[security bulletin] HPESBHF03805 rev.7 - Certain HPE products using Microprocessors from Intel, AMD, and ARM, with Speculative Execution, Elevation of Privilege and Information Disclosure.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03805en_us

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: hpesbhf03805en_us
Version: 7

HPESBHF03805 rev.7 - Certain HPE products using Microprocessors from Intel,
AMD, and ARM, with Speculative Execution, Elevation of Privilege and
Information Disclosure.

NOTICE: The information in this Security Bulletin should be acted upon as
soon as possible.

Release Date: 2018-01-23
Last Updated: 2018-01-22

Potential Security Impact: Local: Disclosure of Information, Elevation of
Privilege

Source: Hewlett Packard Enterprise, Product Security Response Team

VULNERABILITY SUMMARY
On January 3 2018, side-channel security vulnerabilities involving
speculative execution were publicly disclosed. These vulnerabilities may
impact the listed HPE products, potentially leading to information disclosure
and elevation of privilege. Mitigation and resolution of these
vulnerabilities may call for both an operating system update, provided by the
OS vendor, and a system ROM update from HPE.


**Note:**

  * This issue takes advantage of techniques commonly used in many modern
processor architectures.  
  * For further information, microprocessor vendors have provided security
advisories:
  
    - Intel:
<https://security-center.intel.com/advisory.aspx?intelid=intel-sa-00088&langu
geid=en-fr>
    - AMD: <http://www.amd.com/en/corporate/speculative-execution>
    - ARM: <https://developer.arm.com/support/security-update>

References:

  - CVE-2017-5715 - aka Spectre, branch target injection
  - CVE-2017-5753 - aka Spectre,  bounds check bypass
  - CVE-2017-5754 - aka  Meltdown,  rogue data cache load, memory access
permission check performed after kernel memory read

SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.

