DSA-2019-089: Dell EMC Server Platform Security Advisory for Intel-SA-00233

Summary: Dell EMC Servers require a security update to address vulnerabilities in Intel Microarchitectural Data Sampling. For specific information on affected platforms and next steps to apply See more

Article Content


Symptoms
DSA Identifier: DSA-2019-089

CVE Identifier: CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091

Severity: Medium

Severity Rating: CVSS v3 Base Score: See NVD (http://nvd.nist.gov/) for individual scores for each CVE

Affected products:  
Dell EMC Servers (see Resolution section below for complete list of affected products)

Summary:  
Dell EMC Servers require a security update to address the Intel Microarchitectural Data Sampling Vulnerabilities.

Details:  
Updates will be available to address the following security vulnerabilities.

Intel-SA-00233: Intel Microarchitectural Data Sampling Vulnerabilities
  • CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091

For more information about any of the Common Vulnerabilities and Exposures (CVEs) mentioned here, consult the National Vulnerability Database (NVD) at http://nvd.nist.gov/home.cfm. To search for a particular CVE, use the database’s search utility at http://web.nvd.nist.gov/view/vuln/search.

Resolution:      
The following is a list of impacted products and expected release dates. Dell recommends all customers update at the earliest opportunity.
There are two essential components that need to be applied to mitigate the above-mentioned vulnerabilities:
  1. Apply the BIOS update listed in the Dell EMC Server Affected section below.
  2. Apply the applicable operating system patch. This is required to mitigate the Intel-SA-00233 related vulnerabilities.  
We encourage customers to review Intel’s Security Advisory for information, including appropriate identification and mitigation measures.

Please visit the Drivers and Downloads site for updates on the applicable products.  Note, the following list of impacted products with released BIOS updates are linked. To learn more, visit the Dell Knowledge Base article Dell Updating Firmware using Dell Update Packages (DUP’s), and download the update for your Dell computer.

Customers may use one of the Dell notification solutions to be notified and download driver, BIOS and firmware updates automatically once available.

Additional References:

 

SLN317156_en_US__1icon Notes:
  • SLN317156_en_US__1icon The dates listed are estimated availability dates and are subject to change without notice.

  • SLN317156_en_US__1icon The platform list for Dell EMC Server products will be updated periodically. Please check back frequently for the most up-to-date information.

  • SLN317156_en_US__1icon Update versions in the table below are the first releases with the updates to address the security vulnerabilities. Releases at and above these versions will include the security updates.

  • SLN317156_en_US__1icon Release dates below are in US format of MM/DD/YYYY.

  • SLN317156_en_US__1icon Expected release dates are in the MM/YYYY format.

 

SLN317156_en_US__1icon Note: 14G platforms with Cascade Lake processors are not affected by this MDS vulnerability (Intel-SA-00233) as they incorporate in-hardware side-channel mitigations.

Dell EMC PowerVault ME4 Storage is not affected by this MDS vulnerability (Intel-SA-00233).


Dell EMC Server Products Affected

Product

BIOS Update Version
(or greater)

Release Date/

Expected Release Date 
(MM/DD/YYYY)

R640, R740, R740XD, R940, NX3240, NX3340

2.2.10

05/30/2019

XC740XD, XC640, XC940

2.2.10

05/31/2019

R540, R440, T440, XR2

2.2.9

05/31/2019

R740XD2

2.2.9

05/31/2019

R840, R940xa

2.2.10

05/31/2019

T640

2.2.9

05/31/2019

C6420, XC6420

2.2.9

05/31/2019

FC640, M640, M640P

2.2.9

05/31/2019

MX740C

2.2.9

05/31/2019

MX840C

2.2.9

05/31/2019

C4140

2.2.9

05/31/2019

T140, T340, R240, R340, NX440

1.2.0

05/31/2019

DSS9600, DSS9620, DS9630

2.2.10

05/31/2019

 

