DSA-2019-166: Dell EMC Server Platform Security Advisory for Intel Platform Updates (2019.2)

DSA-2019-166: Dell EMC Server Platform Security Advisory for Intel Platform Updates (2019.2)


DSA ID: DSA-2019-166

CVE Identifier: CVE-2019-11090, CVE-2019-11109, CVE-2019-0124, CVE-2019-0151, CVE-2019-0123, CVE-2019-0152, CVE-2019-11136, CVE-2019-11137, CVE-2019-11135, CVE-2019-11139

Severity: High

Severity Rating: CVSSv3 Base Score: See NVD (http://nvd.nist.gov/) for individual scores for each CVE

Affected products:
Dell EMC Servers (see Resolution section below for complete list of affected products)

Summary:
Dell EMC Servers require a security update to address vulnerabilities in Intel Server Platform Services, Software Guard Extensions, Trusted Execution Technology, UEFI BIOS, TSX and Voltage Modulation.

Details:
Updates are available to address the following security vulnerabilities.

Intel-SA-00241: Intel CSME, Server Platform Services, Trusted Execution Engine, Intel Active Management Technology:
  • CVE-2019-11090, CVE-2019-11109

Intel-SA-00220: Intel Trusted Execution Technology (TXT)
Intel-SA-00240
  • CVE-2019-0124, CVE-2019-0151

Intel-SA-00220: Intel Software Guard Extensions (SGX)
  • CVE-2019-0123

Intel-SA-00240: Intel UEFI BIOS
Intel-SA-00280
  • CVE-2019-0152, CVE-2019-11136, CVE-2019-11137


Intel-SA-00270: TSX Asynchronous Abort (TAA)
  • CVE-2019-11135

Intel-SA-00271: Voltage Modulation
  • CVE-2019-11139

Customers should also review their OS vendor’s Security Advisory for information, to ensure appropriate vulnerability identification and patch/configuration measures to be used in conjunction with the updates provided by Dell for the most effective mitigation.

For more information about any of the Common Vulnerabilities and Exposures (CVEs) mentioned here, consult the National Vulnerability Database (NVD) at http://nvd.nist.gov/home.cfm. To search for a particular CVE, use the database’s search utility at http://web.nvd.nist.gov/view/vuln/search.

Resolution:
The following is a list of impacted products and expected release dates. Dell recommends all customers update at the earliest opportunity.

We encourage customers to review Intel’s Security Advisory for information, including appropriate identification and mitigation measures.

Please visit the Drivers and Downloads site for updates on the applicable products. Note, the following list of impacted products with released BIOS updates are linked. To learn more, visit the Dell Knowledge Base article Dell Updating Firmware using Dell Update Packages (DUP’s), and download the update for your Dell computer.

Customers may use one of the Dell notification solutions to be notified and download driver, BIOS and firmware updates automatically once available.

***NOTE: BIOS version 2.4.7 has been removed from the web for a non security related BIOS update issue associated with certain hardware configurations. BIOS 2.4.8 has been web posted. Refer to the BIOS version 2.4.8 release notes for more information.

Servers that already have BIOS version 2.4.7 installed successfully do not need to take any immediate action. We do recommend installing BIOS 2.4.8 when it becomes available.

Dell EMC Server Products Affected

Product

BIOS Update Version
(or greater)

Release Date/

Expected Release Date
(MM/DD/YYYY)

R640, R740, R740XD, R940, NX3240, NX3340

2.4.8***

12/02/2019

XC740XD, XC640, XC940

R540, R440, T440, XR2

2.4.8***

12/02/2019

R740XD2

2.4.8***

12/02/2019

R840, R940xa

2.4.7

11/12/2019

T640

2.4.7

11/12/2019

C6420, XC6420

2.4.8***

12/02/2019

FC640, M640, M640P

2.4.8***

12/02/2019

MX740C

2.4.8***

12/02/2019

MX840C

2.4.8***

12/02/2019

C4140

2.4.8***

12/02/2019

T140, T340, R240, R340, NX440

2.1.6

11/12/2019

DSS9600, DSS9620, DS9630

2.4.8

12/16/2019

R830

1.11.0

02/04/2020

T130, R230, T330, R330, NX430

2.8.1

01/10/2020

R930

2.8.1

02/12/2020

R730, R730XD, R630

2.11.0

12/20/2019

NX3330, NX3230, DSMS630, DSMS730

XC730, XC703XD, XC630

2.11.0

12/20/2019

C4130

2.11.0

12/20/2019

M630, M630P, FC630

2.11.0 01/09/2020

FC430

2.11.0

12/20/2019

M830, M830P, FC830

2.11.0

01/06/2020

T630

2.11.0

01/17/2020

R530, R430, T430

2.11.0

01/10/2020

XC430, XC430Xpress

C6320

2.11.0

02/04/2020

XC6320

2.11.0

02/04/2020
T30

1.1.1

01/14/2020

DSS1500, DSS1510, DSS2500

DSS7500

R920

Mar 2020

R820

Mar 2020

R520

Mar 2020

R420

Mar 2020

R320, NX400

Mar 2020

T420

Mar 2020

T320

Mar 2020

R220

Mar 2020

R720, R720XD, NX3200, XC720XD

2.9.0

01/09/2020

R620, NX3300

2.9.0

01/09/2020

M820

Mar 2020

M620

Mar 2020

M520

Mar 2020

M420

Mar 2020

T620

Mar 2020

C5230

Mar 2020

C6220

Mar 2020

C6220II

Mar 2020

C8220, C8220X

Mar 2020



Legal Information
Read and use the information in this Dell EMC Security Advisory to assist in avoiding a situation that might arise from the problems described herein. If you have any questions regarding this advisory, contact Dell EMC Technical Support (https://www.dell.com/support/contents/category/contact-information). Dell EMC distributes Dell EMC Security Advisories, in order to bring to the attention of users of the affected Dell EMC products, important security information. Dell EMC recommends that all users determine the applicability of this information to their individual situations and take appropriate action. The information set forth herein is provided "as is" without warranty of any kind. Dell EMC disclaims all warranties, either express or implied, including the warranties of merchantability, fitness for a particular purpose, title and non-infringement. In no event, shall Dell EMC or its suppliers, be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Dell EMC or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages, so the foregoing limitation may not apply.





Article ID: SLN319434

Last Date Modified: 02/13/2020 12:37 PM


Rate this article

Accurate
Useful
Easy to understand
Was this article helpful?
Yes No
Send us feedback
Comments cannot contain these special characters: <>()\
Sorry, our feedback system is currently down. Please try again later.

Thank you for your feedback.