DSA-2019-166: Dell EMC Server Platform Security Advisory for Intel Platform Updates (2019.2)

DSA-2019-166: Dell EMC Server Platform Security Advisory for Intel Platform Updates (2019.2)


DSA ID: DSA-2019-166

CVE Identifier: CVE-2019-11090, CVE-2019-11109, CVE-2019-0124, CVE-2019-0151, CVE-2019-0123, CVE-2019-0152, CVE-2019-11136, CVE-2019-11137, CVE-2019-11135, CVE-2019-11139

Severity: High

Severity Rating: CVSSv3 Base Score: See NVD (http://nvd.nist.gov/) for individual scores for each CVE

Affected products:
Dell EMC Servers (see Resolution section below for complete list of affected products)

Summary:
Dell EMC Servers require a security update to address vulnerabilities in Intel Server Platform Services, Software Guard Extensions, Trusted Execution Technology, UEFI BIOS, TSX and Voltage Modulation.

Details:
Updates are available to address the following security vulnerabilities.

Intel-SA-00241: Intel CSME, Server Platform Services, Trusted Execution Engine, Intel Active Management Technology:
  • CVE-2019-11090, CVE-2019-11109

Intel-SA-00220: Intel Trusted Execution Technology (TXT)
Intel-SA-00240
  • CVE-2019-0124, CVE-2019-0151

Intel-SA-00220: Intel Software Guard Extensions (SGX)
  • CVE-2019-0123

Intel-SA-00240: Intel UEFI BIOS
Intel-SA-00280
  • CVE-2019-0152, CVE-2019-11136, CVE-2019-11137


Intel-SA-00270: TSX Asynchronous Abort (TAA)
  • CVE-2019-11135

Intel-SA-00271: Voltage Modulation
  • CVE-2019-11139

Customers should also review their OS vendor’s Security Advisory for information, to ensure appropriate vulnerability identification and patch/configuration measures to be used in conjunction with the updates provided by Dell for the most effective mitigation.

For more information about any of the Common Vulnerabilities and Exposures (CVEs) mentioned here, consult the National Vulnerability Database (NVD) at http://nvd.nist.gov/home.cfm. To search for a particular CVE, use the database’s search utility at http://web.nvd.nist.gov/view/vuln/search.

Resolution:
The following is a list of impacted products and expected release dates. Dell recommends all customers update at the earliest opportunity.

We encourage customers to review Intel’s Security Advisory for information, including appropriate identification and mitigation measures.

Please visit the Drivers and Downloads site for updates on the applicable products. Note, the following list of impacted products with released BIOS updates are linked. To learn more, visit the Dell Knowledge Base article Dell Updating Firmware using Dell Update Packages (DUP’s), and download the update for your Dell computer.

Customers may use one of the Dell notification solutions to be notified and download driver, BIOS and firmware updates automatically once available.

***NOTE: BIOS version 2.4.7 has been removed from the web for a non security related BIOS update issue associated with certain hardware configurations. BIOS 2.4.8 has been web posted. Refer to the BIOS version 2.4.8 release notes for more information.

Servers that already have BIOS version 2.4.7 installed successfully do not need to take any immediate action. We do recommend installing BIOS 2.4.8 when it becomes available.

Dell EMC Server Products Affected

Product

BIOS Update Version
(or greater)

Release Date/

Expected Release Date
(MM/DD/YYYY)

R640, R740, R740XD, R940, NX3240, NX3340

2.4.8***

12/2/19

XC740XD, XC640, XC940

R540, R440, T440, XR2

2.4.8***

12/2/19

R740XD2

2.4.8***

12/2/19

R840, R940xa

2.4.7

11/12/19

T640

2.4.7

11/12/19

C6420, XC6420

2.4.8***

12/2/19

FC640, M640, M640P

2.4.8***

12/2/19

MX740C

2.4.8***

12/2/19

MX840C

2.4.8***

12/2/19

C4140

2.4.8***

12/2/19

T140, T340, R240, R340, NX440

2.1.6

11/12/19

DSS9600, DSS9620, DS9630

R830

Feb 2020

T130, R230, T330, R330, NX430

Feb 2020

R930

Feb 2020

R730, R730XD, R630

2.11.0

12/20/19

NX3330, NX3230, DSMS630, DSMS730

XC730, XC703XD, XC630

C4130

2.11.0

12/20/19

M630, M630P, FC630

FC430

2.11.0

12/20/19

M830, M830P, FC830

2.11.0

01/06/20

T630

Feb 2020

R530, R430, T430

Feb 2020

XC430, XC430Xpress

R530XD

Feb 2020

C6320

Feb 2020

XC6320

T30

Jan 2020

DSS1500, DSS1510, DSS2500

DSS7500

R920

Feb 2020

R820

Feb 2020

R520

Feb 2020

R420

Feb 2020

R320, NX400

Feb 2020

T420

Feb 2020

T320

Feb 2020

R220

Feb 2020

R720, R720XD, NX3200, XC720XD

Jan 2020

R620, NX3300

Jan 2020

M820

Feb 2020

M620

Feb 2020

M520

Feb 2020

M420

Feb 2020

T620

Feb 2020

C5230

Feb 2020

C6220

Feb 2020

C6220II

Feb 2020

C8220, C8220X

Feb 2020



Legal Information
Read and use the information in this Dell EMC Security Advisory to assist in avoiding a situation that might arise from the problems described herein. If you have any questions regarding this advisory, contact Dell EMC Technical Support (https://www.dell.com/support/contents/category/contact-information). Dell EMC distributes Dell EMC Security Advisories, in order to bring to the attention of users of the affected Dell EMC products, important security information. Dell EMC recommends that all users determine the applicability of this information to their individual situations and take appropriate action. The information set forth herein is provided "as is" without warranty of any kind. Dell EMC disclaims all warranties, either express or implied, including the warranties of merchantability, fitness for a particular purpose, title and non-infringement. In no event, shall Dell EMC or its suppliers, be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Dell EMC or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages, so the foregoing limitation may not apply.





Quick Tips content is self-published by the Dell Support Professionals who resolve issues daily. In order to achieve a speedy publication, Quick Tips may represent only partial solutions or work-arounds that are still in development or pending further proof of successfully resolving an issue. As such Quick Tips have not been reviewed, validated or approved by Dell and should be used with appropriate caution. Dell shall not be liable for any loss, including but not limited to loss of data, loss of profit or loss of revenue, which customers may incur by following any procedure or advice set out in the Quick Tips.

Article ID: SLN319434

Last Date Modified: 01/13/2020 02:29 PM


Rate this article

Accurate
Useful
Easy to understand
Was this article helpful?
Yes No
Send us feedback
Comments cannot contain these special characters: <>()\
Sorry, our feedback system is currently down. Please try again later.

Thank you for your feedback.