Microprocessor Side-Channel Vulnerabilities (CVE-2017-5715, CVE-2017-5753, CVE-2017-5754): Impact on Dell Technologies Servers, Storage, and Networking
Summary: Dell Technologies guidance to mitigate risk and resolution for the side-channel analysis vulnerabilities (also known as Meltdown and Spectre) for servers, storage, and networking products. For specific information about affected platforms and next steps to apply the updates, see this guide. ...
This article applies to
This article does not apply to
This article is not tied to any specific product.
Not all product versions are identified in this article.
Symptoms
2018-11-21
Dell Technologies recommends customers to follow security best practices for malware protection in general to protect against possible exploitation of these analysis methods until any future updates can be applied. These practices include promptly adopting software updates, avoiding unrecognized hyperlinks and websites, protecting access to privileged accounts, and following secure password protocols.
Systems Management for PowerEdge Server Products
Question: Does Dell Technologies have a list of Enterprise products that are not affected?
Answer: Dell Technologies has a list of Enterprise products that are not affected. See the Dell Products requiring no patches or fixes for these three CVE vulnerabilities section.
Question: What do I do if I run a virtual server?
Answer: Both the hypervisor and all guest operating systems must be updated.
Question: Are Internet browsers potentially affected? (JavaScript Variant 2 exploit)?
Answer: Yes Internet browsers can be affected by the Spectre vulnerability and most browsers have provided updated versions or patches to mitigate this potential vulnerability. See links below for Chrome, Internet Explorer, and Mozilla for additional information.
Question: What about iDRAC and PERC?
Answer: Both the PERC and iDRAC are closed systems that do not allow third-party (user) code to run. Spectre and Meltdown both require the ability to run arbitrary code on the processor. Due to this closed code arrangement neither peripheral is at risk of a side-channel analysis microprocessor exploit.
Question: What about appliances? Are there other applications that are not affected?
Answer: Closed systems that do not allow third-party (user) code to run are not vulnerable.
Question: What about the AMD Opteron processors?
Answer: https://www.amd.com/en/corporate/speculative-execution.
Question: When will the BIOS be available for converged infrastructure running on PowerEdge technology (VXRail, so forth)
Answer: Dell Technologies is working to validate existing PowerEdge code updates for all converged infrastructure platforms running on PowerEdge technology. Updates are provided as additional information is available.
Question: Will Dell Technologies be factory installing the operating system and hypervisor patches for PowerEdge Servers and converged infrastructure?
Answer: As of March 6, 2018, Dell is factory installing the following versions of operating system updates to help mitigate the Spectre/Meltdown vulnerabilities. These are configured (where possible) for maximum protection (fully enabled). Sometimes, there are newer updates provided by the vendors. Continue to see the operating system vendor websites for specific configuration guidance and newer updates and configuration options as they become available.
Question: I have heard that the vulnerability affects microprocessors going back at least 10 years. How far back is Dell offering a BIOS update?
Answer: Dell is working with Intel to provide the required BIOS with microcode patches for PowerEdge systems going back to our 11th generation product line. Any BIOS updates that contain microcode updates for the security fix will be dependent upon the affected processor vendors providing code updates to Dell Technologies.
Question: Will Dell Technologies provides technical support for systems that are out of warranty?
Answer: Dell Technologies does not provide technical support for Dell Technologies PowerEdge servers that do not have a valid support contract. Customers can access publically available support documents on Dell Support regardless of current support contract status.
Question: Will Dell Technologies provides patches for systems that are out of warranty?
Answer: Dell Technologies PowerEdge server products do not require a valid support contract in order to gain access to our support and download pages. PowerEdge server BIOS updates are available on the Dell Technologies support site to all users regardless of current support contract status. See the BIOS section BIOS/Firmware/Driver updates for PowerEdge Server and Networking Products for BIOS availability. Operating system patches should be obtained from your operating system provider see the links in the operating system Patch Guidance section.
Question: What about the new AMD EPYC processors?
Answer: For AMD public statements on Meltdown (CVE-2017-5754) Spectre Variant 1 (CVE-2017-5753) and Spectre Variant 2 (CVE-2017-5715) as they relate to AMD processors, see https://www.amd.com/en/corporate/speculative-execution.
For Spectre Variant 1 (CVE-2017-5753) the applicable operating system patch addresses this issue.
