Article Number: 000153847
Medium
Summary:
Intel Processor usage within Dell EMC Isilon OneFS requires a security update to address various vulnerabilities.
The embedded component is updated for the following set of vulnerabilities:
Intel-SA-00233
Microarchitectural Data Sampling (MDS)
CVE-2018-12130 CVE-2018-12126 CVE-2018-12127 CVE-2019-11091
For more information about any of the Common Vulnerabilities and Exposures (CVEs) mentioned here, consult the National Vulnerability Database (NVD) at http://nvd.nist.gov/.
To search for a particular CVE, use the database s search utility at https://nvd.nist.gov/vuln/search.
The embedded component is updated for the following set of vulnerabilities:
Intel-SA-00233
Microarchitectural Data Sampling (MDS)
CVE-2018-12130 CVE-2018-12126 CVE-2018-12127 CVE-2019-11091
For more information about any of the Common Vulnerabilities and Exposures (CVEs) mentioned here, consult the National Vulnerability Database (NVD) at http://nvd.nist.gov/.
To search for a particular CVE, use the database s search utility at https://nvd.nist.gov/vuln/search.
Affected products:
Dell EMC Isilon OneFS versions 8.2.1 and earlier
Remediation:
The following Dell EMC Isilon OneFS patches address these vulnerabilities:
Dell EMC Isilon OneFS versions 8.2.1, 8.2.0, 8.1.2.0, and 8.1.0.4.
The hw.mds_disable sysctl parameter was added to enable the microarchitectural data samplingvulnerabilities fix, which prevents attackers from potentially inferring data from processing data between components.
Note: This sysctl is only available after the installation of the patch or upgrade to a fixed version of OneFS.
This setting is disabled by default. To enable the setting and verify whether the processing data segment is readable or writable from the current privilege level, run the following command:
sysctl hw.mds_disable=1
For Dell EMC Isilon OneFS versions 8.2.0, 8.1.2, and 8.1.0.4, the fix for this issue is included with the September 2019 Rollup Patch, as well as all future Rollup Patches. For more information and to obtain a Rollup patch, see the Current Isilon OneFS Patches document.
This DSA will be updated when additional patches are ready.
Affected products:
Dell EMC Isilon OneFS versions 8.2.1 and earlier
Remediation:
The following Dell EMC Isilon OneFS patches address these vulnerabilities:
Dell EMC Isilon OneFS versions 8.2.1, 8.2.0, 8.1.2.0, and 8.1.0.4.
The hw.mds_disable sysctl parameter was added to enable the microarchitectural data samplingvulnerabilities fix, which prevents attackers from potentially inferring data from processing data between components.
Note: This sysctl is only available after the installation of the patch or upgrade to a fixed version of OneFS.
This setting is disabled by default. To enable the setting and verify whether the processing data segment is readable or writable from the current privilege level, run the following command:
sysctl hw.mds_disable=1
For Dell EMC Isilon OneFS versions 8.2.0, 8.1.2, and 8.1.0.4, the fix for this issue is included with the September 2019 Rollup Patch, as well as all future Rollup Patches. For more information and to obtain a Rollup patch, see the Current Isilon OneFS Patches document.
This DSA will be updated when additional patches are ready.
PowerScale OneFS, Product Security Information
23 Nov 2021
5
Dell Security Advisory