-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Note: the current version of the following document is available here: https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03805en_us SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: hpesbhf03805en_us Version: 7 HPESBHF03805 rev.7 - Certain HPE products using Microprocessors from Intel, AMD, and ARM, with Speculative Execution, Elevation of Privilege and Information Disclosure. NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. Release Date: 2018-01-23 Last Updated: 2018-01-22 Potential Security Impact: Local: Disclosure of Information, Elevation of Privilege Source: Hewlett Packard Enterprise, Product Security Response Team VULNERABILITY SUMMARY On January 3 2018, side-channel security vulnerabilities involving speculative execution were publicly disclosed. These vulnerabilities may impact the listed HPE products, potentially leading to information disclosure and elevation of privilege. Mitigation and resolution of these vulnerabilities may call for both an operating system update, provided by the OS vendor, and a system ROM update from HPE. **Note:** * This issue takes advantage of techniques commonly used in many modern processor architectures. * For further information, microprocessor vendors have provided security advisories: - Intel: <https://security-center.intel.com/advisory.aspx?intelid=intel-sa-00088&langu geid=en-fr> - AMD: <http://www.amd.com/en/corporate/speculative-execution> - ARM: <https://developer.arm.com/support/security-update> References: - CVE-2017-5715 - aka Spectre, branch target injection - CVE-2017-5753 - aka Spectre, bounds check bypass - CVE-2017-5754 - aka Meltdown, rogue data cache load, memory access permission check performed after kernel memory read SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. - HPE ProLiant DL380 Gen10 Server - To be delivered - HPE ProLiant DL180 Gen10 Server - To be delivered - HPE ProLiant DL160 Gen10 Server - To be delivered - HPE ProLiant DL360 Gen10 Server - To be delivered - HPE ProLiant ML110 Gen10 Server - To be delivered - HPE ProLiant DL580 Gen10 Server - To be delivered - HPE ProLiant DL560 Gen10 Server - To be delivered - HPE ProLiant DL120 Gen10 Server - To be delivered - HPE ProLiant ML350 Gen10 Server - To be delivered - HPE ProLiant XL450 Gen10 Server - To be delivered - HPE Synergy 660 Gen10 Compute Module - To be delivered - HPE ProLiant DL385 Gen10 Server - prior to v1.04 - HPE ProLiant XL170r Gen10 Server - To be delivered - HPE ProLiant BL460c Gen10 Server Blade - To be delivered - HPE ProLiant XL190r Gen10 Server - To be delivered - HPE ProLiant XL230k Gen10 Server - To be delivered - HPE Synergy 480 Gen10 Compute Module - To be delivered - HPE ProLiant XL730f Gen9 Server - To be delivered - HPE ProLiant XL230a Gen9 Server - To be delivered - HPE ProLiant XL740f Gen9 Server - To be delivered - HPE ProLiant XL750f Gen9 Server - To be delivered - HPE ProLiant XL170r Gen9 Server - To be delivered - HP ProLiant DL60 Gen9 Server - To be delivered - HP ProLiant DL160 Gen9 Server - To be delivered - HPE ProLiant DL360 Gen9 Server - To be delivered - HP ProLiant DL380 Gen9 Server - To be delivered - HPE ProLiant XL450 Gen9 Server - To be delivered - HPE Apollo 4200 Gen9 Server - To be delivered - HP ProLiant BL460c Gen9 Server Blade - To be delivered - HP ProLiant ML110 Gen9 Server - To be delivered - HP ProLiant ML150 Gen9 Server - To be delivered - HPE ProLiant ML350 Gen9 Server - To be delivered - HP ProLiant DL120 Gen9 Server - To be delivered - HPE ProLiant DL560 Gen9 Server - To be delivered - HP ProLiant BL660c Gen9 Server - To be delivered - HPE ProLiant ML30 Gen9 Server - To be delivered - HPE ProLiant XL170r Gen10 