BugTraq
[security bulletin] HPESBHF03805 rev.7 - Certain HPE products using Microprocessors from Intel, AMD, and ARM, with Speculative Execution, Elevation of Privilege and Information Disclosure. Jan 22 2018 10:47PM
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Note: the current version of the following document is available here:

https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf
03805en_us

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: hpesbhf03805en_us

Version: 7

HPESBHF03805 rev.7 - Certain HPE products using Microprocessors from Intel,

AMD, and ARM, with Speculative Execution, Elevation of Privilege and

Information Disclosure.

NOTICE: The information in this Security Bulletin should be acted upon as

soon as possible.

Release Date: 2018-01-23

Last Updated: 2018-01-22

Potential Security Impact: Local: Disclosure of Information, Elevation of

Privilege

Source: Hewlett Packard Enterprise, Product Security Response Team

VULNERABILITY SUMMARY

On January 3 2018, side-channel security vulnerabilities involving

speculative execution were publicly disclosed. These vulnerabilities may

impact the listed HPE products, potentially leading to information disclosure

and elevation of privilege. Mitigation and resolution of these

vulnerabilities may call for both an operating system update, provided by the

OS vendor, and a system ROM update from HPE.

**Note:**

* This issue takes advantage of techniques commonly used in many modern

processor architectures.

* For further information, microprocessor vendors have provided security

advisories:

- Intel:

<https://security-center.intel.com/advisory.aspx?intelid=intel-sa-00088&
langu

geid=en-fr>

- AMD: <http://www.amd.com/en/corporate/speculative-execution>

- ARM: <https://developer.arm.com/support/security-update>

References:

- CVE-2017-5715 - aka Spectre, branch target injection

- CVE-2017-5753 - aka Spectre, bounds check bypass

- CVE-2017-5754 - aka Meltdown, rogue data cache load, memory access

permission check performed after kernel memory read

SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.

- HPE ProLiant DL380 Gen10 Server - To be delivered

- HPE ProLiant DL180 Gen10 Server - To be delivered

- HPE ProLiant DL160 Gen10 Server - To be delivered

- HPE ProLiant DL360 Gen10 Server - To be delivered

- HPE ProLiant ML110 Gen10 Server - To be delivered

- HPE ProLiant DL580 Gen10 Server - To be delivered

- HPE ProLiant DL560 Gen10 Server - To be delivered

- HPE ProLiant DL120 Gen10 Server - To be delivered

- HPE ProLiant ML350 Gen10 Server - To be delivered

- HPE ProLiant XL450 Gen10 Server - To be delivered

- HPE Synergy 660 Gen10 Compute Module - To be delivered

- HPE ProLiant DL385 Gen10 Server - prior to v1.04

- HPE ProLiant XL170r Gen10 Server - To be delivered

- HPE ProLiant BL460c Gen10 Server Blade - To be delivered

- HPE ProLiant XL190r Gen10 Server - To be delivered

- HPE ProLiant XL230k Gen10 Server - To be delivered

- HPE Synergy 480 Gen10 Compute Module - To be delivered

- HPE ProLiant XL730f Gen9 Server - To be delivered

- HPE ProLiant XL230a Gen9 Server - To be delivered

- HPE ProLiant XL740f Gen9 Server - To be delivered

- HPE ProLiant XL750f Gen9 Server - To be delivered

- HPE ProLiant XL170r Gen9 Server - To be delivered

- HP ProLiant DL60 Gen9 Server - To be delivered

- HP ProLiant DL160 Gen9 Server - To be delivered

- HPE ProLiant DL360 Gen9 Server - To be delivered

- HP ProLiant DL380 Gen9 Server - To be delivered

- HPE ProLiant XL450 Gen9 Server - To be delivered

- HPE Apollo 4200 Gen9 Server - To be delivered

- HP ProLiant BL460c Gen9 Server Blade - To be delivered

- HP ProLiant ML110 Gen9 Server - To be delivered

- HP ProLiant ML150 Gen9 Server - To be delivered

- HPE ProLiant ML350 Gen9 Server - To be delivered

- HP ProLiant DL120 Gen9 Server - To be delivered

- HPE ProLiant DL560 Gen9 Server - To be delivered

- HP ProLiant BL660c Gen9 Server - To be delivered

- HPE ProLiant ML30 Gen9 Server - To be delivered

- HPE ProLiant XL170r Gen10 Server - To be delivered

- HPE ProLiant DL20 Gen9 Server - To be delivered

- HPE Synergy 660 Gen9 Compute Module - To be delivered

- HPE Synergy 480 Gen9 Compute Module - To be delivered

- HPE ProLiant XL250a Gen9 Server - To be delivered

- HPE ProLiant XL190r Gen9 Server - To be delivered

- HP ProLiant DL80 Gen9 Server - To be delivered

- HPE ProLiant DL180 Gen9 Server - To be delivered

- HPE ProLiant XL270d Gen9 Accelerator Tray 2U Configure-to-order Server -

To be delivered

- HPE ProLiant WS460c Gen9 Workstation - To be delivered

- HPE ProLiant XL260a Gen9 Server - To be delivered

- HPE Synergy 620 Gen9 Compute Module - To be delivered

- HPE ProLiant DL580 Gen9 Server - To be delivered

- HP ProLiant XL220a Gen8 v2 Server - To be delivered

- HPE Synergy 680 Gen9 Compute Module - To be delivered

- HPE ProLiant m510 Server Cartridge - To be delivered

- HPE ProLiant m710p Server Cartridge - To be delivered

- HPE ProLiant m710x Server Cartridge - To be delivered

- HP ProLiant m710 Server Cartridge - To be delivered

- HP ProLiant DL980 G7 Server - To be delivered

- HPE Synergy Composer - To be delivered

- HPE ProLiant Thin Micro TM200 Server - To be delivered

- HPE ProLiant ML10 v2 Server - To be delivered

- HPE ProLiant m350 Server Cartridge - To be delivered

- HPE ProLiant m300 Server Cartridge - To be delivered

- HPE ProLiant MicroServer Gen8 - To be delivered

- HPE ProLiant ML310e Gen8 v2 Server - To be delivered

- HPE Superdome Flex Server - To be delivered

- HP 3PAR StoreServ File Controller - To be delivered - v3 impacted

- HPE StoreVirtual 3000 File Controller - To be delivered

- HPE StoreEasy 1450 Storage - To be delivered

- HPE StoreEasy 1550 Storage - To be delivered

- HPE StoreEasy 1650 Storage - To be delivered

- HPE StoreEasy 3850 Gateway Storage - To be delivered

- HPE StoreEasy 1850 Storage - To be delivered

- HP ConvergedSystem 700 - To be delivered

- HPE Converged Architecture 700 - To be delivered

- HP ProLiant DL580 Gen8 Server - To be delivered

- HPE Cloudline CL2100 Gen10 Server - To be delivered

- HPE Cloudline CL2200 Gen10 Server - To be delivered

- HPE Cloudline CL3150 G4 Server - To be delivered

- HPE Cloudline CL5200 G3 Server - To be delivered

- HPE Cloudline CL3100 G3 Server - To be delivered

- HPE Cloudline CL2100 G3 807S 8 SFF Configure-to-order Server - To be

delivered

- HPE Cloudline CL2100 G3 407S 4 LFF Configure-to-order Server - To be

delivered

- HPE Cloudline CL2100 G3 806R 8SFF Configure-to-order Server - To be

delivered

- HPE Cloudline CL2200 G3 1211R 12 LFF Configure-to-order Server - To be

delivered

BACKGROUND

CVSS Base Metrics

=================

Reference, CVSS V3 Score/Vector, CVSS V2 Score/Vector

CVE-2017-5715

8.2 CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N

6.8 (AV:A/AC:L/Au:N/C:C/I:P/A:N)

CVE-2017-5753

5.0 CVSS:3.0/AV:A/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L

5.4 (AV:A/AC:M/Au:N/C:P/I:P/A:P)

CVE-2017-5754

7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

7.8 (AV:N/AC:L/Au:N/C:C/I:N/A:N)

Information on CVSS is documented in

HPE Customer Notice HPSN-2008-002 here:

https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c013454
99

RESOLUTION

On January 11, Intel announced issues with an increased frequency of reboots

when using the microcodes they released to address Variant 2 of the Spectre

Vulnerability for numerous processors including Broadwell, Haswell, Skylake,

Kaby Lake, Ivybridge, and Sandybridge processors. Intel has now identified

the root cause of these issues and determined that these microcodes may

introduce reboots and other unpredictable system behavior. Due to the

severity of the potential issues that may occur when using these microcodes,

Intel is now recommending that customers discontinue their use. Additional

information is available from Intels Security Exploit Newsroom here:

<https://newsroom.intel.com/press-kits/security-exploits-intel-products/
> .

HPE is in alignment with Intel in our recommendation that customers

discontinue use of System ROMs including impacted microcodes and revert to

earlier System ROM versions.

