DSA-2019-044: Dell EMC CloudBoost Virtual Appliance Update for Multiple Multiprocessor Side-Channel Vulnerabilities

This advisory addresses the following vulnerabilities:  

• L1 Terminal Fault: SGX
  CVE-2018-3615

• L1 Terminal Fault: OS/SMM
  CVE-2018-3620

• Rogue System Register Read (RSRE)   also known as Variant 3a
  CVE-2018-3640

• L1 Terminal Fault: VMM
  CVE-2018-3646

For more information, please review Intel s security advisories INTEL-SA-00115 and INTEL-SA-00161.

See NVD (http://nvd.nist.gov/) for individual scores for each CVE
 

Affected products: 
Dell EMC Software: Dell EMC Networker with CloudBoost Virtual Appliance 18.1
Dell EMC Software: Dell EMC Networker with CloudBoost Virtual Appliance 18.2
Dell EMC Software: Dell EMC Networker with CloudBoost Virtual Appliance 2.2.3 or earlier
Dell EMC Software: Dell EMC Networker with CloudBoost Physical Appliance 2.2.3 or earlier

Remediation:
The following Dell EMC CloudBoost Virtual Appliance release addresses these vulnerabilities: 

• Dell EMC CloudBoost Virtual Appliance 18.2.0.1

Dell EMC recommends all customers upgrade at the earliest opportunity.

Dell recommends customers to follow security best practices for malware protection to help prevent possible exploitation of these vulnerabilities. These practices include, but are not limited to, promptly deploying software updates, avoiding unknown hyperlinks and websites, never downloading files or applications from unknown sources, and employing up-to-date anti-virus and advanced threat protection solutions.

For more information and access to the various CloudBoost releases, see

• Dell EMC CloudBoost Virtual Appliance:   https://support.emc.com/downloads/38770_CloudBoost-Virtual-Appliance 

Note: CloudBoost Physical Appliance customers interested in receiving security updates should contact customer support to migrate to the CloudBoost Virtual Appliance.  The CloudBoost Virtual Appliance 2.2.3 (or prior) customers should contact customer support to migrate to CloudBoost Virtual Appliance 18.x.