.6.0 | |
| M610, M610X | 6.6.0 | |
| M710 | 6.6.0 | |
| M710HD | 8.3.1 | |
| M910 | 2.12.0 | |
| C1100 | 3B25 | |
| C2100 | In Process | |
| C5220 | 2.3.0 | |
| C6100 | 1.81 |
***Only update the BIOS using the Non-Packaged update on the 11G NX series platforms.
| Models | BIOS/Firmware/Driver version |
| OS10 Basic VM | In process |
| OS10 Enterprise VM | In process |
| S OS-Emulator | In process |
| Z OS-Emulator | In process |
| S3048-ON OS10 Basic | In process |
| S4048-ON OS10 Basic | In process |
| S4048T-ON OS10 Basic | In process |
| S6000-ON OS Basic | In process |
| S6010-ON OS10 Basic | In process |
| Z9100 OS10 Basic | In process |
Networking - Fixed Port Switches
| Platforms | BIOS/Firmware/Driver version |
| Mellanox SB7800 Series, SX6000 Series | In process |
| Models | BIOS/Firmware/Driver version |
| W-3200, W-3400, W-3600, W-6000, W-620, W-650, W-651 | In process |
| W-7005, W-7008, W-7010, W-7024, W-7030, W-7200 Series, W-7205 | In process |
| W-AP103, W-AP103H, W-AP105, W-AP114, W-AP115, W-AP124, W-AP125, W-AP134, W-AP135, W-AP175 | In process |
| W-AP204, W-AP205, W-AP214, W-AP215, W-AP224, W-AP225, W-AP274, W-AP275 | In process |
| W-AP68, W-AP92, W-AP93, W-AP93H | In process |
| W-IAP103, W-IAP104, W-IAP105, W-IAP108, W-IAP109, W-IAP114, W-IAP115, W-IAP134, W-IAP135 | In process |
| W-IAP155, W-IAP155P, W-IAP175P, W-IAP175AC, W-IAP204, W-IAP205, W-IAP214, W-IAP215 | In process |
| W-IAP-224, W-IAP225, W-IAP274, W-IAP275, W-IAP3WN, W-IAP3P, W-IAP92, W-IAP93 | In process |
| W-Series Access Points - 205H, 207, 228, 277, 304, 305, 314, 315, 324, 325, 334, 335 | In process |
| W-Series Controller AOS | In process |
| W-Series FIPS | In process |
| Models | BIOS/Firmware/Driver version |
| W-Airwave | In Process - Ensure Hypervisor has appropriate patches. |
| W-ClearPass Hardware Appliances | In process |
| W-ClearPass Virtual Appliances | In Process - Ensure Hypervisor has appropriate patches. |
| W-ClearPass 100 Software | In process |
External references
- Intel Security Advisory - Intel-SA-00115: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00115.html
- Microsoft - ADV180012, CVE-2018-3639: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180012
- Microsoft - ADV180013, CVE-2018-3640: https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/ADV180013
- Microsoft Security Research and Defense blog: https://aka.ms/sescsrdssb
- Developer Guidance for Spectulative Store Bypass: https://docs.microsoft.com/en-us/cpp/security/developer-guidance-speculative-execution
- Microsoft Azure Reliability site: https://aka.ms/azurereliability
- VMWare: https://www.vmware.com/security/advisories/VMSA-2018-0012.html
- SuSe : https://www.suse.com/support/kb/doc/?id=7022937
- RedHat: https://access.redhat.com/security/vulnerabilities/ssbd
- Ubuntu: https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/Variant4
Cause
-
Resolution
-
Affected Products
Networking, Datacenter Scalable Solutions, PowerEdge, C Series, Entry Level & Midrange, Compellent (SC, SCv & FS Series), Legacy Storage ModelsArticle Properties
Article Number: 000178082
Article Type: Solution
Last Modified: 30 Aug 2023
Version: 7
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.