R830

1.10.5

09/10/2019

T130, R230, T330, R330, NX430

2.7.1

09/10/2019

R930

2.7.2

10/2019

R730, R730XD, R630

2.10.5

09/18/2019

NX3330, NX3230, DSMS630, DSMS730

2.10.5

09/10/2019

XC730, XC703XD, XC630

2.10.5

09/2019

C4130

2.10.5

09/06/2019

M630, M630P, FC630

2.10.5

09/06/2019

FC430

2.10.5

09/07/2019

M830, M830P, FC830

2.10.5

09/06/2019

T630

2.10.5

09/10/2019

R530, R430, T430

2.10.5

09/10/2019

XC430, XC430Xpress

2.10.5

09/10/2019

R530XD

1.10.5

09/19/2019

C6320

2.10.5

09/10/2019

XC6320

2.10.5

09/10/2019

C6320P

2.2.0

09/10/2019

T30

1.1.0

09/10/2019

DSS1500, DSS1510, DSS2500

2.10.3

06/27/2019

DSS7500

2.10.3

09/2019

 

R920

1.9.0

10/1/2019

R820

2.6.0

09/24/2019

R520

2.7.0

09/19/2019

R420

2.7.0

09/19/2019

R320, NX400

2.7.0

09/19/2019

T420

2.7.0

09/19/2019

T320

2.7.0

09/19/2019

R220

1.11.0

09/25/2019

R720, R720XD, NX3200, XC720XD

2.8.0

10/1/2019

R620, NX3300

2.8.0

09/09/2019

M820

2.8.0

09/09/2019

M620

2.8.0

09/09/2019

M520

2.8.0

09/09/2019

M420

2.8.0

09/09/2019

T620

2.8.0

09/19/2019

T20

A20

09/06/2019

C5230

1.5.0

09/19/2019

C6220

2.5.7

09/19/2019

C6220II

2.10.0

09/19/2019

C8220, C8220X

2.10.0

09/19/2019


Severity Rating:  

For an explanation of Severity Ratings, refer to Dell’s Vulnerability Disclosure Policy. Dell EMC recommends all customers take into account both the base score and any relevant temporal and environmental scores which may impact the potential severity associated with particular security vulnerability.

Legal Information:

Dell recommends that all users determine the applicability of this information to their individual situations and take appropriate action. The information set forth herein is provided "as is" without warranty of any kind. Dell disclaims all warranties, either express or implied, including the warranties of merchantability, fitness for a particular purpose, title and non-infringement. In no event, shall Dell or its suppliers, be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Dell or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages, so the foregoing limitation may not apply.