Question: When will BIOS updates be available for AMD EYPC based PowerEdge systems that are affected by Spectre?
Answer: Dell EMC has released BIOS updates for our 14G platforms (R7425, R7415, & R6415) which are available on our product support pages. Factory installs of these BIOS were available on January 17, 2018.
Question: When will the BIOS with Intel microcode updates be factory installed on the Intel based PowerEdge systems?
Answer: PowerEdge 14G and 13G (except R930) BIOS is targeted to be available by factory install on March 6, 2018. PowerEdge R930 BIOS is targeted to be available using factory install by March 9, 2018.
CVE ID: CVE-2017-5715, CVE-2017-5753, CVE-2017-5754
Dell Technologies is aware of the side-channel analysis vulnerabilities (also known as Meltdown and Spectre) affecting many modern microprocessors that were publicly described by a team of security researchers on January 3, 2018. We encourage customers to review the Security Advisories in the References section for more information.
NOTE: Patch Guidance (update 2018-02-08):
Dell Technologies has received a new microcode from Intel per their advisory that was issued on January 22. Dell Technologies is issuing new BIOS updates for the affected platforms to address Spectre (Variant 2), CVE-2017-5715. The Product Tables have been updated and will be updated as more microcode is released by Intel. If your product has an updated BIOS listed, Dell Technologies recommends you upgrade to that BIOS and apply the appropriate operating system updates to provide mitigation against Meltdown and Spectre.
If your product does not have an updated BIOS listed, Dell Technologies still advises that customers should not deploy the previously released BIOS updates and wait for the updated version.
If you have already deployed a BIOS update that could have issues according to Intel's January 22 advisory, in order to avoid unpredictable system behavior, you can revert back to a previous BIOS version. See the tables below.
As a reminder, the Operating System patches are not impacted and still provide mitigation to Spectre (Variant 1) and Meltdown (Variant 3). The microcode update is only required for Spectre (Variant 2), CVE-2017-5715.
Dell Technologies has received a new microcode from Intel per their advisory that was issued on January 22. Dell Technologies is issuing new BIOS updates for the affected platforms to address Spectre (Variant 2), CVE-2017-5715. The Product Tables have been updated and will be updated as more microcode is released by Intel. If your product has an updated BIOS listed, Dell Technologies recommends you upgrade to that BIOS and apply the appropriate operating system updates to provide mitigation against Meltdown and Spectre.
If your product does not have an updated BIOS listed, Dell Technologies still advises that customers should not deploy the previously released BIOS updates and wait for the updated version.
If you have already deployed a BIOS update that could have issues according to Intel's January 22 advisory, in order to avoid unpredictable system behavior, you can revert back to a previous BIOS version. See the tables below.
As a reminder, the Operating System patches are not impacted and still provide mitigation to Spectre (Variant 1) and Meltdown (Variant 3). The microcode update is only required for Spectre (Variant 2), CVE-2017-5715.
There are two essential components that must be applied to mitigate the above-mentioned vulnerabilities:
- System BIOS as per Tables below
- Operating System and Hypervisor updates.
Dell Technologies recommends customers to follow security best practices for malware protection in general to protect against possible exploitation of these analysis methods until any future updates can be applied. These practices include promptly adopting software updates, avoiding unrecognized hyperlinks and websites, protecting access to privileged accounts, and following secure password protocols.
Dell Products requiring no patches or fixes for these three CVE vulnerabilities
|
Dell Storage Product Line
|
Assessment
|
| EqualLogic PS Series | The CPU used in this product does not implement speculative execution, therefore the vulnerabilities do not apply to this hardware. |
| Dell EMC SC Series (Dell Compellent) | Access to the platform operating system to load external code is restricted; malicious code cannot be run. |
| Dell Storage MD3 and DSMS MD3 Series | Access to the platform operating system to load external code is restricted; malicious code cannot be run. |
| Dell PowerVault Tape Drives and Libraries | Access to the platform operating system to load external code is restricted; malicious code cannot be run. |
| Dell Storage FluidFS Series (includes: FS8600, FS7600, FS7610, FS7500, NX3600, NX3610, NX3500) | Access to the platform operating system to load external code is restricted to privileged accounts only. Malicious code cannot be run, provided the recommended best practices to protect the access of privileged accounts are followed. |
|
Dell Storage Virtual Appliance
|
Assessment
|
| Dell Storage Manager Virtual Appliance (DSM VA - Dell Compellent) | These virtual appliances do not provide general user access. They are single-user, root-user-only, and therefore do not introduce any additional security risk to an environment. The host system and hypervisor must be protected; see vendor links and best practices statement, above. |
| Dell Storage Integration tools for VMware (Dell Compellent) | |
| Dell EqualLogic Virtual Storage Manager (VSM - EqualLogic) |
Systems Management for PowerEdge Server Products
|
Component
|
Assessment
|
|
iDRAC: 14G, 13G, 12G, 11G
|
Not impacted.