All System ROMs including impacted microcodes have been removed from the HPE

Support Site. This impacts HPE ProLiant and Synergy Gen10, Gen9, and Gen8 v2

servers as well as HPE Superdome servers for which updated System ROMs had

previously been made available. Intel is working on updated microcodes to

address these issues, and HPE will validate updated System ROMs including

these microcodes and make them available to our customers in the coming

weeks.

Mitigations for Variant 1 (Spectre) and Variant 3 (Meltdown) vulnerabilities

require only OS updates and are not impacted.

* HPE has provided a customer bulletin

<https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-a00039267e
n_us>

with specific instructions to obtain the udpated sytem ROM

- Note:

+ CVE-2017-5715 (Variant 2) requires that the System ROM be updated and a

vendor supplied operating system update be applied as well.

+ For CVE-2017-5753, CVE-2017-5754 (Variants 1 and 3) require only

updates of a vendor supplied operating system.

+ HPE will continue to add additional products to the list.

HISTORY

Version:1 (rev.1) - 4 January 2018 Initial release

Version:2 (rev.2) - 5 January 2018 Added additional impacted products

Version:3 (rev.3) - 10 January 2018 Added more impacted products

Version:4 (rev.4) - 9 January 2018 Fixed product ID

Version:5 (rev.5) - 18 January 2018 Added additional impacted products

Version:6 (rev.6) - 19 January 2018 updated impacted product list

Version:7 (rev.7) - 23 January 2018 Marked impacted products with TBD for

System ROM updates per Intel's guidance on microcode issues

Third Party Security Patches: Third party security patches that are to be

installed on systems running Hewlett Packard Enterprise (HPE) software

products should be applied in accordance with the customer's patch management

policy.

Support: For issues about implementing the recommendations of this Security

Bulletin, contact normal HPE Services support channel. For other issues about

the content of this Security Bulletin, send e-mail to security-alert (at) hpe (dot) com. [email concealed]

Report: To report a potential security vulnerability for any HPE supported

product:

Web form: https://www.hpe.com/info/report-security-vulnerability

Email: security-alert (at) hpe (dot) com [email concealed]

Subscribe: To initiate a subscription to receive future HPE Security Bulletin

alerts via Email: http://www.hpe.com/support/Subscriber_Choice

Security Bulletin Archive: A list of recently released Security Bulletins is

available here: http://www.hpe.com/support/Security_Bulletin_Archive

Software Product Category: The Software Product Category is represented in

the title by the two characters following HPSB.

3C = 3COM

3P = 3rd Party Software

GN = HPE General Software

HF = HPE Hardware and Firmware

MU = Multi-Platform Software

NS = NonStop Servers

OV = OpenVMS

PV = ProCurve

ST = Storage Software

UX = HP-UX

Copyright 2016 Hewlett Packard Enterprise

Hewlett Packard Enterprise shall not be liable for technical or editorial

errors or omissions contained herein. The information provided is provided

"as is" without warranty of any kind. To the extent permitted by law, neither

HP or its affiliates, subcontractors or suppliers will be liable for

incidental,special or consequential damages including downtime cost; lost

profits; damages relating to the procurement of substitute products or

services; or damages for loss of data, or software restoration. The

information in this document is subject to change without notice. Hewlett

Packard Enterprise and the names of Hewlett Packard Enterprise products

referenced herein are trademarks of Hewlett Packard Enterprise in the United

States and other countries. Other product and company names mentioned herein

may be trademarks of their respective owners.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQEcBAEBCAAGBQJaZmndAAoJELXhAxt7SZai9L8H/2snIlz/5gjgRTTCCcGjoa7j
oa/PvcBPTqj+SD24B4XK8VY7X7bOU4GUPPMqDcoEpfdg1cNcEir94HYH2ATTMIFb
xQL/cHssrXin9qpGOr8WQvN1438f0nUTL9j02JnI7yECy/HbrOuS8te/wjGNXfei
a8XKWgdvpe5zkv+lIknYkp0U60XE6H47Ts+NnxMOmyMYaMDLFX6gPH0bsWvmPNbA
BVgUZumbCaQEOG/ZeMRDSuEs8zJ5L96EtihoeBYLr7OAfjUPnhqRs2CJWNXzBd7f
DUYirDEwaRgcHIIGdbwITmIFnkmoezbBDQTTNnzAKw0fMbm5WH6107cZl/j9IjI=
=ljP8
-----END PGP SIGNATURE-----

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus