Skip to main content
Sign Out

Welcome to Dell

My Account
  • Place orders quickly and easily
  • View orders and track your shipping status
  • Enjoy members-only rewards and discounts
  • Create and access a list of your products
  • Manage your Dell EMC sites, products, and product-level contacts using Company Administration.
Sign In Create an Account Dell Financial Services Premier Sign In Partner Program Sign In
Contact Us

Your Dell.com Carts

Article Number: 000135607

DSA-2019-152 Dell EMC Networking Security Update for Intel-SA-00233

Summary: Dell EMC Networking Security Notice for Intel-SA-00233

This article may have been automatically translated. If you have any feedback regarding its quality, please let us know using the form at the bottom of this page.

Article Content

Symptoms



CVE Identifier: CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091

DSA Identifier: DSA-2019-152

Severity: Medium

Severity Rating: CVSS v3 Base Score: See NVD (http://nvd.nist.gov/ This hyperlink is taking you to a website outside of Dell Technologies) for individual scores for each CVE
 


Affected products: 


Dell EMC Networking (see Resolution section below for complete list of affected products)
 


Summary:
 


Dell EMC Networking products require a security update to address the Intel Microarchitectural Data Sampling Vulnerabilities.
 


Details: 


Updates are available to address the following security vulnerabilities:

Intel-SA-00233 This hyperlink is taking you to a website outside of Dell Technologies: Intel Microarchitectural Data Sampling Vulnerabilities
 
  •     CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091

    For more information about any of the Common Vulnerabilities and Exposures (CVEs) mentioned here, consult the National Vulnerability Database (NVD) at http://nvd.nist.gov/home.cfmThis hyperlink is taking you to a website outside of Dell Technologies  To search for a particular CVE, use the database’s search utility at http://web.nvd.nist.gov/view/vuln/search This hyperlink is taking you to a website outside of Dell Technologies
     


    Resolution: 


    The following is a list of impacted products and expected release dates. Dell recommends all customers update at the earliest opportunity.

    There are two essential components that need to be applied to mitigate the above-mentioned vulnerabilities:

    1. Apply the firmware update listed in the Dell EMC Networking Products Affected section below.
    2. Apply the applicable operating system patch. This is required to mitigate the Intel-SA-00233 This hyperlink is taking you to a website outside of Dell Technologies related vulnerabilities.

    We encourage customers to review Intel’s Security Advisory for information, including appropriate identification and mitigation measures.

    Please visit the Drivers and Downloads site for updates on the applicable products. To learn more, visit the Dell Knowledge Base article Dell Update Package, and download the update for your Dell computer.

    Customers may use one of the Dell notification solutions to be notified and download driver, BIOS and firmware updates automatically once available.
     


    Additional References:


    -    Software Security Guidance for developers: https://software.intel.com/security-software-guidance/software-guidance/microarchitectural-data-sampling This hyperlink is taking you to a website outside of Dell Technologies
    -    Intel Security First – MDS Page: https://www.intel.com/content/www/us/en/architecture-and-technology/mds.html This hyperlink is taking you to a website outside of Dell Technologies
    -    Intel Security Center: https://security-center.intel.com This hyperlink is taking you to a website outside of Dell Technologies
    -    AMD response to CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091 (Fallout and Rogue In-Flight Data Load (RIDL)): https://www.amd.com/en/corporate/product-security  This hyperlink is taking you to a website outside of Dell Technologies
    -    VMware: https://www.vmware.com/security/advisories/VMSA-2019-0008.html  This hyperlink is taking you to a website outside of Dell Technologies
    -    Microsoft: https://support.microsoft.com/en-us/help/4457951/windows-guidance-to-protect-against-speculative-execution-side-channel  This hyperlink is taking you to a website outside of Dell Technologies
    -    Red Hat: https://www.redhat.com/en/blog/understanding-mds-vulnerability-what-it-why-it-works-and-how-mitigate-it This hyperlink is taking you to a website outside of Dell Technologies
    -    SuSe: https://www.suse.com/security/cve/CVE-2018-12126/ This hyperlink is taking you to a website outside of Dell Technologies
    -    Ubuntu: https://blog.ubuntu.com/2019/05/14/ubuntu-updates-to-mitigate-new-microarchitectural-data-sampling-mds-vulnerabilities This hyperlink is taking you to a website outside of Dell Technologies

     

     

    NOTE: Prior to installing the update, please review the installation procedure in the release notes.

     

     

    NOTE: The dates listed are estimated availability dates and are subject to change without notice.

     

     

    NOTE: The platform list for Dell EMC Networking products will be updated periodically. Please check back frequently for the most up-to-date information.

     

     

    NOTE: Update versions in the table below are the first releases with the updates to address the security vulnerabilities. Releases at and above these versions will include the security updates.

     

     

    NOTE: Dates below are in US format of MM/DD/YYYY.

     

     

    Dell EMC Networking Products Affected:

     

    Product

    Update Version
    (or greater)

    Release Date/

    Expected Release Date 
    (MM/YYYY)

     PowerSwitch Z9264F-ON

    Not yet available

    TBD

     PowerSwitch S5212F-ON

    Available

    10/01/2019

     PowerSwitch S5224F-ON

    Available

    10/01/2019

     PowerSwitch S5232F-ON

    Available

    10/01/2019

     PowerSwitch S5248F-ON

    Available

    10/01/2019

            PowerSwitch S5296F-ON

    Available

    10/01/2019

    VEP4600

    Available

    09/05/2019

    VEP1400

    Available

    09/05/2019
     


    Severity Rating:  


    For an explanation of Severity Ratings, refer to Dell’s Vulnerability Disclosure Policy . Dell EMC recommends all customers take into account both the base score and any relevant temporal and environmental scores which may impact the potential severity associated with particular security vulnerability.


    Legal Information:


    Dell recommends that all users determine the applicability of this information to their individual situations and take appropriate action. The information set forth herein is provided "as is" without warranty of any kind. Dell disclaims all warranties, either express or implied, including the warranties of merchantability, fitness for a particular purpose, title and non-infringement. In no event, shall Dell or its suppliers, be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Dell or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages, so the foregoing limitation may not apply.

Cause

Not Applicable

Resolution

Not Applicable

Article Properties

Affected Product

PowerSwitch S5212F-ON, PowerSwitch S5224F-ON, PowerSwitch S5232F-ON, PowerSwitch S5248F-ON, PowerSwitch S5296F-ON, PowerSwitch Z9264F-ON, DELL NETWORKING VEP4600 16-CORE, Dell Networking VEP4600 4-CORE, DELL NETWORKING VEP4600 8-CORE

Last Published Date

13 Mar 2024

Version

6

Article Type

Solution

Back to Top