iDRAC is a closed system that does not allow external third-party code to be performed. |
|
Chassis Management Controller (CMC): 14G, 13G, 12G, 11G
|
Not impacted.
CMC is a closed system that does not allow external third-party code to be performed. |
| Platforms | Assessment |
| Dell 10Gb Ethernet Pass-Through |
These products are a single-user, root-user-only appliance. The reported issues do not introduce any additional security risk to a customer's environment, provided the recommended best practices to protect the access of highly privileged accounts are followed.
|
| Dell 10Gb-K Ethernet Pass-Through | |
| Dell Ethernet Pass-Through | |
| FC8 Pass-Through | |
| Force10 MXL Blade | |
| PowerConnect M6220 | |
| PowerConnect M6348 | |
| PowerConnect M8024 | |
| PowerConnect M8024-K |
| Platforms | Assessment |
| Brocade M5424, M6505, M8428-k | Vendor Statement |
| Cisco Catalyst 3032, 3130, 3130G, 3130X | Vendor Statement |
| Cisco Catalyst Nexus B22 Dell Blade Fabric Extender | Vendor Statement |
| Platforms | Assessment |
| C1048P, C9010 |
These products are a single-user, root-user-only appliance. The reported issues do not introduce any additional security risk to a customer's environment, provided the recommended best practices to protect the access of highly privileged accounts are followed. |
| M I/O Aggregator | |
| MXL | |
| FX2 | |
| N11xx, N15xx, N20xx, N30xx, | |
| N2128PX, N3128PX | |
| S55, S60 | |
| S3048-On OS9, S3048-on OS10 Enterprise, S3100, S3124F, S3124P, S3148P | |
| S4048, S4048-ON OS9, S4048-ON OS10 Enterprise, S4048T-ON OS9, S4048T-ON OS10 Enterprise | |
| S4128F-ON, S4148F-ON, S4128T-ON, S4148T-ON, S4148U-ON, S4148FE-ON, S4148FB, S4248FBL | |
| S5048, S5048F-ON, S5148F | |
| S6000, S6000-ON OS9, S6010-ON OS9, S6010-ON OS10 Enterprise, S6100-ON | |
| SIOM | |
| Z9000, Z9100 OS9, Z9100 OS10 Enterprise |
| Platforms | Assessment |
| PowerConnect 2016, 2124, 2216, 2224, 2324, 2508, 2608 2616, 2624 |
These products are a single-user, root-user-only appliance. The reported issues do not introduce any additional security risk to a customer's environment, provided the recommended best practices to protect the access of highly privileged accounts are followed. |
| PowerConnect 2708, 2716, 2724, 2748, 2808, 2816, 2824, 2848 | |
| PowerConnect 3024, 3048, 3248, 3324, 3348 | |
| PowerConnect 3424, 3424P, 3448, 3448P, 3524, 3524P, 3548, 3548P | |
| PowerConnect 5012, 5212, 5224, 5316M, 5324, 5424, 5448, 5524, 5524P, 5548, 5548P | |
| PowerConnect 6024, 6024F, 6224, 6224F, 6224P, 6248, 6248P | |
| PowerConnect 7024, 7024F, 7024P, 7048, 7048P, 7048R | |
| PowerConnect 8024, 8024F, 8100 Series | |
| PowerConnect B-8000, B-8000e, B-FCXs, B-T124X | |
| PowerConnect J-EX4200, J-EX4200-24F, J-EX4200-24t, J-EX4200-48t, J-EX4500 | |
| PowerConnect J-SRX100, J-SRX210, SRX240 | |
| C9000 Series Line Cards |
| Platforms | Assessment |
| Brocade 300, 4424 Switch Fi, 5100, 5300 | Vendor Statement |
| Brocade 6505, 6510, 6520, G620 | Vendor Statement |
| Cisco Catalyst 3750E-48TD, 4900M, 4948-10GE | Vendor Statement |
| Platforms | Assessment |
| Active Fabric Controller | Software Unaffected |
| Active Fabric Manager | Software Unaffected |
| Dell Networking vCenter Plug-in | Software Unaffected |
| Dell OpenManage Network Manager | Software Unaffected |
| Open Automation | Software Unaffected |
| Software Defined Networking | Software Unaffected |
NOTE: The tables below list products for which there is available BIOS/Firmware/Driver guidance. This information is updated as additional information is available. If you do not see your platform, please check later.
