Speculative Execution Vulnerabilities CVE-2018-3615, CVE-2018-3620, and CVE-2018-3646
Summary: Dell guidance to mitigate risk and resolution for the side-channel analysis vulnerabilities (also known as L1 Terminal Fault or L1TF) for servers, storage, and networking products. For specific information about affected platforms and next steps to apply the updates, see this guide. ...
This article applies to
This article does not apply to
This article is not tied to any specific product.
Not all product versions are identified in this article.
Symptoms
2018-08-31
Networking - Fixed Port Switches
CVE ID: CVE-2018-3615, CVE-2018-3620, CVE-2018-3646
Dell is aware of a recently disclosed class of CPU speculative execution vulnerabilities (CVE-2018-3615, CVE-2018-3620, and CVE-2018-3646) known collectively as "L1 Terminal Fault" (L1TF) that affect Intel microprocessors. For more information about these vulnerabilities, review the security advisory posted by Intel.
Dell is investigating the impact of these vulnerabilities on our products and are working with Intel and other industry partners to mitigate these vulnerabilities. Mitigation steps may vary by product and may include updates to firmware, operating system, and hypervisor components.
Dell Technologies recommends customers follow security best practices for malware protection to help prevent possible exploitation of these vulnerabilities until any future updates can be applied. These practices include, but are not limited to, promptly deploying software updates, avoiding unknown hyperlinks and websites, never downloading files or applications from unknown sources, and employing up-to-date antivirus and advanced threat protection solutions.
Dell EMC PowerEdge Servers/ XC Hyperconverged Appliances
There are two essential components that must be applied to mitigate the above mentioned vulnerabilities:
- System BIOS was previously released for CVE-2018-3639 and CVE-2018-3640 which contains the necessary microcode (see KB article 178082: Microprocessor Side-Channel Vulnerabilities (CVE-2018-3639 and CVE-2018-3640): Impact on Dell EMC PowerEdge Servers, Storage (SC Series, PS Series, and PowerVault MD Series) and Networking products.) Check the Product Tables for your system.
- Operating System and Hypervisor updates.
If your product has an updated BIOS listed, Dell Technologies recommends you upgrade to that BIOS and apply the appropriate operating system updates to provide mitigation against the listed CVEs.
Dell EMC Storage (SC Series, PS Series, and PowerVault MD Series) Products
See the Product Tables for the appropriate mitigations and analysis.
Dell EMC Networking Products
See the Product Tables for the appropriate mitigations and analysis.
For information about other Dell products, see KB article 145501: Speculative Execution Side-Channel Vulnerabilities “L1 Terminal Fault” (CVE-2017-3615, CVE-2018-3620, CVE-2018-3646) impact on Dell products.
BIOS, Firmware, and Driver updates for Storage (including server leveraged storage platforms), and Networking Products
|
Dell Storage Product Line
|
Assessment
|
| EqualLogic PS Series | Not applicable The CPU used in the product is not impacted by the reported issues. CPU used is Broadcom MIPS processor without speculative execution. |
| Dell EMC SC Series (Dell Compellent) | No additional security risk To take advantage of these vulnerabilities, an attacker first must be able to run malicious code on the targeted system. The product is designed to prevent users from loading and running any external or untrusted code on the system. The reported issues do not introduce any additional security risk to the product. |
| Dell Storage MD3 and DSMS MD3 Series | |
| Dell PowerVault Tape Drives and Libraries | |
| Dell Storage FluidFS Series (includes: FS8600, FS7600, FS7610, FS7500, NX3600, NX3610, NX3500) | No additional security risk To take advantage of these vulnerabilities, an attacker first must be able to run malicious code on the targeted system. Access to the product to load external or potentially untrusted code is restricted to users with root or root-equivalent privileges only. The reported issues do not introduce any additional security risk to the product, if the recommended best practices to protect the access of highly privileged accounts are followed. |
|
Dell Storage Virtual Appliance
|
Assessment
|
| Dell Storage Manager Virtual Appliance (DSM VA - Dell Compellent) | No additional security risk To take advantage of these vulnerabilities, an attacker first must be able to run malicious code on the targeted system. Access to the product to load external or potentially untrusted code is restricted to users with root or root-equivalent privileges only. The reported issues do not introduce any additional security risk to the product, if the recommended best practices to protect the access of highly privileged accounts are followed. Customers are advised to update the virtual host environment where the product is deployed for full protection. |
| Dell Storage Integration tools for VMware (Dell Compellent) | |
| Dell EqualLogic Virtual Storage Manager (VSM - EqualLogic) |
|
Dell Storage Product Line
|
Assessment
|
| Dell Storage NX family | Impacted. See relevant PowerEdge Server information for BIOS patch information. Follow relevant operating system vendor recommendations for operating system level mitigation. |
| Dell Storage DSMS family |
| Platforms | Assessment |
| C-Series - C1048P, C9010 | No Additional Security Risk To take advantage of these vulnerabilities, an attacker must first be able to run malicious code on the targeted system. Access to the product to load potentially untrusted code is restricted to users with root or root-equivalent privileges only. The reported issues do not introduce any additional security risk to the product, if the recommended best practices to protect access to highly privileged accounts are followed. |
| M I/O Aggregator | Not Applicable The CPU used in the products is not impacted by the reported issues. |
| MXL | |
| FX2 | |
| N11xx, N15xx, N20xx, N30xx | |
| N2128PX, N3128PX | |
| Navasota | |
| S55, S60 | |
| SIOM | |
| S-Series - Standard and -ON | No Additional Security Risk To take advantage of these vulnerabilities, an attacker must first be able to run malicious code on the targeted system. Access to the product to load potentially untrusted code is restricted to users with root or root-equivalent privileges only. The reported issues do not introduce any additional security risk to the product, if the recommended best practices to protect access to highly privileged accounts are followed. |
| Z-Series - Standard and ON |
Networking - Fixed Port Switches
| Platforms | Assessment |
| PowerConnect Series Switches | Not Applicable The CPU used in the products is not impacted by the reported issues. |
| C9000 Series Line Cards | |
| Mellanox SB7800 Series, SX6000 Series | No Additional Security Risk To take advantage of these vulnerabilities, an attacker must first be able to run malicious code on the targeted system. Access to the product to load potentially untrusted code is restricted to users with root or root-equivalent privileges only. The reported issues do not introduce any additional security risk to the product, if the recommended best practices to protect access to highly privileged accounts are followed. |
| Platform Software | Assessment |
| VM and Emulator | No Additional Security Risk To take advantage of these vulnerabilities, an attacker must first be able to run malicious code on the targeted system. Access to the product to load potentially untrusted code is restricted to users with root or root-equivalent privileges only. The reported issues do not introduce any additional security risk to the product, if the recommended best practices to protect access to highly privileged accounts are followed. Customers are advised to update the virtual host environment where the product is deployed for full protection. |
| OS10.4.0 and earlier Base and Enterprise | No Additional Security Risk To take advantage of these vulnerabilities, an attacker must first be able to run malicious code on the targeted system. Access to the product to load potentially untrusted code is restricted to users with root or root-equivalent privileges only. The reported issues do not introduce any additional security risk to the product, if the recommended best practices to protect access to highly privileged accounts are followed. |
| OS10.4.1 Base and Enterprise | |
| OS9 All Versions | Not Applicable The operating system is not vulnerable to this attack. |
| Platform | Assessment |
| W-Series | Not Applicable. The CPU used in the products is not impacted by the reported issues. |
| Wireless Appliances: | |
| W-Airwave | No Additional Security Risk To take advantage of these vulnerabilities, an attacker must first be able to run malicious code on the targeted system. Access to the product to load potentially untrusted code is restricted to users with root or root-equivalent privileges only. The reported issues do not introduce any additional security risk to the product, if the recommended best practices to protect access to highly privileged accounts are followed. Customers are advised to update the virtual host environment where the product is deployed for full protection. |
| W-ClearPass Hardware Appliances | |
| W-ClearPass Virtual Appliances | |
| W-ClearPass 100 Software | Not Applicable The Software operates in a Virtual Environment. Customers are advised to update the virtual host environment where the product is deployed. |
External references
- Intel: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00161.html
- Microsoft: https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/adv180018
- Red Hat: https://access.redhat.com/security/vulnerabilities/L1TF
- SuSE: https://www.suse.com/c/suse-addresses-the-l1-terminal-fault-issue/
- Ubuntu: https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/L1TF
- VMware: https://kb.vmware.com/kb/55636
Cause
-
Resolution
-
Affected Products
Datacenter Scalable Solutions, PowerEdge, C Series, Entry Level & Midrange, Compellent (SC, SCv & FS Series), Legacy Storage Models, Dell Networking Z9500, C1048P Port Extender, C9000 Series Line Cards, C9010 Modular Chassis Switch
, Dell EMC PowerSwitch N3000E-ON Series, Dell EMC PowerSwitch N3100 Series
...
Products
S Series, W-Series Wireless Networking, OS9, Force10 MXL Blade, Force10 S55T, Force10 S60-44T, Force10 Z9000, Mellanox SB7800 Series, Mellanox SX6000 Series, PowerSwitch N1100-ON Series, PowerSwitch N1500 Series, PowerSwitch N2000 Series
, PowerSwitch N2100 Series, PowerSwitch N3000 Series, PowerSwitch Z9100-ON, PowerSwitch Z9264F-ON, PowerSwitch Z9332F-ON, PowerSwitch Z9432F-ON, PowerConnect 2124, PowerConnect 2216, PowerConnect 2224, PowerConnect 2324, PowerConnect 2508, PowerConnect 2608, PowerConnect 2616, PowerConnect 2624, PowerConnect 2708, PowerConnect 2716, PowerConnect 2724, PowerConnect 2748, PowerConnect 2808, PowerConnect 2816, PowerConnect 2824, PowerConnect 2848, PowerConnect 3248, PowerConnect 3324, PowerConnect 3348, PowerConnect 3424, PowerConnect 3424P, PowerConnect 3448, PowerConnect 3448P, PowerConnect 3524, PowerConnect 3524P, PowerConnect 3548, PowerConnect 3548P, PowerConnect 5212, PowerConnect 5224, PowerConnect 5316M, PowerConnect 5324, PowerConnect 5424, PowerConnect 5448, PowerConnect 5524, PowerConnect 5524P, PowerConnect 5548, PowerConnect 5548p, PowerConnect 6024, PowerConnect 6024F, PowerConnect 6224, PowerConnect 6224F, PowerConnect 6224P, PowerConnect 6248, PowerConnect 6248P, PowerConnect 7024, PowerConnect 7024F, PowerConnect 7024P, PowerConnect 7048, PowerConnect 7048P, PowerConnect 7048R, PowerConnect 8024, PowerConnect 8024F, PowerConnect 8100 Series, PowerConnect B-8000, PowerConnect B-8000e, PowerConnect B-DCX, PowerConnect B-DCX-4s, PowerConnect B-FCXs, PowerConnect B-MLXE16, PowerConnect B-MLXE4, PowerConnect B-MLXE8, PowerConnect B-RX, PowerConnect B-RX16, PowerConnect B-RX4, PowerConnect B-RX8, PowerConnect B-TI24X, PowerConnect 5012, PowerConnect 3024, PowerConnect 3048, PowerConnect 2016, PowerConnect FCS624S, PowerConnect J-EX4200-24F, PowerConnect J-EX4200-24t, PowerConnect J-EX4200-48t, PowerConnect J-EX8208, PowerConnect J-EX8216, PowerConnect J-EX4200, PowerConnect J-EX4500, PowerConnect J-EX82XX, PowerConnect J-SRX100, PowerConnect J-SRX210, PowerConnect J-SRX240, PowerConnect M6220, PowerConnect M6348, PowerConnect M8024, PowerConnect M8024-K, W-3200, W-3400, W-3600, W-6000, W-620, W-650, W-651, W-7005, W-7008, W-7010, W-7024, W-7030, W-7200 Series, W-7205, W-Airwave, W-AP103, W-AP103H, W-AP105, W-AP114/115, W-AP124/125, W-AP134/135, W-AP175, W-AP204/205, W-Series 205H Access Points, W-AP214/215, W-AP224/225, W-AP274/275, W-AP68, W-AP92/93, W-AP93H, W-Series 228 Access Points, W-Series 277 Access Points, W-Clearpass 100 Software, W-ClearPass Hardware Appliances, W-ClearPass Virtual Appliances, W-IAP103, W-IAP104/105, W-IAP108/109, W-IAP114/115, W-IAP134/135, W-IAP155/155P, W-IAP175P/AC, W-IAP204/205, W-IAP214/215, W-IAP224/225, W-IAP274/275, W-IAP3WN/P, W-IAP92/93, W-Series FIPS, PowerEdge FX2/FX2s, PowerEdge M IO Aggregator, SmartFabric OS10 Software
...
Article Properties
Article Number: 000137307
Article Type: Solution
Last Modified: 25 Aug 2025
Version: 8
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.