Article Number: 000178106
Microprocessor Side-Channel Vulnerabilities (CVE-2017-5715, CVE-2017-5753, CVE-2017-5754): Impact on Dell EMC Servers, Storage and Networking
Summary: Dell EMC guidance to mitigate risk and resolution for the side-channel analysis vulnerabilities (also known as Meltdown and Spectre) for servers, storage and networking products. For specific information on affected platforms and next steps to apply the updates, please refer to this guide. ...
Article Content
Symptoms
2018-11-21
Patch Guidance (update 2018-02-08):
Dell EMC has received new microcode from Intel per their advisory that was issued on January 22. Dell EMC is issuing new BIOS updates for the affected platforms to address Spectre (Variant 2), CVE-2017-5715. The Product Tables have been updated and will be updated as more microcode is released by Intel. If your product has an updated BIOS listed, Dell EMC recommends you upgrade to that BIOS and apply the appropriate OS patches to provide mitigation against Meltdown and Spectre.
If your product does not have an updated BIOS listed, Dell EMC still advises that customers should not deploy the previously released BIOS updates and wait for the updated version.
If you have already deployed a BIOS update that could have issues according to Intel's January 22nd advisory, in order to avoid unpredictable system behavior, you can revert back to a previous BIOS version. See the tables below.
As a reminder, the Operating System patches are not impacted and still provide mitigation to Spectre (Variant 1) and Meltdown (Variant 3). The microcode update is only required for Spectre (Variant 2), CVE-2017-5715.
Dell EMC recommends customers to follow security best practices for malware protection in general to protect against possible exploitation of these analysis methods until any future updates can be applied. These practices include promptly adopting software updates, avoiding unrecognized hyperlinks and websites, protecting access to privileged accounts, and following secure password protocols.
Systems Management for PowerEdge Server Products
Note: The tables below list products for which there is available BIOS/Firmware/Driver guidance. This information will be updated as additional information is available. If you do not see your platform, please check later.
The Server BIOS can be updated using the iDRAC or directly from the Operating System. Additional methods are provided in this article.
These are the minimum required BIOS versions.
***Only update the BIOS using the Non-Packaged update on the 11G NX series platforms.
Question: Does Dell EMC have a list of Enterprise products that are not affected?
Answer: Dell EMC has a list of Enterprise products that are not currently affected - look here.
Question: What do I do if I run a virtual server?
Answer: Both the hypervisor and all guest OS’ need to be patched.
Question: Are internet browsers potentially affected? (JavaScript Variant 2 exploit)?
Answer: Yes internet browsers can be affected by the Spectre vulnerability and most browsers have provided updated versions or patches to mitigate this potential vulnerability. See links below for Chrome, Internet Explorer, & Mozilla for additional information.
Question: What about iDRAC and PERC?
Answer: Both the PERC and iDRAC are closed systems that do not allow 3rd party (user) code to run. Spectre and Meltdown both require the ability to run arbitrary code on the processor. Due to this closed code arrangement neither peripheral is at risk of a side-channel analysis microprocessor exploit.
Question: What about appliances? Are there other applications that aren't affected?
Answer: Closed systems that do not allow 3rd party (user) code to run are not vulnerable.
Question: What about the AMD Opteron processors?
Answer: https://www.amd.com/en/corporate/speculative-execution.
Question: When will BIOS be available for converged infrastructure running on PowerEdge technology (VXRail, etc.)
Answer: Dell EMC is working to validate existing PowerEdge code updates for all converged infrastructure platforms running on PowerEdge technology. Updates will be provided as additional information is available.
Question: Will Dell EMC be factory installing the operating system and hypervisor patches for PowerEdge Servers and converged infrastructure?
Answer: As of March 6, 2018, Dell is factory installing the following versions of OS updates to help mitigate the Spectre/Meltdown vulnerabilities. These are configured (where possible) for maximum protection (fully enabled). In some cases, there are newer updates provided by the vendors. Please continue to refer to the OS vendor websites for specific configuration guidance and newer updates and configuration options as they become available.
Question: I've heard that the vulnerability affects microprocessors going back at least 10 years. How far back is Dell offering a BIOS update?
Answer: Dell is working with Intel to provide the required BIOS with microcode patches for PowerEdge systems going back to our 11th generation product line. Any BIOS updates that contain microcode updates for the security fix will be dependent upon the affected processor vendors providing code updates to Dell EMC.
Question: Will Dell EMC provide technical support for systems that are out of warranty?
Answer: Dell EMC does not provide technical support for Dell EMC PowerEdge servers that do not have a valid support contract. Customers can access publically available support documents on Dell Support regardless of current support contract status.
Question: Will Dell EMC provide patches for systems that are out of warranty?
Answer: Dell EMC PowerEdge server products do not require a valid support contract in order to gain access to our support and downloads pages. PowerEdge server BIOS updates will be available on the Dell EMC support site to all users regardless of current support contract status. Refer to the BIOS section here for BIOS availability. OS patches should be obtained from your OS provider - links are here.
Question: What about the new AMD EPYC processors?
Answer: For AMD public statements on Meltdown (CVE-2017-5754) Spectre Variant 1 (CVE-2017-5753) and Spectre Variant 2 (CVE-2017-5715) as they relate to AMD processors, see https://www.amd.com/en/corporate/speculative-execution.
For Spectre Variant 1 (CVE-2017-5753) the applicable OS patch will address this issue.
Question: When will BIOS updates be available for AMD EYPC based PowerEdge systems that are affected by Spectre?
Answer: Dell EMC has released BIOS updates for our 14G platforms (R7425, R7415, & R6415) which are available on our product support pages. Factory install of these BIOS were available on January 17, 2018.
Question: When will the BIOS with Intel microcode updates be factory installed on the Intel based PowerEdge systems?
Answer: PowerEdge 14G and 13G (except R930) BIOS is targeted to be available via factory install on March 6, 2018. PowerEdge R930 BIOS is targeted to be available via factory install by March 9, 2018.
CVE ID: CVE-2017-5715, CVE-2017-5753, CVE-2017-5754
Dell EMC is aware of the side-channel analysis vulnerabilities (also known as Meltdown and Spectre) affecting many modern microprocessors that were publicly described by a team of security researchers on January 3, 2018. We encourage customers to review the Security Advisories in the References section for more information.
Patch Guidance (update 2018-02-08):
Dell EMC has received new microcode from Intel per their advisory that was issued on January 22. Dell EMC is issuing new BIOS updates for the affected platforms to address Spectre (Variant 2), CVE-2017-5715. The Product Tables have been updated and will be updated as more microcode is released by Intel. If your product has an updated BIOS listed, Dell EMC recommends you upgrade to that BIOS and apply the appropriate OS patches to provide mitigation against Meltdown and Spectre.
If your product does not have an updated BIOS listed, Dell EMC still advises that customers should not deploy the previously released BIOS updates and wait for the updated version.
If you have already deployed a BIOS update that could have issues according to Intel's January 22nd advisory, in order to avoid unpredictable system behavior, you can revert back to a previous BIOS version. See the tables below.
As a reminder, the Operating System patches are not impacted and still provide mitigation to Spectre (Variant 1) and Meltdown (Variant 3). The microcode update is only required for Spectre (Variant 2), CVE-2017-5715.
There are two essential components that need to be applied to mitigate the above mentioned vulnerabilities:
- System BIOS as per Tables below
- Operating System & Hypervisor updates.
Dell EMC recommends customers to follow security best practices for malware protection in general to protect against possible exploitation of these analysis methods until any future updates can be applied. These practices include promptly adopting software updates, avoiding unrecognized hyperlinks and websites, protecting access to privileged accounts, and following secure password protocols.