The Server BIOS can be updated using the iDRAC, for more information see Dell Knowledge Base article How to update firmware remotely using the Integrated Dell Remote Access Controller (iDRAC) web interface or directly from the Operating System, or more information see Dell Knowledge Base article Update a Dell PowerEdge Driver or Firmware Directly from the OS (Windows and Linux).
For additional methods, see Dell Knowledge Base article Updating Firmware and Drivers on Dell PowerEdge Servers.
These are the minimum required BIOS versions.
The Server BIOS can be updated using the iDRAC, for more information see Dell Knowledge Base article How to update firmware remotely using the Integrated Dell Remote Access Controller (iDRAC) web interface or directly from the Operating System, or more information see Dell Knowledge Base article Update a Dell PowerEdge Driver or Firmware Directly from the OS (Windows and Linux).
For additional methods, see Dell Knowledge Base article Updating Firmware and Drivers on Dell PowerEdge Servers.
These are the minimum required BIOS versions.
BIOS/Firmware/Driver updates for PowerEdge Server and Networking Products
| Generation | Models | BIOS version |
| 13G | R830 | 1.7.1 |
| T130, R230, T330, R330, NX430 | 2.4.3 | |
| R930 | 2.5.1 | |
| R730, R730XD, R630, NX3330, NX3230, DSMS630, DSMS730, XC730, XC703XD, XC630 | 2.7.1 | |
| C4130 | 2.7.1 | |
| M630, M630P, FC630 | 2.7.1 | |
| FC430 | 2.7.1 | |
| M830, M830P, FC830 | 2.7.1 | |
| T630 | 2.7.1 | |
| R530, R430, T430, XC430, XC430Xpress | 2.7.1 | |
| R530XD | 1.7.0 | |
| C6320, XC6320 | 2.7.1 | |
| C6320P | 2.0.5 | |
| T30 | 1.0.12 |
| Generation | Models | BIOS version |
| 12G | R920 | 1.7.1 |
| R820 | 2.4.1 | |
| R520 | 2.5.1 | |
| R420 | 2.5.1 | |
| R320, NX400 | 2.5.1 | |
| T420 | 2.5.1 | |
| T320 | 2.5.1 | |
| R220 | 1.10.2 | |
| R720, R720XD, NX3200, XC720XD | 2.6.1 | |
| R620, NX3300 | 2.6.1 | |
| M820 | 2.6.1 | |
| M620 | 2.6.1 | |
| M520 | 2.6.1 | |
| M420 | 2.6.1 | |
| T620 | 2.6.1 | |
| FM120x4 | 1.7.0 | |
| T20 | A16 | |
| C5230 | 1.3.1 | |
| C6220 | 2.5.5 | |
| C6220II | 2.8.1 | |
| C8220, C8220X | 2.8.1 |
| Generation | Models | BIOS version |
| 11G | R710 | 6.5.0 |
| NX3000 | 6.6.0*** | |
| R610 | 6.5.0 | |
| T610 | 6.5.0 | |
| R510 | 1.13.0 | |
| NX3100 | 1.14.0*** | |
| R410 | 1.13.0 | |
| NX300 | 1.14.0*** | |
| T410 | 1.13.0 | |
| R310 | 1.13.0 | |
| T310 | 1.13.0 | |
| NX200 | 1.14.0*** | |
| T110 | 1.11.1 | |
| T110-II | 2.9.0 | |
| R210 | 1.11.0 | |
| R210-II | 2.9.0 | |
| R810 | 2.10.0 | |
| R910 | 2.11.0 | |
| T710 | 6.5.0 | |
| M610, M610X | 6.5.0 | |
| M710 | 6.5.0 | |
| M710HD | 8.3.1 | |
| M910 | 2.11.0 | |
| C1100 | 3B24 | |
| C2100 | 3B24 | |
| C5220 | 2.2.0 | |
| C6100 | 1.80 | |
| R415 | 2.4.1 | |
| R515 | 2.4.1 | |
| R715 | 3.4.1 | |
| R815 | 3.4.1 | |
| M915 | 3.3.1 | |
| C6105 | 2.6.0 | |
| C6145 | 3.6.0 |
NOTE: ***Only update the BIOS using the Non-Packaged update on the 11G NX series platforms.