Article Properties


Affected Product

DSS 2500, DSS 7500, DSS 8440, DSS 9000J, DSS 9000R, DSS 9600, DSS 9620, DSS 9630, DSS 1500, DSS 1510, DSS 7000, PowerEdge C1100, PowerEdge C2100, PowerEdge C410X, PowerEdge C4130, PowerEdge C4140, PowerEdge C5000, PowerEdge C5125, PowerEdge C5220, PowerEdge C5230, PowerEdge C6100, PowerEdge C6105, PowerEdge C6145, PowerEdge C6220, PowerEdge C6220 II, PowerEdge C6300, PowerEdge C6320, PowerEdge C6320p, PowerEdge C6400, PowerEdge C6420, PowerEdge C6525, PowerEdge C8000, Dell Compellent FS8600, Dell Compellent SC200, Dell Compellent SC220, Dell Compellent SC280, Dell Compellent SC4020, Dell Storage SC8000, Dell Compellent Series 40, EqualLogic PS M4110, EqualLogic PS4210 Series, EqualLogic PS4210E, EqualLogic PS4210X, EqualLogic PS4210XS, EqualLogic PS4210XV, EqualLogic PS6210E, EqualLogic PS6210S, EqualLogic PS6210X, EqualLogic PS6210XS, EqualLogic PS6210XV, EqualLogic PS6610E, EqualLogic PS6610ES, EqualLogic PS6610X, Dell EMC ML3, DSMS 630, DSMS 730, PowerStore 1000X, PowerStore 1000T, PowerStore Expansion Enclosure, PowerStore 3000X, PowerStore 3000T, PowerStore Rack, PowerStore 5000X, PowerStore 5000T, PowerStore 7000X, PowerStore 7000T, PowerStore 9000X, PowerStore 9000T, PowerStore Employee and Partner, PowerVault 114X Tape Rack Enclosure, PowerVault 124T, PowerVault LTO3-080, PowerVault LTO5-140, Powervault LTO6, PowerVault LTO7, PowerVault LTO8, PowerVault MD1200, PowerVault MD1220, PowerVault MD3060e, PowerVault MD3200, PowerVault MD3200i, PowerVault MD3220, PowerVault MD3220i, PowerVault MD3260, PowerVault MD3260i, PowerVault MD3400, PowerVault MD3420, PowerVault MD3460, PowerVault MD3600f, PowerVault MD3600i, PowerVault MD3620f, PowerVault MD3620i, PowerVault MD3660f, PowerVault MD3660i, PowerVault MD3800f, PowerVault MD3800i, PowerVault MD3820f, PowerVault MD3820i, PowerVault MD3860f, PowerVault MD3860i, Dell EMC PowerVault ME4012, Dell EMC PowerVault ME4024, Dell EMC PowerVault ME4084, Dell EMC PowerVault ME412 Expansion, Dell EMC PowerVault ME424 Expansion, Dell EMC PowerVault ME484, PowerVault ML6000, PowerVault NX300, PowerVault NX3000, PowerVault NX3100, PowerVault NX3200, PowerVault NX3300, PowerVault NX3600, PowerVault NX3610, Powervault NX400, PowerVault TL2000, PowerVault TL4000, SD630-S, SD7000-S, PowerTools Server Hardware Manager, Dell Storage MD1280, Dell Storage MD1400, DSMS 1400, Dell Storage MD1420, DSMS 1420, DSMS 3060e, Dell Storage NX3230, Dell EMC Storage NX3240, Dell Storage NX3330, Dell EMC Storage NX3340, Dell Storage NX430, Dell EMC NX440, Dell Storage SC100, Dell Storage SC120, Dell Storage SC180, Dell Storage SCv2000, Dell Storage SCv2020, Dell Storage SCv2080, Dell Storage SC400, Dell Storage SC420, Dell Storage SC420F, Dell Storage SC460, Dell Storage SC5020, Dell Storage SC5020F, Dell Storage SC7020, Dell Storage SC7020F, Dell Storage SC9000, Dell Storage SCv300, Dell Storage SCv3000, Dell Storage SCv3020, Dell Storage SCv320, Dell Storage SCv360, PowerVault TL1000, Unisphere Central, Dell EMC Unity 300, Dell EMC Unity 300F, Dell EMC Unity 350F, Dell EMC Unity XT 380, Dell EMC Unity XT 380F, Dell EMC Unity 400, Dell EMC Unity 400F, Dell EMC Unity 450F, Dell EMC Unity XT 480, Dell EMC Unity XT 480F, Dell EMC Unity 500, Dell EMC Unity 500F, Dell EMC Unity 550F, Dell EMC Unity 600, Dell EMC Unity 600F, Dell EMC Unity 650F, Dell EMC Unity XT 680, Dell