BugTraq
[security bulletin] HPESBHF03805 rev.5 - Certain HPE products using Microprocessors from Intel, AMD, and ARM, with Speculative Execution, Elevation of Privilege and Information Disclosure. Jan 17 2018 10:25PM
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Note: the current version of the following document is available here:

https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf
03805en_us

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: hpesbhf03805en_us

Version: 5

HPESBHF03805 rev.5 - Certain HPE products using Microprocessors from Intel,

AMD, and ARM, with Speculative Execution, Elevation of Privilege and

Information Disclosure.

NOTICE: The information in this Security Bulletin should be acted upon as

soon as possible.

Release Date: 2018-01-18

Last Updated: 2018-01-17

Potential Security Impact: Local: Disclosure of Information, Elevation of

Privilege

Source: Hewlett Packard Enterprise, Product Security Response Team

VULNERABILITY SUMMARY

On January 3 2018, side-channel security vulnerabilities involving

speculative execution were publicly disclosed. These vulnerabilities may

impact the listed HPE products, potentially leading to information disclosure

and elevation of privilege. Mitigation and resolution of these

vulnerabilities may call for both an operating system update, provided by the

OS vendor, and a system ROM update from HPE.

**Note:**

* This issue takes advantage of techniques commonly used in many modern

processor architectures.

* For further information, microprocessor vendors have provided security

advisories:

- Intel:

<https://security-center.intel.com/advisory.aspx?intelid=intel-sa-00088&
langu

geid=en-fr>

- AMD: <http://www.amd.com/en/corporate/speculative-execution>

- ARM: <https://developer.arm.com/support/security-update>

References:

- PSRT110635

- PSRT110634

- PSRT110633

- PSRT110632

- CVE-2017-5715 - aka Spectre, branch target injection

- CVE-2017-5753 - aka Spectre, bounds check bypass

- CVE-2017-5754 - aka Meltdown, rogue data cache load, memory access

permission check performed after kernel memory read

SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.

- HPE ProLiant DL380 Gen10 Server prior to v1.28

- HPE ProLiant DL180 Gen10 Server prior to v1.28

- HPE ProLiant DL160 Gen10 Server prior to v1.28

- HPE ProLiant DL360 Gen10 Server prior to v1.28

- HPE ProLiant ML110 Gen10 Server prior to v1.28

- HPE ProLiant DL580 Gen10 Server prior to v1.28

- HPE ProLiant DL560 Gen10 Server prior to v1.28

- HPE ProLiant DL120 Gen10 Server prior to v1.28

- HPE ProLiant ML350 Gen10 Server prior to v1.28

- HPE ProLiant XL450 Gen10 Server prior to v1.28

- HPE Synergy 660 Gen10 Compute Module prior to v1.28

- HPE ProLiant XL170r Gen10 Server prior to v1.28

- HPE ProLiant BL460c Gen10 Server Blade prior to v1.28

- HPE ProLiant XL190r Gen10 Server prior to v1.28

- HPE ProLiant XL230k Gen10 Server prior to v1.28

- HPE ProLiant DL385 Gen10 Server prior to v1.04

- HPE Synergy 480 Gen10 Compute Module prior to v1.28

- HPE ProLiant ML350 Gen10 Server prior to v1.28

- HPE ProLiant XL730f Gen9 Server To be delivered

- HPE ProLiant XL230a Gen9 Server To be delivered

- HPE ProLiant XL740f Gen9 Server To be delivered

- HPE ProLiant XL750f Gen9 Server To be delivered

- HPE ProLiant XL170r Gen9 Server To be delivered

- HP ProLiant DL60 Gen9 Server To be delivered

- HPE ProLiant XL450 Gen9 Server To be delivered

- HP ProLiant DL160 Gen9 Server To be delivered

- HPE Apollo 4200 Gen9 Server To be delivered

- HP ProLiant BL460c Gen9 Server Blade To be delivered

- HP ProLiant ML110 Gen9 Server To be delivered

- HP ProLiant ML150 Gen9 Server To be delivered

- HPE ProLiant ML350 Gen9 Server To be delivered

- HP ProLiant DL380 Gen9 Server To be delivered

- HP ProLiant DL120 Gen9 Server To be delivered

- HPE ProLiant DL560 Gen9 Server To be delivered

- HP ProLiant BL660c Gen9 Server To be delivered

- HPE ProLiant DL20 Gen9 Server To be delivered

- HPE Synergy 660 Gen9 Compute Module To be delivered

- HPE Synergy 480 Gen9 Compute Module To be delivered

- HPE ProLiant ML30 Gen9 Server To be delivered

- HPE ProLiant XL250a Gen9 Server To be delivered

- HPE ProLiant XL190r Gen9 Server To be delivered

- HP ProLiant DL80 Gen9 Server To be delivered

- HPE ProLiant DL180 Gen9 Server To be delivered

- HPE ProLiant XL270d Gen9 Accelerator Tray 2U Configure-to-order Server To

be delivered

- HPE ProLiant WS460c Gen9 Workstation To be delivered

- HPE ProLiant XL260a Gen9 Server To be delivered

- HPE Synergy 620 Gen9 Compute Module To be delivered

- HPE ProLiant DL580 Gen9 Server To be delivered

- HPE Synergy 680 Gen9 Compute Module To be delivered

- HPE ProLiant m510 Server Cartridge prior to v1.62

- HPE ProLiant m710p Server Cartridge prior to v12/12/2017

- HPE ProLiant m710x Server Cartridge prior to v1.60

- HP ProLiant m710 Server Cartridge prior to 12/12/2017 (v1.60)