| Models | BIOS/Firmware/Driver version |
| OS10 Basic VM | In the process |
| OS10 Enterprise VM | In the process |
| S OS-Emulator | In the process |
| Z OS-Emulator | In the process |
| S3048-ON OS10 Basic | In the process |
| S4048-ON OS10 Basic | In the process |
| S4048T-ON OS10 Basic | In the process |
| S6000-ON OS Basic | In the process |
| S6010-ON OS10 Basic | In the process |
| Z9100 OS10 Basic | In the process |
Networking - Fixed Port Switches
| Platforms | BIOS/FIrmware/Driver version |
| Mellanox SB7800 Series, SX6000 Series | Mellanox is carefully investigating the released patches, and will release software updates when available. Vendor Statement |
| Models | BIOS/Firmware/Driver version |
| W-3200, W-3400, W-3600, W-6000, W-620, W-650, W-651 | Link - requires login. |
| W-7005, W-7008, W-7010, W-7024, W-7030, W-7200 Series, W-7205 | Link - requires login. |
| W-AP103, W-AP103H, W-AP105, W-AP114, W-AP115, W-AP124, W-AP125, W-AP134, W-AP135, W-AP175 | Link - requires login. |
| W-AP204, W-AP205, W-AP214, W-AP215, W-AP224, W-AP225, W-AP274, W-AP275 | Link - requires login. |
| W-AP68, W-AP92, W-AP93, W-AP93H | Link - requires login. |
| W-IAP103, W-IAP104, W-IAP105, W-IAP108, W-IAP109, W-IAP114, W-IAP115, W-IAP134, W-IAP135 | Link - requires login. |
| W-IAP155, W-IAP155P, W-IAP175P, W-IAP175AC, W-IAP204, W-IAP205, W-IAP214, W-IAP215 | Link - requires login. |
| W-IAP-224, W-IAP225, W-IAP274, W-IAP275, W-IAP3WN, W-IAP3P, W-IAP92, W-IAP93 | Link - requires login. |
| W-Series Access Points - 205H, 207, 228, 277, 304, 305, 314, 315, 324, 325, 334, 335 | Link - requires login. |
| W-Series Controller AOS | Link - requires login. |
| W-Series FIPS | Link - requires login. |
| Models | BIOS/Firmware/Driver version |
| W-Airwave | Link - requires login - Ensure that Hypervisor has appropriate patches. |
| W-ClearPass Hardware Appliances | Link - requires login. |
| W-ClearPass Virtual Appliances | Link - requires login - Ensure that Hypervisor has appropriate patches. |
| W-ClearPass 100 Software | Link - requires login. |
Updates on other Dell products
- Dell Technologies products (Dell Technologies Storage products): https://support.emc.com/kb/516117 (login required)
- Microprocessor Side-Channel Vulnerabilities (CVE-2017-5715, CVE-2017-5753, CVE-2017-5754): Impact on Dell products
- Microprocessor Side-Channel Vulnerabilities "Meltdown" and "Spectre" (CVE-2017-5715, CVE-2017-5753, CVE-2017-5754): Impact on Dell Data Security Solutions
- RSA products: https://community.rsa.com/docs/DOC-85418 (login required)
- Converged Platforms and Solutions Division of Dell Technologies products: http://support.vce.com/kA2A0000000PHXB (login required)
External references
- Intel Security Advisory: https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00088&languageid=en-fr
- AMD Advisory: http://www.amd.com/en/corporate/speculative-execution
- Microsoft Advisory: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180002
- VMware: https://kb.vmware.com/s/article/52245
- Nutanix: Nutanix Security Advisory #07 (Nutanix Support Portal login required)
- Google Project Zero Blog Post: https://googleprojectzero.blogspot.com/2018/01/reading-privileged-memory-with-side.html
- Research Papers: https://meltdownattack.com
Operating system Patch Guidance
- Microsoft: https://support.microsoft.com/en-us/help/4072698/windows-server-guidance-to-protect-against-the-speculative-execution
- VMware: https://www.vmware.com/security/advisories/VMSA-2018-0002.html
- Red Hat Software: https://access.redhat.com/security/vulnerabilities/speculativeexecution
- SuSe: https://www.suse.com/support/kb/doc/?id=7022512
- Ubuntu: https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SpectreAndMeltdown
- Citrix: https://support.citrix.com/article/CTX231390
Performance Links
- Intel updated compared with nonpatched performance comparisons on two socket Intel Xeon Platinum 81xx processors - https://newsroom.intel.com/news/firmware-updates-and-initial-performance-data-for-data-center-systems/
- Red Hat Software: https://access.redhat.com/articles/3307751, and https://access.redhat.com/articles/3311301
- SuSe: https://www.suse.com/c/meltdown-spectre-performance/
Frequently Asked Questions (FAQ)
Question: How can I protect against these vulnerabilities?
Answer: There are three vulnerabilities associated with Meltdown and Spectre. Customers must deploy an operating system patch from their operating system vendor for all three vulnerabilities. Only Spectre Variant 2 (CVE-2017-5715) requires a BIOS update with the processor vendor-provided microcode. Currently, Intel does not yet have a microcode update available to protect against the Spectre Variant 2 vulnerability.
See table below:
Question: What is Dell Technologies' current recommendation regarding updating the operating system patches?
Answer: See the operating system vendor’s patch guidance links.
Answer: There are three vulnerabilities associated with Meltdown and Spectre. Customers must deploy an operating system patch from their operating system vendor for all three vulnerabilities. Only Spectre Variant 2 (CVE-2017-5715) requires a BIOS update with the processor vendor-provided microcode. Currently, Intel does not yet have a microcode update available to protect against the Spectre Variant 2 vulnerability.
See table below:
| Variant to Patch |
Microcode Update Needed? |
Operating system Patch Needed? |
| Spectre (Variant 1) |
No |
Yes |
| Spectre (Variant 2) |
Yes |
Yes |
| Meltdown (Variant 3) |
No |
Yes |
Question: What is Dell Technologies' current recommendation regarding updating the operating system patches?
Answer: See the operating system vendor’s patch guidance links.
Question: Does Dell Technologies have a list of Enterprise products that are not affected?
Answer: Dell Technologies has a list of Enterprise products that are not affected. See the Dell Products requiring no patches or fixes for these three CVE vulnerabilities section.
Question: What do I do if I run a virtual server?
Answer: Both the hypervisor and all guest operating systems must be updated.
Question: Are Internet browsers potentially affected? (JavaScript Variant 2 exploit)?
Answer: Yes Internet browsers can be affected by the Spectre vulnerability and most browsers have provided updated versions or patches to mitigate this potential vulnerability. See links below for Chrome, Internet Explorer, and Mozilla for additional information.
- https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html
- https://support.microsoft.com/en-us/help/4056568
- https://www.mozilla.org/en-US/security/advisories/mfsa2018-01/
Question: What about iDRAC and PERC?
Answer: Both the PERC and iDRAC are closed systems that do not allow third-party (user) code to run. Spectre and Meltdown both require the ability to run arbitrary code on the processor. Due to this closed code arrangement neither peripheral is at risk of a side-channel analysis microprocessor exploit.
Question: What about appliances? Are there other applications that are not affected?
Answer: Closed systems that do not allow third-party (user) code to run are not vulnerable.
Question: What about the AMD Opteron processors?
Answer: https://www.amd.com/en/corporate/speculative-execution.
Question: When will the BIOS with microcode updates available from Dell Technologies for Intel-based systems?
Answer: Updated BIOSes that contain the Intel microcode security updates are available for PowerEdge 14G, 13G, 12G, and some of the 11G systems.
Answer: Updated BIOSes that contain the Intel microcode security updates are available for PowerEdge 14G, 13G, 12G, and some of the 11G systems.
- See the available PowerEdge 11G, 12G, 13G, and 14G list of BIOS updates in the BIOS/Firmware/Driver updates for PowerEdge Server and Networking Products section.
- The remaining 11G updates are under development, and timings will be confirmed closer to the time.
- A complete listing of available BIOS updates for PowerEdge systems will be made available in the BIOS/Firmware/Driver updates for PowerEdge Server and Networking Products section. This list is continuously updated as additional BIOS versions become available and we encourage customers to bookmark the page.
Question: When will the BIOS be available for converged infrastructure running on PowerEdge technology (VXRail, so forth)
Answer: Dell Technologies is working to validate existing PowerEdge code updates for all converged infrastructure platforms running on PowerEdge technology. Updates are provided as additional information is available.
Question: Will Dell Technologies be factory installing the operating system and hypervisor patches for PowerEdge Servers and converged infrastructure?
Answer: As of March 6, 2018, Dell is factory installing the following versions of operating system updates to help mitigate the Spectre/Meltdown vulnerabilities. These are configured (where possible) for maximum protection (fully enabled). Sometimes, there are newer updates provided by the vendors. Continue to see the operating system vendor websites for specific configuration guidance and newer updates and configuration options as they become available.
- Windows Server 2016: KB4056890 (Released Jan 4, 2018)
- Red Hat Software Enterprise Linux 7.4: kernel-3.10.0-693.11.6.el7.x86_64 (Released Jan 4, 2018)
- SuSE Linux Enterprise Server 12 SP3: kernel-default-4.4.103-6.38.1.x86_64 (Released Jan 4, 2018)
- VMware ESXi 6.5U1: Rev A08 Build 7388607 (contains VMSA-2018-002 patch)
- VMware ESXi 6.0U3: Rev A08 Build 6921384 (contains VMSA-2018-002 patch)
Question: I have heard that the vulnerability affects microprocessors going back at least 10 years. How far back is Dell offering a BIOS update?
Answer: Dell is working with Intel to provide the required BIOS with microcode patches for PowerEdge systems going back to our 11th generation product line. Any BIOS updates that contain microcode updates for the security fix will be dependent upon the affected processor vendors providing code updates to Dell Technologies.
Question: Will Dell Technologies provides technical support for systems that are out of warranty?
Answer: Dell Technologies does not provide technical support for Dell Technologies PowerEdge servers that do not have a valid support contract. Customers can access publically available support documents on Dell Support regardless of current support contract status.
Question: Will Dell Technologies provides patches for systems that are out of warranty?
Answer: Dell Technologies PowerEdge server products do not require a valid support contract in order to gain access to our support and download pages. PowerEdge server BIOS updates are available on the Dell Technologies support site to all users regardless of current support contract status. See the BIOS section BIOS/Firmware/Driver updates for PowerEdge Server and Networking Products for BIOS availability. Operating system patches should be obtained from your operating system provider see the links in the operating system Patch Guidance section.
Question: What about the new AMD EPYC processors?
Answer: For AMD public statements on Meltdown (CVE-2017-5754) Spectre Variant 1 (CVE-2017-5753) and Spectre Variant 2 (CVE-2017-5715) as they relate to AMD processors, see https://www.amd.com/en/corporate/speculative-execution.
For Spectre Variant 1 (CVE-2017-5753) the applicable operating system patch addresses this issue.
Question: When will BIOS updates be available for AMD EYPC based PowerEdge systems that are affected by Spectre?
Answer: Dell EMC has released BIOS updates for our 14G platforms (R7425, R7415, & R6415) which are available on our product support pages. Factory installs of these BIOS were available on January 17, 2018.
Question: When will the BIOS with Intel microcode updates be factory installed on the Intel based PowerEdge systems?
Answer: PowerEdge 14G and 13G (except R930) BIOS is targeted to be available by factory install on March 6, 2018. PowerEdge R930 BIOS is targeted to be available using factory install by March 9, 2018.
Question: Is there a performance impact from these BIOS and operating system updates?
Answer: The key aspect of these attacks relies on speculative execution which is a performance-related feature. Performance impacts vary since they are highly workload-dependent. Dell is working with Intel and other vendors to determine performance impacts as a result of these updates and will address this once available.
Answer: The key aspect of these attacks relies on speculative execution which is a performance-related feature. Performance impacts vary since they are highly workload-dependent. Dell is working with Intel and other vendors to determine performance impacts as a result of these updates and will address this once available.
Cause
No Cause Information is Available.
Resolution
No Resolution Information is Available.
Affected Products
Networking, Datacenter Scalable Solutions, PowerEdge, C Series, Entry Level & Midrange, Compellent (SC, SCv & FS Series), Legacy Storage ModelsArticle Properties
Article Number: 000178106
Article Type: Solution
Last Modified: 06 Sept 2023
Version: 11
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.