EMC Unity XT 680F, Dell EMC Unity XT 880, Dell EMC Unity XT 880F, Unity All Flash, Dell EMC Unity Family |Dell EMC Unity All Flash, Dell EMC Unity Family, Dell EMC Unity Hybrid, Unity Hybrid flash, UnityVSA, Dell EMC UnityVSA (Virtual Storage Appliance), Dell EMC UnityVSA Professional Edition/Unity Cloud Edition, UnityVSA VVols Edition, VNX Event Enabler, VNX-F Series, VNX-F5000, VNX-F7000, VNX Family Monitoring and Reporting, VNX VG10, VNX VG2, VNX VG50, VNX VG8, VNX-VSS Series, VNX-VSS100, VNX1 Series, VNX2 Series, VNX5100, VNX5150, VNX5200, VNX5300, VNX5400, VNX5500, VNX5600, VNX5700, VNX5800, VNX7500, VNX7600, VNX8000, VNXe1 Series, VNXe1000 Series, VNXe1600, VNXe2 Series, VNXe3100, VNXe3150, VNXe3200, VNXe3300, VNX/VNXe, vVNX, vVNX Series, PowerEdge XR2, PowerEdge C1100, PowerEdge C2100, PowerEdge C410X, PowerEdge C4130, PowerEdge C4140, PowerEdge C5000, PowerEdge C5125, PowerEdge C5220, PowerEdge C5230, PowerEdge C6100, PowerEdge C6105, PowerEdge C6145, PowerEdge C6220, PowerEdge C6220 II, PowerEdge C6300, PowerEdge C6320, PowerEdge C6320p, PowerEdge C6400, PowerEdge C6420, PowerEdge C6525, PowerEdge C8000, PowerEdge FC430, PowerEdge FC630, PowerEdge FC640, PowerEdge FC830, PowerEdge FD332, PowerEdge FM120x4 (for PE FX2/FX2s), PowerEdge FX2/FX2s, PowerEdge M1000E, PowerEdge M420, PowerEdge M520, PowerEdge M520 (for PE VRTX), PowerEdge M600, PowerEdge M605, PowerEdge M610, PowerEdge M610x, PowerEdge M620, PowerEdge M620 (for PE VRTX), PowerEdge M630, PowerEdge M630 (for PE VRTX), PowerEdge M640, PowerEdge M640 (for PE VRTX), PowerEdge M710, PowerEdge M710HD, PowerEdge M805, PowerEdge M820, PowerEdge M820 (for PE VRTX), PowerEdge M830, PowerEdge M830 (for PE VRTX), PowerEdge M905, PowerEdge M910, PowerEdge M915, PowerEdge MX5016s, PowerEdge MX7000, PowerEdge MX740c, PowerEdge MX840c, PowerEdge R200, PowerEdge R210, PowerEdge R210 II, PowerEdge R220, PowerEdge R230, PowerEdge R240, PowerEdge R300, PowerEdge R310, PowerEdge R320, PowerEdge R330, PowerEdge R340, PowerEdge R410, PowerEdge R415, PowerEdge R420, PowerEdge R420xr, PowerEdge R430, PowerEdge R440, PowerEdge R510, PowerEdge R515, PowerEdge R520, PowerEdge R530, PowerEdge R530xd, PowerEdge R540, PowerEdge R610, PowerEdge R620, PowerEdge R630, PowerEdge R640, PowerEdge R6415, PowerEdge R6515, PowerEdge R6525, PowerEdge R710, PowerEdge R715, PowerEdge R720, PowerEdge R720xd, PowerEdge R730, PowerEdge R730xd, PowerEdge R740, PowerEdge R740xd, PowerEdge R740xd2, PowerEdge R7415, PowerEdge R7425, PowerEdge R7515, PowerEdge R7525, PowerEdge R805, PowerEdge R810, PowerEdge R815, PowerEdge R820, PowerEdge R830, PowerEdge R840, PowerEdge R900, PowerEdge R905, PowerEdge R910, PowerEdge R920, PowerEdge R930, PowerEdge R940, PowerEdge R940xa, PowerEdge T100, PowerEdge T105, PowerEdge T110, PowerEdge T110 II, PowerEdge T130, PowerEdge T140, PowerEdge T20, PowerEdge T30, PowerEdge T300, PowerEdge T310, PowerEdge T320, PowerEdge T330, PowerEdge T340, PowerEdge T40, PowerEdge T410, PowerEdge T420, PowerEdge T430, PowerEdge T440, PowerEdge T605, PowerEdge T610, PowerEdge T620, PowerEdge T630, PowerEdge T640, PowerEdge T710, PowerEdge VRTX, PowerEdge XE2420, PowerEdge XE7100, PowerEdge XE7420, PowerEdge XE7440

Last Published Date

20 Nov 2020

Version

2

Article Type

Solution

Rate This Article


Accurate
Useful
Easy to Understand
Was this article helpful?

0/3000 characters