  - HPE ProLiant DL380 Gen10 Server  - To be delivered
  - HPE ProLiant DL180 Gen10 Server  - To be delivered
  - HPE ProLiant DL160 Gen10 Server  - To be delivered
  - HPE ProLiant DL360 Gen10 Server - To be delivered
  - HPE ProLiant ML110 Gen10 Server  - To be delivered
  - HPE ProLiant DL580 Gen10 Server  - To be delivered
  - HPE ProLiant DL560 Gen10 Server  - To be delivered
  - HPE ProLiant DL120 Gen10 Server  - To be delivered
  - HPE ProLiant ML350 Gen10 Server  - To be delivered
  - HPE ProLiant XL450 Gen10 Server  - To be delivered
  - HPE Synergy 660 Gen10 Compute Module  - To be delivered
  - HPE ProLiant DL385 Gen10 Server - prior to v1.04 
  - HPE ProLiant XL170r Gen10 Server  - To be delivered
  - HPE ProLiant BL460c Gen10 Server Blade  - To be delivered
  - HPE ProLiant XL190r Gen10 Server  - To be delivered
  - HPE ProLiant XL230k Gen10 Server  - To be delivered
  - HPE Synergy 480 Gen10 Compute Module  - To be delivered
  - HPE ProLiant XL730f Gen9 Server  - To be delivered
  - HPE ProLiant XL230a Gen9 Server  - To be delivered
  - HPE ProLiant XL740f Gen9 Server  - To be delivered
  - HPE ProLiant XL750f Gen9 Server  - To be delivered
  - HPE ProLiant XL170r Gen9 Server - To be delivered
  - HP ProLiant DL60 Gen9 Server - To be delivered
  - HP ProLiant DL160 Gen9 Server - To be delivered
  - HPE ProLiant DL360 Gen9 Server - To be delivered
  - HP ProLiant DL380 Gen9 Server - To be delivered
  - HPE ProLiant XL450 Gen9 Server - To be delivered
  - HPE Apollo 4200 Gen9 Server - To be delivered
  - HP ProLiant BL460c Gen9 Server Blade - To be delivered
  - HP ProLiant ML110 Gen9 Server - To be delivered
  - HP ProLiant ML150 Gen9 Server - To be delivered
  - HPE ProLiant ML350 Gen9 Server - To be delivered
  - HP ProLiant DL120 Gen9 Server - To be delivered
  - HPE ProLiant DL560 Gen9 Server - To be delivered
  - HP ProLiant BL660c Gen9 Server - To be delivered
  - HPE ProLiant ML30 Gen9 Server - To be delivered
  - HPE ProLiant XL170r Gen10 Server - To be delivered
  - HPE ProLiant DL20 Gen9 Server - To be delivered
  - HPE Synergy 660 Gen9 Compute Module - To be delivered
  - HPE Synergy 480 Gen9 Compute Module - To be delivered
  - HPE ProLiant XL250a Gen9 Server - To be delivered
  - HPE ProLiant XL190r Gen9 Server - To be delivered
  - HP ProLiant DL80 Gen9 Server - To be delivered
  - HPE ProLiant DL180 Gen9 Server - To be delivered
  - HPE ProLiant XL270d Gen9 Accelerator Tray 2U Configure-to-order Server -
To be delivered
  - HPE ProLiant WS460c Gen9 Workstation - To be delivered
  - HPE ProLiant XL260a Gen9 Server - To be delivered
  - HPE Synergy 620 Gen9 Compute Module - To be delivered
  - HPE ProLiant DL580 Gen9 Server - To be delivered
  - HP ProLiant XL220a Gen8 v2 Server - To be delivered
  - HPE Synergy 680 Gen9 Compute Module - To be delivered
  - HPE ProLiant m510 Server Cartridge - To be delivered
  - HPE ProLiant m710p Server Cartridge - To be delivered
  - HPE ProLiant m710x Server Cartridge - To be delivered
  - HP ProLiant m710 Server Cartridge - To be delivered
  - HP ProLiant DL980 G7 Server - To be delivered
  - HPE Synergy Composer - To be delivered
  - HPE ProLiant Thin Micro TM200 Server - To be delivered
  - HPE ProLiant ML10 v2 Server - To be delivered
  - HPE ProLiant m350 Server Cartridge - To be delivered
  - HPE ProLiant m300 Server Cartridge - To be delivered
  - HPE ProLiant MicroServer Gen8 - To be delivered
  - HPE ProLiant ML310e Gen8 v2 Server - To be delivered
  - HPE Superdome Flex Server - To be delivered
  - HP 3PAR StoreServ File Controller - To be delivered - v3 impacted
  - HPE StoreVirtual 3000 File Controller - To be delivered
  - HPE StoreEasy 1450 Storage - To be delivered
  - HPE StoreEasy 1550 Storage - To be delivered
  - HPE StoreEasy 1650 Storage - To be delivered
  - HPE StoreEasy 3850 Gateway Storage - To be delivered
  - HPE StoreEasy 1850 Storage - To be delivered
  - HP ConvergedSystem 700 - To be delivered
  - HPE Converged Architecture 700 - To be delivered
  - HP ProLiant DL580 Gen8 Server - To be delivered
  - HPE Cloudline CL2100 Gen10 Server - To be delivered
  - HPE Cloudline CL2200 Gen10 Server - To be delivered
  - HPE Cloudline CL3150 G4 Server - To be delivered
  - HPE Cloudline CL5200 G3 Server - To be delivered
  - HPE Cloudline CL3100 G3 Server - To be delivered
  - HPE Cloudline CL2100 G3 807S 8 SFF Configure-to-order Server - To be
delivered
  - HPE Cloudline CL2100 G3 407S 4 LFF Configure-to-order Server - To be
delivered
  - HPE Cloudline CL2100 G3 806R 8SFF Configure-to-order Server - To be
delivered
  - HPE Cloudline CL2200 G3 1211R 12 LFF Configure-to-order Server - To be
delivered

BACKGROUND

  CVSS Base Metrics
  =================
  Reference, CVSS V3 Score/Vector, CVSS V2 Score/Vector

    CVE-2017-5715
      8.2 CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N
      6.8 (AV:A/AC:L/Au:N/C:C/I:P/A:N)

    CVE-2017-5753
      5.0 CVSS:3.0/AV:A/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L
      5.4 (AV:A/AC:M/Au:N/C:P/I:P/A:P)

    CVE-2017-5754
      7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
      7.8 (AV:N/AC:L/Au:N/C:C/I:N/A:N)

    Information on CVSS is documented in
    HPE Customer Notice HPSN-2008-002 here:

https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c01345499

RESOLUTION

On January 11, Intel announced issues with an increased frequency of reboots
when using the microcodes they released to address Variant 2 of the Spectre
Vulnerability for numerous processors including Broadwell, Haswell, Skylake,
Kaby Lake, Ivybridge, and Sandybridge processors.  Intel has now identified
the root cause of these issues and determined that these microcodes may
introduce reboots and other unpredictable system behavior.  Due to the
severity of the potential issues that may occur when using these microcodes,
Intel is now recommending that customers discontinue their use.  Additional
information is available from Intels Security Exploit Newsroom here:
<https://newsroom.intel.com/press-kits/security-exploits-intel-products/> . 
HPE is in alignment with Intel in our recommendation that customers
discontinue use of System ROMs including impacted microcodes and revert to
earlier System ROM versions.  

All System ROMs including impacted microcodes have been removed from the HPE
Support Site.  This impacts HPE ProLiant and Synergy Gen10, Gen9, and Gen8 v2
servers as well as HPE Superdome servers for which updated System ROMs had
previously been made available.  Intel is working on updated microcodes to
address these issues, and HPE will validate updated System ROMs including
these microcodes and make them available to our customers in the coming
weeks.  

Mitigations for Variant 1 (Spectre) and Variant 3 (Meltdown) vulnerabilities
require only OS updates and are not impacted.

  * HPE has provided a customer bulletin
<https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-a00039267en_us>
with specific instructions to obtain the udpated sytem ROM
  
  - Note:
   
    + CVE-2017-5715 (Variant 2) requires that the System ROM be updated and a
vendor supplied operating system update be applied as well.
    + For CVE-2017-5753, CVE-2017-5754 (Variants 1 and 3) require only
updates of a vendor supplied operating system.
    + HPE will continue to add additional products to the list.

HISTORY

Version:1 (rev.1) - 4 January 2018 Initial release

Version:2 (rev.2) - 5 January 2018 Added additional impacted products

Version:3 (rev.3) - 10 January 2018 Added  more impacted products

Version:4 (rev.4) - 9 January 2018 Fixed product ID

Version:5 (rev.5) - 18 January 2018 Added additional impacted products

Version:6 (rev.6) - 19 January 2018 updated impacted product list

Version:7 (rev.7) - 23 January 2018 Marked impacted products with TBD for
System ROM updates per Intel's guidance on microcode issues


Third Party Security Patches: Third party security patches that are to be
installed on systems running Hewlett Packard Enterprise (HPE) software
products should be applied in accordance with the customer's patch management
policy.

Support: For issues about implementing the recommendations of this Security
Bulletin, contact normal HPE Services support channel. For other issues about
the content of this Security Bulletin, send e-mail to security-alert@xxxxxxx.

Report: To report a potential security vulnerability for any HPE supported
product:
  Web form: https://www.hpe.com/info/report-security-vulnerability
  Email: security-alert@xxxxxxx

Subscribe: To initiate a subscription to receive future HPE Security Bulletin
alerts via Email: http://www.hpe.com/support/Subscriber_Choice

Security Bulletin Archive: A list of recently released Security Bulletins is
available here: http://www.hpe.com/support/Security_Bulletin_Archive

Software Product Category: The Software Product Category is represented in
the title by the two characters following HPSB.

3C = 3COM
3P = 3rd Party Software
GN = HPE General Software
HF = HPE Hardware and Firmware
MU = Multi-Platform Software
NS = NonStop Servers
OV = OpenVMS
PV = ProCurve
ST = Storage Software
UX = HP-UX

Copyright 2016 Hewlett Packard Enterprise

Hewlett Packard Enterprise shall not be liable for technical or editorial
errors or omissions contained herein. The information provided is provided
"as is" without warranty of any kind. To the extent permitted by law, neither
HP or its affiliates, subcontractors or suppliers will be liable for
incidental,special or consequential damages including downtime cost; lost
profits; damages relating to the procurement of substitute products or
services; or damages for loss of data, or software restoration. The
information in this document is subject to change without notice. Hewlett
Packard Enterprise and the names of Hewlett Packard Enterprise products
referenced herein are trademarks of Hewlett Packard Enterprise in the United
States and other countries. Other product and company names mentioned herein
may be trademarks of their respective owners.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQEcBAEBCAAGBQJaZmndAAoJELXhAxt7SZai9L8H/2snIlz/5gjgRTTCCcGjoa7j
oa/PvcBPTqj+SD24B4XK8VY7X7bOU4GUPPMqDcoEpfdg1cNcEir94HYH2ATTMIFb
xQL/cHssrXin9qpGOr8WQvN1438f0nUTL9j02JnI7yECy/HbrOuS8te/wjGNXfei
a8XKWgdvpe5zkv+lIknYkp0U60XE6H47Ts+NnxMOmyMYaMDLFX6gPH0bsWvmPNbA
BVgUZumbCaQEOG/ZeMRDSuEs8zJ5L96EtihoeBYLr7OAfjUPnhqRs2CJWNXzBd7f
DUYirDEwaRgcHIIGdbwITmIFnkmoezbBDQTTNnzAKw0fMbm5WH6107cZl/j9IjI=
=ljP8
-----END PGP SIGNATURE-----




[Index of Archives]     [Linux Security]     [Netfilter]     [PHP]     [Yosemite News]     [Linux Kernel]

  Powered by Linux