Dell Products requiring no patches or fixes for these three CVE vulnerabilities
|
Dell Storage Product Line
|
Assessment
|
| EqualLogic PS Series | The CPU used in this product does not implement speculative execution, therefore the vulnerabilities do not apply to this hardware. |
| Dell EMC SC Series (Compellent) | Access to the platform OS to load external code is restricted; malicious code cannot be run. |
| Dell Storage MD3 and DSMS MD3 Series | Access to the platform OS to load external code is restricted; malicious code cannot be run. |
| Dell PowerVault Tape Drives & Libraries | Access to the platform OS to load external code is restricted; malicious code cannot be run. |
| Dell Storage FluidFS Series (includes: FS8600, FS7600, FS7610, FS7500, NX3600, NX3610, NX3500) | Access to the platform OS to load external code is restricted to privileged accounts only. Malicious code cannot be run, provided the recommended best practices to protect the access of privileged accounts are followed. |
|
Dell Storage Virtual Appliance
|
Assessment
|
| Dell Storage Manager Virtual Appliance (DSM VA - Compellent) | These virtual appliances do not provide general user access. They are single-user, root-user-only, and therefore do not introduce any additional security risk to an environment. The host system and hypervisor must be protected; see vendor links and best practices statement, above. |
| Dell Storage Integration tools for VMWare (Compellent) | |
| Dell EqualLogic Virtual Storage Manager (VSM - EqualLogic) |
Systems Management for PowerEdge Server Products
|
Component
|
Assessment
|
|
iDRAC: 14G, 13G, 12G, 11G
|
Not impacted.
iDRAC is a closed system that does not allow external 3rd party code to be executed. |
|
Chassis Management Controller (CMC): 14G, 13G, 12G, 11G
|
Not impacted.
CMC is a closed system that does not allow external 3rd party code to be executed. |
| Platforms | Assessment |
| Dell 10Gb Ethernet Pass-Through |
These products are a single-user, root-user-only appliance. The reported issues do not introduce any additional security risk to a customer's environment, provided the recommended best practices to protect the access of highly privileged accounts are followed.
|
| Dell 10Gb-K Ethernet Pass-Through | |
| Dell Ethernet Pass-Through | |
| FC8 Pass-Through | |
| Force10 MXL Blade | |
| PowerConnect M6220 | |
| PowerConnect M6348 | |
| PowerConnect M8024 | |
| PowerConnect M8024-K |
| Platforms | Assessment |
| Brocade M5424, M6505, M8428-k | Vendor Statement |
| Cisco Catalyst 3032, 3130, 3130G, 3130X | Vendor Statement |
| Cisco Catalyst Nexus B22 Dell Blade Fabric Extender | Vendor Statement |
| Mellanox M2401G, M361Q, M4001F Fi | Vendor Statement |
| Platforms | Assessment |
| C1048P, C9010 |
These products are a single-user, root-user-only appliance. The reported issues do not introduce any additional security risk to a customer's environment, provided the recommended best practices to protect the access of highly privileged accounts are followed. |
| M I/O Aggregator | |
| MXL | |
| FX2 | |
| N11xx, N15xx, N20xx, N30xx, | |
| N2128PX, N3128PX | |
| S55, S60 | |
| S3048-On OS9, S3048-on OS10 Enterprise, S3100, S3124F, S3124P, S3148P | |
| S4048, S4048-ON OS9, S4048-ON OS10 Enterprise, S4048T-ON OS9, S4048T-ON OS10 Enterprise | |
| S4128F-ON, S4148F-ON, S4128T-ON, S4148T-ON, S4148U-ON, S4148FE-ON, S4148FB, S4248FBL | |
| S5048, S5048F-ON, S5148F | |
| S6000, S6000-ON OS9, S6010-ON OS9, S6010-ON OS10 Enterprise, S6100-ON | |
| SIOM | |
| Z9000, Z9100 OS9, Z9100 OS10 Enterprise |
| Platforms | Assessment |
| PowerConnect 2016, 2124, 2216, 2224, 2324, 2508, 2608 2616, 2624 |
These products are a single-user, root-user-only appliance. The reported issues do not introduce any additional security risk to a customer's environment, provided the recommended best practices to protect the access of highly privileged accounts are followed. |
| PowerConnect 2708, 2716, 2724, 2748, 2808, 2816, 2824, 2848 | |
| PowerConnect 3024, 3048, 3248, 3324, 3348 | |
| PowerConnect 3424, 3424P, 3448, 3448P, 3524, 3524P, 3548, 3548P | |
| PowerConnect 5012, 5212, 5224, 5316M, 5324, 5424, 5448, 5524, 5524P, 5548, 5548P | |
| PowerConnect 6024, 6024F, 6224, 6224F, 6224P, 6248, 6248P | |
| PowerConnect 7024, 7024F, 7024P, 7048, 7048P, 7048R | |
| PowerConnect 8024, 8024F, 8100 Series | |
| PowerConnect B-8000, B-8000e, B-FCXs, B-T124X | |
| PowerConnect J-EX4200, J-EX4200-24F, J-EX4200-24t, J-EX4200-48t, J-EX4500 | |
| PowerConnect J-SRX100, J-SRX210, SRX240 | |
| C9000 Series Line Cards |
| Platforms | Assessment |
| Brocade 300, 4424 Switch Fi, 5100, 5300 | Vendor Statement |
| Brocade 6505, 6510, 6520, G620 | Vendor Statement |
| Cisco Catalyst 3750E-48TD, 4900M, 4948-10GE | Vendor Statement |
| Platforms | Assessment |
| Active Fabric Controller | Software Unaffected |
| Active Fabric Manager | Software Unaffected |
| Dell Networking vCenter Plug-in | Software Unaffected |
| Dell OpenManage Network Manager | Software Unaffected |
| HiveManager NG | No Mitigation Needed; Vendor Statement |
| Open Automation | Software Unaffected |
| Software Defined Networking | Software Unaffected |
Note: The tables below list products for which there is available BIOS/Firmware/Driver guidance. This information will be updated as additional information is available. If you do not see your platform, please check later.
The Server BIOS can be updated using the iDRAC or directly from the Operating System. Additional methods are provided in this article.
These are the minimum required BIOS versions.
BIOS/Firmware/Driver updates for PowerEdge Server and Networking Products
| Generation | Models | BIOS version |
| 13G | R830 | 1.7.1 |
| T130, R230, T330, R330, NX430 | 2.4.3 | |
| R930 | 2.5.1 | |
| R730, R730XD, R630, NX3330, NX3230, DSMS630, DSMS730, XC730, XC703XD, XC630 | 2.7.1 | |
| C4130 | 2.7.1 | |
| M630, M630P, FC630 | 2.7.1 | |
| FC430 | 2.7.1 | |
| M830, M830P, FC830 | 2.7.1 | |
| T630 | 2.7.1 | |
| R530, R430, T430, XC430, XC430Xpress | 2.7.1 | |
| R530XD | 1.7.0 | |
| C6320, XC6320 | 2.7.1 | |
| C6320P | 2.0.5 | |
| T30 | 1.0.12 |
| Generation | Models | BIOS version |
| 12G | R920 | 1.7.1 |
| R820 | 2.4.1 | |
| R520 | 2.5.1 | |
| R420 | 2.5.1 | |
| R320, NX400 | 2.5.1 | |
| T420 | 2.5.1 | |
| T320 | 2.5.1 | |
| R220 | 1.10.2 | |
| R720, R720XD, NX3200, XC720XD | 2.6.1 | |
| R620, NX3300 | 2.6.1 | |
| M820 | 2.6.1 | |
| M620 | 2.6.1 | |
| M520 | 2.6.1 | |
| M420 | 2.6.1 | |
| T620 | 2.6.1 | |
| FM120x4 | 1.7.0 | |
| T20 | A16 | |
| C5230 | 1.3.1 | |
| C6220 | 2.5.5 | |
| C6220II | 2.8.1 | |
| C8220, C8220X | 2.8.1 |
| Generation | Models | BIOS version |
| 11G | R710 | 6.5.0 |
| NX3000 | 6.6.0*** | |
| R610 | 6.5.0 | |
| T610 | 6.5.0 | |
| R510 | 1.13.0 | |
| NX3100 | 1.14.0*** | |
| R410 | 1.13.0 | |
| NX300 | 1.14.0*** | |
| T410 | 1.13.0 | |
| R310 | 1.13.0 | |
| T310 | 1.13.0 | |
| NX200 | 1.14.0*** | |
| T110 | 1.11.1 | |
| T110-II | 2.9.0 | |
| R210 | 1.11.0 | |
| R210-II | 2.9.0 | |
| R810 | 2.10.0 | |
| R910 | 2.11.0 | |
| T710 | 6.5.0 | |
| M610, M610X | 6.5.0 | |
| M710 | 6.5.0 | |
| M710HD | 8.3.1 | |
| M910 | 2.11.0 | |
| C1100 | 3B24 | |
| C2100 | 3B24 | |
| C5220 | 2.2.0 | |
| C6100 | 1.80 | |
| R415 | 2.4.1 | |
| R515 | 2.4.1 | |
| R715 | 3.4.1 | |
| R815 | 3.4.1 | |
| M915 | 3.3.1 | |
| C6105 | 2.6.0 | |
| C6145 | 3.6.0 |
***Only update the BIOS using the Non-Packaged update on the 11G NX series platforms.
| Models | BIOS/Firmware/Driver version |
| OS10 Basic VM | In process |
| OS10 Enterprise VM | In process |
| S OS-Emulator | In process |
| Z OS-Emulator | In process |
| S3048-ON OS10 Basic | In process |
| S4048-ON OS10 Basic | In process |
| S4048T-ON OS10 Basic | In process |
| S6000-ON OS Basic | In process |
| S6010-ON OS10 Basic | In process |
| Z9100 OS10 Basic | In process |
Networking - Fixed Port Switches
| Platforms | BIOS/FIrmware/Driver version |
| Mellanox SB7800 Series, SX6000 Series | Mellanox is carefully investigating the released patches, and will release software updates as soon as available. Vendor Statement |
| Models | BIOS/Firmware/Driver version |
| W-3200, W-3400, W-3600, W-6000, W-620, W-650, W-651 | Link - requires login |
| W-7005, W-7008, W-7010, W-7024, W-7030, W-7200 Series, W-7205 | Link - requires login |
| W-AP103, W-AP103H, W-AP105, W-AP114, W-AP115, W-AP124, W-AP125, W-AP134, W-AP135, W-AP175 | Link - requires login |
| W-AP204, W-AP205, W-AP214, W-AP215, W-AP224, W-AP225, W-AP274, W-AP275 | Link - requires login |
