DSA-2019-089: Dell EMC Server Platform Security Advisory for Intel-SA-00233

Updates will be available to address the following security vulnerabilities.

Intel-SA-00233: Intel Microarchitectural Data Sampling Vulnerabilities

• CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091

For more information about any of the Common Vulnerabilities and Exposures (CVEs) mentioned here, consult the National Vulnerability Database (NVD) at http://nvd.nist.gov/home.cfm. To search for a particular CVE, use the database’s search utility at http://web.nvd.nist.gov/view/vuln/search.

The following is a list of impacted products and expected release dates. Dell recommends all customers update at the earliest opportunity.
There are two essential components that need to be applied to mitigate the above-mentioned vulnerabilities:

1. Apply the BIOS update listed in the Dell EMC Server Affected section below.
2. Apply the applicable operating system patch. This is required to mitigate the Intel-SA-00233 related vulnerabilities.  

We encourage customers to review Intel’s Security Advisory for information, including appropriate identification and mitigation measures.

Please visit the Drivers and Downloads site for updates on the applicable products.  Note, the following list of impacted products with released BIOS updates are linked. To learn more, visit the Dell Knowledge Base article Dell Updating Firmware using Dell Update Packages (DUP’s), and download the update for your Dell computer.

Customers may use one of the Dell notification solutions to be notified and download driver, BIOS and firmware updates automatically once available.

Additional References:

• Software Security Guidance for developers:https://software.intel.com/security-software-guidance/software-guidance/microarchitectural-data-sampling
• Intel Security First – MDS Page: https://www.intel.com/content/www/us/en/architecture-and-technology/mds.html
• Intel Security Center: https://security-center.intel.com
• AMD response to CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091 (Fallout and Rogue In-Flight Data Load (RIDL)): https://www.amd.com/en/corporate/product-security
• VMware: https://www.vmware.com/security/advisories/VMSA-2019-0008.html
• Microsoft: https://support.microsoft.com/en-us/help/4457951/windows-guidance-to-protect-against-speculative-execution-side-channel
• Red Hat: https://www.redhat.com/en/blog/understanding-mds-vulnerability-what-it-why-it-works-and-how-mitigate-it
• SuSe: https://www.suse.com/security/cve/CVE-2018-12126/
• Ubuntu: https://blog.ubuntu.com/2019/05/14/ubuntu-updates-to-mitigate-new-microarchitectural-data-sampling-mds-vulnerabilities

 

 Notes:

•  The dates listed are estimated availability dates and are subject to change without notice.

 

•  The platform list for Dell EMC Server products will be updated periodically. Please check back frequently for the most up-to-date information.

 

•  Update versions in the table below are the first releases with the updates to address the security vulnerabilities. Releases at and above these versions will include the security updates.

 

•  Release dates below are in US format of MM/DD/YYYY.

 

•  Expected release dates are in the MM/YYYY format.

 

 Note: 14G platforms with Cascade Lake processors are not affected by this MDS vulnerability (Intel-SA-00233) as they incorporate in-hardware side-channel mitigations.

Dell EMC PowerVault ME4 Storage is not affected by this MDS vulnerability (Intel-SA-00233).

Product	BIOS Update Version (or greater)	Release Date/ Expected Release Date  (MM/DD/YYYY)
R640, R740, R740XD, R940, NX3240, NX3340	2.2.10	05/30/2019
XC740XD, XC640, XC940	2.2.10	05/31/2019
R540, R440, T440, XR2	2.2.9	05/31/2019
R740XD2	2.2.9	05/31/2019
R840, R940xa	2.2.10	05/31/2019
T640	2.2.9	05/31/2019
C6420, XC6420	2.2.9	05/31/2019
FC640, M640, M640P	2.2.9	05/31/2019
MX740C	2.2.9	05/31/2019
MX840C	2.2.9	05/31/2019
C4140	2.2.9	05/31/2019
T140, T340, R240, R340, NX440	1.2.0	05/31/2019
DSS9600, DSS9620, DS9630	2.2.10	05/31/2019

 

R830	1.10.5	09/10/2019
T130, R230, T330, R330, NX430	2.7.1	09/10/2019
R930	2.7.2	10/2019
R730, R730XD, R630	2.10.5	09/18/2019
NX3330, NX3230, DSMS630, DSMS730	2.10.5	09/10/2019
XC730, XC703XD, XC630	2.10.5	09/2019
C4130	2.10.5	09/06/2019
M630, M630P, FC630	2.10.5	09/06/2019
FC430	2.10.5	09/07/2019
M830, M830P, FC830	2.10.5	09/06/2019
T630	2.10.5	09/10/2019
R530, R430, T430	2.10.5	09/10/2019
XC430, XC430Xpress	2.10.5	09/10/2019
R530XD	1.10.5	09/19/2019
C6320	2.10.5	09/10/2019
XC6320	2.10.5	09/10/2019
C6320P	2.2.0	09/10/2019
T30	1.1.0	09/10/2019
DSS1500, DSS1510, DSS2500	2.10.3	06/27/2019
DSS7500	2.10.3	09/2019

 

R920	1.9.0	10/1/2019
R820	2.6.0	09/24/2019
R520	2.7.0	09/19/2019
R420	2.7.0	09/19/2019
R320, NX400	2.7.0	09/19/2019
T420	2.7.0	09/19/2019
T320	2.7.0	09/19/2019
R220	1.11.0	09/25/2019
R720, R720XD, NX3200, XC720XD	2.8.0	10/1/2019
R620, NX3300	2.8.0	09/09/2019
M820	2.8.0	09/09/2019
M620	2.8.0	09/09/2019
M520	2.8.0	09/09/2019
M420	2.8.0	09/09/2019
T620	2.8.0	09/19/2019
T20	A20	09/06/2019
C5230	1.5.0	09/19/2019
C6220	2.5.7	09/19/2019
C6220II	2.10.0	09/19/2019
C8220, C8220X	2.10.0	09/19/2019