Speculative Execution Side-Channel Vulnerabilities (CVE-2018-3615, CVE-2018-3620, and CVE-2018-3646): Impact on Dell EMC PowerEdge Servers, Storage (SC, PS, and PowerVault MD) and Networking products

Speculative Execution Side-Channel Vulnerabilities (CVE-2018-3615, CVE-2018-3620, and CVE-2018-3646): Impact on Dell EMC PowerEdge Servers, Storage (SC, PS, and PowerVault MD) and Networking products


2018-08-31

CVE ID: CVE-2018-3615, CVE-2018-3620, CVE-2018-3646
Dell is aware of a recently disclosed class of CPU speculative execution vulnerabilities (CVE-2018-3615, CVE-2018-3620, and CVE-2018-3646) known collectively as "L1 Terminal Fault" (L1TF) that affect Intel microprocessors. For more information on these vulnerabilities, please review the security advisory posted by Intel.

Dell is investigating the impact of these vulnerabilities on our products and we are working with Intel and other industry partners to mitigate these vulnerabilities. Mitigation steps may vary by product and may include updates to firmware, operating system, and hypervisor components.

Dell EMC recommends customers follow security best practices for malware protection to help prevent possible exploitation of these vulnerabilities until any future updates can be applied. These practices include, but are not limited to, promptly deploying software updates, avoiding unknown hyperlinks and websites, never downloading files or applications from unknown sources, and employing up-to-date anti-virus and advanced threat protection solutions.

Dell EMC PowerEdge Servers/ XC Hyper-converged Appliances

There are two essential components that need to be applied to mitigate the above mentioned vulnerabilities:

1. System BIOS was previously released for CVE-2018-3639 and CVE-2018-3640 which contains the necessary microcode. Please check those Product Tables for your system.

2. Operating System & Hypervisor updates.


If your product has an updated BIOS listed, Dell EMC recommends you upgrade to that BIOS and apply the appropriate OS patches to provide mitigation against the listed CVEs.

Dell EMC Storage (SC Series, PS Series, and PowerVault MD Series) Products
Please see the Product Tables for the appropriate mitigations and analysis.

Dell EMC Networking Products
Please see the Product Tables for the appropriate mitigations and analysis.

For information on other Dell products, please see https://www.dell.com/support/article/sln318303.



BIOS/Firmware/Driver updates for Storage (including server leveraged storage platforms), and Networking Products


Dell Storage Product Line
Assessment
EqualLogic PS Series Not applicable.
CPU used in the product is not impacted by reported issues. CPU used is Broadcom MIPS processor without speculative execution.
Dell EMC SC Series (Compellent) No additional security risk.
To take advantage of these vulnerabilities, an attacker first must be able to run malicious code on the targeted system. The product is designed to prevent users from loading and executing any external and/or untrusted code on the system. The reported issues do not introduce any additional security risk to the product.
Dell Storage MD3 and DSMS MD3 Series
Dell PowerVault Tape Drives & Libraries
Dell Storage FluidFS Series (includes: FS8600, FS7600, FS7610, FS7500, NX3600, NX3610, NX3500) No additional security risk.
To take advantage of these vulnerabilities, an attacker first must be able to run malicious code on the targeted system. Access to the product to load external and/or potentially untrusted code is restricted to users with root or root-equivalent privileges only. The reported issues do not introduce any additional security risk to the product, provided the recommended best practices to protect the access of highly privileged account are followed.
Dell Storage Virtual Appliance
Assessment
Dell Storage Manager Virtual Appliance (DSM VA - Compellent) No additional security risk.
To take advantage of these vulnerabilities, an attacker first must be able to run malicious code on the targeted system. Access to the product to load external and/or potentially untrusted code is restricted to users with root or root-equivalent privileges only. The reported issues do not introduce any additional security risk to the product, provided the recommended best practices to protect the access of highly privileged account are followed. Customers are strongly advised to patch the virtual host environment where the product is deployed for full protection.
Dell Storage Integration tools for VMWare (Compellent)
Dell EqualLogic Virtual Storage Manager (VSM - EqualLogic)
Dell Storage Product Line
Assessment
Dell Storage NX family Impacted.
See relevant PowerEdge Server information for BIOS patch information. Follow relevant operating system vendor recommendations for OS level mitigation.
Dell Storage DSMS family

Platforms Assessment
C-Series - C1048P, C9010 No Additional Security Risk.
To take advantage of these vulnerabilities, an attacker must first be able to run malicious code on the targeted system. Access to the product to load potentially untrusted code is restricted to users with root or root-equivalent privileges only. The reported issues do not introduce any additional security risk to the product, provided that the recommended best security practices to protect access to highly privileged accounts are followed.
M I/O Aggregator Not Applicable.
The CPU used in the products are not impacted by the reported issues.
MXL
FX2
N11xx, N15xx, N20xx, N30xx
N2128PX, N3128PX
Navasota
S55, S60
SIOM
S-Series - Standard and -ON No Additional Security Risk.
To take advantage of these vulnerabilities, an attacker must first be able to run malicious code on the targeted system. Access to the product to load potentially untrusted code is restricted to users with root or root-equivalent privileges only. The reported issues do not introduce any additional security risk to the product, provided that the recommended best security practices to protect access to highly privileged accounts are followed.
Z-Series - Standard and ON
Networking - Fixed Port Switches
Platforms Assessment
PowerConnect Series Switches Not Applicable.
The CPU used in the products are not impacted by the reported issues.
C9000 Series Line Cards
Mellanox SB7800 Series, SX6000 Series No Additional Security Risk.
To take advantage of these vulnerabilities, an attacker must first be able to run malicious code on the targeted system. Access to the product to load potentially untrusted code is restricted to users with root or root-equivalent privileges only. The reported issues do not introduce any additional security risk to the product, provided that the recommended best security practices to protect access to highly privileged accounts are followed.
Platform Software Assessment
VM and Emulator No Additional Security Risk.
To take advantage of these vulnerabilities, an attacker must first be able to run malicious code on the targeted system. Access to the product to load potentially untrusted code is restricted to users with root or root-equivalent privileges only. The reported issues do not introduce any additional security risk to the product, provided that the recommended best security practices to protect access to highly privileged accounts are followed. Customers are advised to patch the virtual host environment where the product is deployed for full protection.
OS10.4.0 and earlier Base and Enterprise No Additional Security Risk.
To take advantage of these vulnerabilities, an attacker must first be able to run malicious code on the targeted system. Access to the product to load potentially untrusted code is restricted to users with root or root-equivalent privileges only. The reported issues do not introduce any additional security risk to the product, provided that the recommended best security practices to protect access to highly privileged accounts are followed.
OS10.4.1 Base and Enterprise
OS9 All Versions Not Applicable.
The OS is not vulnerable to this attack.
Platform Assessment
W-Series Not Applicable.
The CPU used in the products are not impacted by the reported issues.
Wireless Appliances:
W-Airwave No Additional Security Risk.
To take advantage of these vulnerabilities, an attacker must first be able to run malicious code on the targeted system. Access to the product to load potentially untrusted code is restricted to users with root or root-equivalent privileges only. The reported issues do not introduce any additional security risk to the product, provided that the recommended best security practices to protect access to highly privileged accounts are followed. Customers are advised to patch the virtual host environment where the product is deployed for full protection.
W-ClearPass Hardware Appliances
W-ClearPass Virtual Appliances
W-ClearPass 100 Software Not Applicable.
The Software operates in a Virtual Environment. Customers are strongly advised to patch the virtual host environment where the product is deployed.


External references




Need more help?
Find additional PowerEdge and PowerVault articles
Watch Part Replacement Videos for Enterprise products

Visit and ask for support in our Communities

Create an online support Request




Article ID: SLN313494

Last Date Modified: 11/13/2019 12:52 PM


Rate this article

Accurate
Useful
Easy to understand
Was this article helpful?
Yes No
Send us feedback
Comments cannot contain these special characters: <>()\
Sorry, our feedback system is currently down. Please try again later.

Thank you for your feedback.