| W-AP68, W-AP92, W-AP93, W-AP93H | Link - requires login |
| W-IAP103, W-IAP104, W-IAP105, W-IAP108, W-IAP109, W-IAP114, W-IAP115, W-IAP134, W-IAP135 | Link - requires login |
| W-IAP155, W-IAP155P, W-IAP175P, W-IAP175AC, W-IAP204, W-IAP205, W-IAP214, W-IAP215 | Link - requires login |
| W-IAP-224, W-IAP225, W-IAP274, W-IAP275, W-IAP3WN, W-IAP3P, W-IAP92, W-IAP93 | Link - requires login |
| W-Series Access Points - 205H, 207, 228, 277, 304, 305, 314, 315, 324, 325, 334, 335 | Link - requires login |
| W-Series Controller AOS | Link - requires login |
| W-Series FIPS | Link - requires login |
| Models | BIOS/Firmware/Driver version |
| W-Airwave | Link - requires login - Ensure Hypervisor has appropriate patches. |
| W-ClearPass Hardware Appliances | Link - requires login |
| W-ClearPass Virtual Appliances | Link - requires login - Ensure Hypervisor has appropriate patches. |
| W-ClearPass 100 Software | Link - requires login |
Updates on other Dell products
- Dell EMC products (Dell EMC Storage products): https://support.emc.com/kb/516117 (login required)
- Dell Client products: http://www.dell.com/support/article/SLN308587
- Dell Data Security products: www.dell.com/support/article/sln308615
- RSA products: https://community.rsa.com/docs/DOC-85418 (login required)
- VCE products: http://support.vce.com/kA2A0000000PHXB (login required)
External references
- Intel Security Advisory: https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00088&languageid=en-fr
- AMD Advisory: http://www.amd.com/en/corporate/speculative-execution
- Microsoft Advisory: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180002
- VMWare: https://kb.vmware.com/s/article/52245
- Nutanix: Nutanix Security Advisory #07 (Nutanix Support Portal login required)
- Google Project Zero Blog Post: https://googleprojectzero.blogspot.com/2018/01/reading-privileged-memory-with-side.html
- Research Papers: https://meltdownattack.com
OS Patch Guidance
- Microsoft: https://support.microsoft.com/en-us/help/4072698/windows-server-guidance-to-protect-against-the-speculative-execution
- VMWare: https://www.vmware.com/security/advisories/VMSA-2018-0002.html
- RedHat: https://access.redhat.com/security/vulnerabilities/speculativeexecution
- SuSe: https://www.suse.com/support/kb/doc/?id=7022512
- Ubuntu : https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SpectreAndMeltdown
- Citrix: https://support.citrix.com/article/CTX231390
Performance Links
- Intel patched versus nonpatched performance comparisons on 2 socket Intel Xeon Platinum 81xx processors - https://newsroom.intel.com/news/firmware-updates-and-initial-performance-data-for-data-center-systems/
- RedHat: https://access.redhat.com/articles/3307751 and https://access.redhat.com/articles/3311301
- SuSe: https://www.suse.com/c/meltdown-spectre-performance/
Frequently Asked Questions (FAQ)
Question: How can I protect against these vulnerabilities?
Answer: There are three vulnerabilities associated with Meltdown and Spectre. Customers must deploy an OS patch from their OS vendor for all 3 vulnerabilities. Only Spectre Variant 2 (CVE-2017-5715) requires a BIOS update with the processor vendor provided microcode. At this time, Intel does not yet have a microcode update available to protect against the Spectre Variant 2 vulnerability.
See table below:
Question: What is the Dell EMC current recommendation regarding updating the OS patches?
Answer: Please refer to your OS vendor’s patch guidance links.
Answer: There are three vulnerabilities associated with Meltdown and Spectre. Customers must deploy an OS patch from their OS vendor for all 3 vulnerabilities. Only Spectre Variant 2 (CVE-2017-5715) requires a BIOS update with the processor vendor provided microcode. At this time, Intel does not yet have a microcode update available to protect against the Spectre Variant 2 vulnerability.
See table below:
| Variant to Patch |
Microcode Update Needed? |
OS Patch Needed? |
| Spectre (Variant 1) |
No |
Yes |
| Spectre (Variant 2) |
Yes |
Yes |
| Meltdown (Variant 3) |
No |
Yes |
Question: What is the Dell EMC current recommendation regarding updating the OS patches?
Answer: Please refer to your OS vendor’s patch guidance links.
Question: Does Dell EMC have a list of Enterprise products that are not affected?
Answer: Dell EMC has a list of Enterprise products that are not currently affected - look here.
Question: What do I do if I run a virtual server?
Answer: Both the hypervisor and all guest OS’ need to be patched.
Question: Are internet browsers potentially affected? (JavaScript Variant 2 exploit)?
Answer: Yes internet browsers can be affected by the Spectre vulnerability and most browsers have provided updated versions or patches to mitigate this potential vulnerability. See links below for Chrome, Internet Explorer, & Mozilla for additional information.
- https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html
- https://support.microsoft.com/en-us/help/4056568
- https://www.mozilla.org/en-US/security/advisories/mfsa2018-01/
Question: What about iDRAC and PERC?
Answer: Both the PERC and iDRAC are closed systems that do not allow 3rd party (user) code to run. Spectre and Meltdown both require the ability to run arbitrary code on the processor. Due to this closed code arrangement neither peripheral is at risk of a side-channel analysis microprocessor exploit.
Question: What about appliances? Are there other applications that aren't affected?
Answer: Closed systems that do not allow 3rd party (user) code to run are not vulnerable.
Question: What about the AMD Opteron processors?
Answer: https://www.amd.com/en/corporate/speculative-execution.
Question: When will the BIOS with microcode updates available from Dell EMC for Intel based systems?
Answer: Updated BIOSes that contain the Intel microcode security updates are available for PowerEdge 14G, 13G, 12G, some of the 11G systems.
Answer: Updated BIOSes that contain the Intel microcode security updates are available for PowerEdge 14G, 13G, 12G, some of the 11G systems.
- Please refer to the available PowerEdge 11G, 12G, 13G and 14G list of BIOS updates here.
- The remaining 11G updates are currently under development, and timing will be confirmed closer to the time.
- A complete listing of available BIOS updates for PowerEdge systems will be made available here. This list is continuously updated as additional BIOS versions become available and we encourage customers to bookmark the page.