Server - To be delivered - HPE ProLiant DL20 Gen9 Server - To be delivered - HPE Synergy 660 Gen9 Compute Module - To be delivered - HPE Synergy 480 Gen9 Compute Module - To be delivered - HPE ProLiant XL250a Gen9 Server - To be delivered - HPE ProLiant XL190r Gen9 Server - To be delivered - HP ProLiant DL80 Gen9 Server - To be delivered - HPE ProLiant DL180 Gen9 Server - To be delivered - HPE ProLiant XL270d Gen9 Accelerator Tray 2U Configure-to-order Server - To be delivered - HPE ProLiant WS460c Gen9 Workstation - To be delivered - HPE ProLiant XL260a Gen9 Server - To be delivered - HPE Synergy 620 Gen9 Compute Module - To be delivered - HPE ProLiant DL580 Gen9 Server - To be delivered - HP ProLiant XL220a Gen8 v2 Server - To be delivered - HPE Synergy 680 Gen9 Compute Module - To be delivered - HPE ProLiant m510 Server Cartridge - To be delivered - HPE ProLiant m710p Server Cartridge - To be delivered - HPE ProLiant m710x Server Cartridge - To be delivered - HP ProLiant m710 Server Cartridge - To be delivered - HP ProLiant DL980 G7 Server - To be delivered - HPE Synergy Composer - To be delivered - HPE ProLiant Thin Micro TM200 Server - To be delivered - HPE ProLiant ML10 v2 Server - To be delivered - HPE ProLiant m350 Server Cartridge - To be delivered - HPE ProLiant m300 Server Cartridge - To be delivered - HPE ProLiant MicroServer Gen8 - To be delivered - HPE ProLiant ML310e Gen8 v2 Server - To be delivered - HPE Superdome Flex Server - To be delivered - HP 3PAR StoreServ File Controller - To be delivered - v3 impacted - HPE StoreVirtual 3000 File Controller - To be delivered - HPE StoreEasy 1450 Storage - To be delivered - HPE StoreEasy 1550 Storage - To be delivered - HPE StoreEasy 1650 Storage - To be delivered - HPE StoreEasy 3850 Gateway Storage - To be delivered - HPE StoreEasy 1850 Storage - To be delivered - HP ConvergedSystem 700 - To be delivered - HPE Converged Architecture 700 - To be delivered - HP ProLiant DL580 Gen8 Server - To be delivered - HPE Cloudline CL2100 Gen10 Server - To be delivered - HPE Cloudline CL2200 Gen10 Server - To be delivered - HPE Cloudline CL3150 G4 Server - To be delivered - HPE Cloudline CL5200 G3 Server - To be delivered - HPE Cloudline CL3100 G3 Server - To be delivered - HPE Cloudline CL2100 G3 807S 8 SFF Configure-to-order Server - To be delivered - HPE Cloudline CL2100 G3 407S 4 LFF Configure-to-order Server - To be delivered - HPE Cloudline CL2100 G3 806R 8SFF Configure-to-order Server - To be delivered - HPE Cloudline CL2200 G3 1211R 12 LFF Configure-to-order Server - To be delivered BACKGROUND CVSS Base Metrics ================= Reference, CVSS V3 Score/Vector, CVSS V2 Score/Vector CVE-2017-5715 8.2 CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N 6.8 (AV:A/AC:L/Au:N/C:C/I:P/A:N) CVE-2017-5753 5.0 CVSS:3.0/AV:A/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L 5.4 (AV:A/AC:M/Au:N/C:P/I:P/A:P) CVE-2017-5754 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 7.8 (AV:N/AC:L/Au:N/C:C/I:N/A:N) Information on CVSS is documented in HPE Customer Notice HPSN-2008-002 here: https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c01345499 RESOLUTION On January 11, Intel announced issues with an increased frequency of reboots when using the microcodes they released to address Variant 2 of the Spectre Vulnerability for numerous processors including Broadwell, Haswell, Skylake, Kaby Lake, Ivybridge, and Sandybridge processors. Intel has now identified the root cause of these issues and determined that these microcodes may introduce reboots and other unpredictable system behavior. Due to the severity of the potential issues that may occur when using these microcodes, Intel is now recommending that customers