DSA-2019-152 Dell EMC Networking Security Update for Intel-SA-00233
Summary: Dell EMC Networking Security Notice for Intel-SA-00233
This article applies to
This article does not apply to
This article is not tied to any specific product.
Not all product versions are identified in this article.
Symptoms
CVE Identifier: CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091
DSA Identifier: DSA-2019-152
Severity: Medium
Severity Rating: CVSS v3 Base Score: See NVD (http://nvd.nist.gov/
) for individual scores for each CVE
Affected products:
Dell EMC Networking (see Resolution section below for complete list of affected products)
Summary:
Dell EMC Networking products require a security update to address the Intel Microarchitectural Data Sampling Vulnerabilities.
Details:
Updates are available to address the following security vulnerabilities:
Intel-SA-00233
: Intel Microarchitectural Data Sampling Vulnerabilities
- CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091
For more information about any of the Common Vulnerabilities and Exposures (CVEs) mentioned here, consult the National Vulnerability Database (NVD) at http://nvd.nist.gov/home.cfm.
To search for a particular CVE, use the database’s search utility at http://web.nvd.nist.gov/view/vuln/search 
Resolution:
The following is a list of impacted products and expected release dates. Dell recommends all customers update at the earliest opportunity.
There are two essential components that need to be applied to mitigate the above-mentioned vulnerabilities:
1. Apply the firmware update listed in the Dell EMC Networking Products Affected section below.
2. Apply the applicable operating system patch. This is required to mitigate the Intel-SA-00233
related vulnerabilities.
We encourage customers to review Intel’s Security Advisory for information, including appropriate identification and mitigation measures.
Please visit the Drivers and Downloads site for updates on the applicable products. To learn more, visit the Dell Knowledge Base article Dell Update Package, and download the update for your Dell computer.
Customers may use one of the Dell notification solutions to be notified and download driver, BIOS and firmware updates automatically once available.
Additional References:
- Software Security Guidance for developers: https://software.intel.com/security-software-guidance/software-guidance/microarchitectural-data-sampling
- Intel Security First – MDS Page: https://www.intel.com/content/www/us/en/architecture-and-technology/mds.html
- Intel Security Center: https://security-center.intel.com
- AMD response to CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091 (Fallout and Rogue In-Flight Data Load (RIDL)): https://www.amd.com/en/corporate/product-security
- VMware: https://www.vmware.com/security/advisories/VMSA-2019-0008.html
- Microsoft: https://support.microsoft.com/en-us/help/4457951/windows-guidance-to-protect-against-speculative-execution-side-channel
- Red Hat: https://www.redhat.com/en/blog/understanding-mds-vulnerability-what-it-why-it-works-and-how-mitigate-it
- SuSe: https://www.suse.com/security/cve/CVE-2018-12126/
- Ubuntu: https://blog.ubuntu.com/2019/05/14/ubuntu-updates-to-mitigate-new-microarchitectural-data-sampling-mds-vulnerabilities
NOTE: Prior to installing the update, please review the installation procedure in the release notes.NOTE: The dates listed are estimated availability dates and are subject to change without notice.NOTE: The platform list for Dell EMC Networking products will be updated periodically. Please check back frequently for the most up-to-date information.NOTE: Update versions in the table below are the first releases with the updates to address the security vulnerabilities. Releases at and above these versions will include the security updates.NOTE: Dates below are in US format of MM/DD/YYYY.Dell EMC Networking Products Affected:
Product
Update Version
(or greater)Release Date/
Expected Release Date
(MM/YYYY)PowerSwitch Z9264F-ON
Not yet available
TBD
PowerSwitch S5212F-ON
Available
10/01/2019
PowerSwitch S5224F-ON
Available
10/01/2019
PowerSwitch S5232F-ON
Available
10/01/2019
PowerSwitch S5248F-ON
Available
10/01/2019
PowerSwitch S5296F-ON
Available
10/01/2019
VEP4600
Available
09/05/2019
VEP1400
Available
09/05/2019
Severity Rating:
For an explanation of Severity Ratings, refer to Dell’s Vulnerability Disclosure Policy . Dell EMC recommends all customers take into account both the base score and any relevant temporal and environmental scores which may impact the potential severity associated with particular security vulnerability.
Legal Information:
Dell recommends that all users determine the applicability of this information to their individual situations and take appropriate action. The information set forth herein is provided "as is" without warranty of any kind. Dell disclaims all warranties, either express or implied, including the warranties of merchantability, fitness for a particular purpose, title and non-infringement. In no event, shall Dell or its suppliers, be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Dell or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages, so the foregoing limitation may not apply.
Cause
Not Applicable
Resolution
Not Applicable
Affected Products
PowerSwitch S5212F-ON, PowerSwitch S5224F-ON, PowerSwitch S5232F-ON, PowerSwitch S5248F-ON, PowerSwitch S5296F-ON, PowerSwitch Z9264F-ON, DELL NETWORKING VEP4600 16-CORE, Dell Networking VEP4600 4-CORE, DELL NETWORKING VEP4600 8-COREArticle Properties
Article Number: 000135607
Article Type: Solution
Last Modified: 05 Jun 2025
Version: 8
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.