Question: When will BIOS be available for converged infrastructure running on PowerEdge technology (VXRail, etc.)
Answer: Dell EMC is working to validate existing PowerEdge code updates for all converged infrastructure platforms running on PowerEdge technology. Updates will be provided as additional information is available.
Question: Will Dell EMC be factory installing the operating system and hypervisor patches for PowerEdge Servers and converged infrastructure?
Answer: As of March 6, 2018, Dell is factory installing the following versions of OS updates to help mitigate the Spectre/Meltdown vulnerabilities. These are configured (where possible) for maximum protection (fully enabled). In some cases, there are newer updates provided by the vendors. Please continue to refer to the OS vendor websites for specific configuration guidance and newer updates and configuration options as they become available.
- Windows Server 2016: KB4056890 (Released Jan 4, 2018)
- RedHat Enterprise Linux 7.4 : kernel-3.10.0-693.11.6.el7.x86_64 (Released Jan 4, 2018)
- SuSE Linux Enterprise Server 12 SP3: kernel-default-4.4.103-6.38.1.x86_64 (Released Jan 4, 2018)
- VMware ESXi 6.5U1: Rev A08 Build 7388607 (contains VMSA-2018-002 patch)
- VMWare ESXi 6.0U3: Rev A08 Build 6921384 (contains VMSA-2018-002 patch)
Question: I've heard that the vulnerability affects microprocessors going back at least 10 years. How far back is Dell offering a BIOS update?
Answer: Dell is working with Intel to provide the required BIOS with microcode patches for PowerEdge systems going back to our 11th generation product line. Any BIOS updates that contain microcode updates for the security fix will be dependent upon the affected processor vendors providing code updates to Dell EMC.
Question: Will Dell EMC provide technical support for systems that are out of warranty?
Answer: Dell EMC does not provide technical support for Dell EMC PowerEdge servers that do not have a valid support contract. Customers can access publically available support documents on Dell Support regardless of current support contract status.
Question: Will Dell EMC provide patches for systems that are out of warranty?
Answer: Dell EMC PowerEdge server products do not require a valid support contract in order to gain access to our support and downloads pages. PowerEdge server BIOS updates will be available on the Dell EMC support site to all users regardless of current support contract status. Refer to the BIOS section here for BIOS availability. OS patches should be obtained from your OS provider - links are here.
Question: What about the new AMD EPYC processors?
Answer: For AMD public statements on Meltdown (CVE-2017-5754) Spectre Variant 1 (CVE-2017-5753) and Spectre Variant 2 (CVE-2017-5715) as they relate to AMD processors, see https://www.amd.com/en/corporate/speculative-execution.
For Spectre Variant 1 (CVE-2017-5753) the applicable OS patch will address this issue.
Question: When will BIOS updates be available for AMD EYPC based PowerEdge systems that are affected by Spectre?
Answer: Dell EMC has released BIOS updates for our 14G platforms (R7425, R7415, & R6415) which are available on our product support pages. Factory install of these BIOS were available on January 17, 2018.
Question: When will the BIOS with Intel microcode updates be factory installed on the Intel based PowerEdge systems?
Answer: PowerEdge 14G and 13G (except R930) BIOS is targeted to be available via factory install on March 6, 2018. PowerEdge R930 BIOS is targeted to be available via factory install by March 9, 2018.
Question: Is there a performance impact from these BIOS and OS updates?
Answer: The key aspect of these attacks relies on speculative execution which is a performance-related feature. Performance impacts will vary since they are highly workload dependent. Dell is working with Intel and other vendors to determine performance impacts as a result of these updates and will address this once available.
Answer: The key aspect of these attacks relies on speculative execution which is a performance-related feature. Performance impacts will vary since they are highly workload dependent. Dell is working with Intel and other vendors to determine performance impacts as a result of these updates and will address this once available.
Cause
Resolution
Article Properties
Affected Product
Networking, Datacenter Scalable Solutions, PowerEdge, C Series, Entry Level & Midrange, Compellent (SC, SCv & FS Series), Legacy Storage Models
Last Published Date
03 Mar 2023
Version
7
Article Type
Solution