discontinue their use. Additional information is available from Intels Security Exploit Newsroom here: <https://newsroom.intel.com/press-kits/security-exploits-intel-products/> . HPE is in alignment with Intel in our recommendation that customers discontinue use of System ROMs including impacted microcodes and revert to earlier System ROM versions. All System ROMs including impacted microcodes have been removed from the HPE Support Site. This impacts HPE ProLiant and Synergy Gen10, Gen9, and Gen8 v2 servers as well as HPE Superdome servers for which updated System ROMs had previously been made available. Intel is working on updated microcodes to address these issues, and HPE will validate updated System ROMs including these microcodes and make them available to our customers in the coming weeks. Mitigations for Variant 1 (Spectre) and Variant 3 (Meltdown) vulnerabilities require only OS updates and are not impacted. * HPE has provided a customer bulletin <https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-a00039267en_us> with specific instructions to obtain the udpated sytem ROM - Note: + CVE-2017-5715 (Variant 2) requires that the System ROM be updated and a vendor supplied operating system update be applied as well. + For CVE-2017-5753, CVE-2017-5754 (Variants 1 and 3) require only updates of a vendor supplied operating system. + HPE will continue to add additional products to the list. HISTORY Version:1 (rev.1) - 4 January 2018 Initial release Version:2 (rev.2) - 5 January 2018 Added additional impacted products Version:3 (rev.3) - 10 January 2018 Added more impacted products Version:4 (rev.4) - 9 January 2018 Fixed product ID Version:5 (rev.5) - 18 January 2018 Added additional impacted products Version:6 (rev.6) - 19 January 2018 updated impacted product list Version:7 (rev.7) - 23 January 2018 Marked impacted products with TBD for System ROM updates per Intel's guidance on microcode issues Third Party Security Patches: Third party security patches that are to be installed on systems running Hewlett Packard Enterprise (HPE) software products should be applied in accordance with the customer's patch management policy. Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HPE Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@xxxxxxx. Report: To report a potential security vulnerability for any HPE supported product: Web form: https://www.hpe.com/info/report-security-vulnerability Email: security-alert@xxxxxxx Subscribe: To initiate a subscription to receive future HPE Security Bulletin alerts via Email: http://www.hpe.com/support/Subscriber_Choice Security Bulletin Archive: A list of recently released Security Bulletins is available here: http://www.hpe.com/support/Security_Bulletin_Archive Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB. 3C = 3COM 3P = 3rd Party Software GN = HPE General Software HF = HPE Hardware and Firmware MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PV = ProCurve ST = Storage Software UX = HP-UX Copyright 2016 Hewlett Packard Enterprise Hewlett Packard Enterprise shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett Packard Enterprise and the names of Hewlett Packard Enterprise products referenced herein are trademarks of Hewlett Packard Enterprise in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQEcBAEBCAAGBQJaZmndAAoJELXhAxt7SZai9L8H/2snIlz/5gjgRTTCCcGjoa7j oa/PvcBPTqj+SD24B4XK8VY7X7bOU4GUPPMqDcoEpfdg1cNcEir94HYH2ATTMIFb xQL/cHssrXin9qpGOr8WQvN1438f0nUTL9j02JnI7yECy/HbrOuS8te/wjGNXfei a8XKWgdvpe5zkv+lIknYkp0U60XE6H47Ts+NnxMOmyMYaMDLFX6gPH0bsWvmPNbA BVgUZumbCaQEOG/ZeMRDSuEs8zJ5L96EtihoeBYLr7OAfjUPnhqRs2CJWNXzBd7f DUYirDEwaRgcHIIGdbwITmIFnkmoezbBDQTTNnzAKw0fMbm5WH6107cZl/j9IjI= =ljP8 -----END PGP SIGNATURE-----