- HPE Synergy Composer prior to 12/12/2017

- HPE Integrity Superdome X with BL920s Blades prior to 8.8.6

- HP ProLiant DL360 Gen9 Server prior to 2.3.110

- HPE ProLiant Thin Micro TM200 Server prior to 1/16/2017

- HPE ProLiant ML10 v2 Server prior to 12/12/2017

- HPE ProLiant m350 Server Cartridge prior to v1/15/2018

- HPE ProLiant m300 Server Cartridge prior to v1/15/2018

- HPE ProLiant MicroServer Gen8 prior to 12/12/2017

- HPE ProLiant ML310e Gen8 v2 Server prior to v12/12/2017

BACKGROUND

CVSS Base Metrics

=================

Reference, CVSS V3 Score/Vector, CVSS V2 Score/Vector

CVE-2017-5715

8.2 CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N

6.8 (AV:A/AC:L/Au:N/C:C/I:P/A:N)

CVE-2017-5753

5.0 CVSS:3.0/AV:A/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L

5.4 (AV:A/AC:M/Au:N/C:P/I:P/A:P)

CVE-2017-5754

7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

7.8 (AV:N/AC:L/Au:N/C:C/I:N/A:N)

Information on CVSS is documented in

HPE Customer Notice HPSN-2008-002 here:

https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c013454
99

RESOLUTION

HPE has made the following system ROM updates which include an updated

microcode to resolve the vulnerability:

* HPE has provided a customer bulletin

<https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-a00039267e
n_us>

with specific instructions to obtain the udpated sytem ROM

- Note:

+ CVE-2017-5715 (Variant 2) requires that the System ROM be updated and a

vendor supplied operating system update be applied as well.

+ For CVE-2017-5753, CVE-2017-5754 (Variants 1 and 3) require only

updates of a vendor supplied operating system.

+ HPE will continue to add additional products to the list.

HISTORY

Version:1 (rev.1) - 4 January 2018 Initial release

Version:2 (rev.2) - 5 January 2018 Added additional impacted products

Version:3 (rev.3) - 10 January 2018 Added more impacted products

Version:4 (rev.4) - 9 January 2018 Fixed product ID

Version:5 (rev.5) - 18 January 2018 Added additional impacted products

Third Party Security Patches: Third party security patches that are to be

installed on systems running Hewlett Packard Enterprise (HPE) software

products should be applied in accordance with the customer's patch management

policy.

Support: For issues about implementing the recommendations of this Security

Bulletin, contact normal HPE Services support channel. For other issues about

the content of this Security Bulletin, send e-mail to security-alert (at) hpe (dot) com. [email concealed]

Report: To report a potential security vulnerability for any HPE supported

product:

Web form: https://www.hpe.com/info/report-security-vulnerability

Email: security-alert (at) hpe (dot) com [email concealed]

Subscribe: To initiate a subscription to receive future HPE Security Bulletin

alerts via Email: http://www.hpe.com/support/Subscriber_Choice

Security Bulletin Archive: A list of recently released Security Bulletins is

available here: http://www.hpe.com/support/Security_Bulletin_Archive

Software Product Category: The Software Product Category is represented in

the title by the two characters following HPSB.

3C = 3COM

3P = 3rd Party Software

GN = HPE General Software

HF = HPE Hardware and Firmware

MU = Multi-Platform Software

NS = NonStop Servers

OV = OpenVMS

PV = ProCurve

ST = Storage Software

UX = HP-UX

Copyright 2016 Hewlett Packard Enterprise

Hewlett Packard Enterprise shall not be liable for technical or editorial

errors or omissions contained herein. The information provided is provided

"as is" without warranty of any kind. To the extent permitted by law, neither

HP or its affiliates, subcontractors or suppliers will be liable for

incidental,special or consequential damages including downtime cost; lost

profits; damages relating to the procurement of substitute products or

services; or damages for loss of data, or software restoration. The

information in this document is subject to change without notice. Hewlett

Packard Enterprise and the names of Hewlett Packard Enterprise products

referenced herein are trademarks of Hewlett Packard Enterprise in the United

States and other countries. Other product and company names mentioned herein

may be trademarks of their respective owners.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQEcBAEBCAAGBQJaX809AAoJELXhAxt7SZai9C8H/irLiLD9JNMwI+j9jHL4pHZD
2BxfUshV8rkgezqbXe4VWz2QgZDuV6M20ImKs5lLvaQdLYSe2XCZDW7vFqm0AeAW
T4wg9wL4OCo9hLy9xMtWpTL1rcfua0axuXijQZK/TdmPPeus72vqRIzEvROa3T8E
A85yt8bSQBznw1mBat0BE6rTqXj0mNI08Xc1Q5Ayco4qNbPU4lgWmw67hu0YViGN
/8dgUiqhfqmgL4HRYcx7PK78UzvojZX9ZjBvdr6nshknoKwSA9AmwIhMVYE7VOf3
F1PxcJrR9dLH0sqh/JpQnxckGrlTVeoVhqs6+4JmfliO6+Tw5ZNspxwUBE5jO98=
=mOku
-----END PGP SIGNATURE-----

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus