Launching soon: The world's first vendor agnostic bug scrubLearn more & join waitlist
OPERATIONAL DEFECT DATABASE
...
...
Document Version Release Date Details 6 07/02/2018 Updated the document with details on the newly available System ROM fixes for Gen10, Gen9, Gen8, G7 and G6 systems. 5 06/15/2018 Updated the Scope section to indicate that the Intel Phi 7200-series processor is not impacted by this issue. 4 06/12/2018 Updated Resolution section with details on the newly available versions of the System ROM fixes for Gen9 platforms and the ProLiant DL580 Gen8 server, and updated the expected ROM timeframe for Gen10 systems. 3 05/30/2018 Added more information on ROM fix availability for Gen10 platforms 2 05/24/2018 Updated Resolution with information on when the System ROM fixes will be available 1 05/21/2018 Original document release On May 21, 2018, industry-wide vulnerabilities were disclosed that involve modern microprocessor architectures. Based on new security research, there are software analysis methods that, when used for malicious purposes, have the potential to improperly gather sensitive data from computing devices that are operating as designed. At this time, this vulnerability is known as Speculative Store Bypass or Variant 4 (CVE-2018-3639). While this vulnerability shares many similarities with the recently disclosed Side-Channel Analysis Method , also known as Spectre and Meltdown, this is a new vulnerability requiring new and unique mitigations. The Speculative Store Bypass or Variant 4 vulnerability impacts microprocessor architectures from multiple CPU vendors, including Intel and AMD. To address this vulnerability, hardware and software vendors from across the industry, including HPE, have been working together to develop mitigation strategies. Mitigation for Intel-based products requires both OS updates and System ROM updates that include a new Intel microcode. Mitigation for AMD-based products only requires an OS update. In addition, on May 21, 2018, another vulnerability was disclosed, referred to as Rogue Register Load or Variant 3A (CVE-2018-3640)that allows an attacker to improperly access processor registers. This vulnerability impacts Intel-based products only. Mitigation for this vulnerability requires only a System ROM update that includes a new Intel microcode. The same microcode required for mitigation of Speculative Store Bypass or Variant 4 will also mitigate Rogue Register Load or Variant 3A. An attack that exploits these vulnerabilities requires malicious code to run on the system. Therefore, it is important to practice good security practices, including always keeping your software and firmware current, which can reduce exposure to these vulnerabilities. The below table provides information on these vulnerabilities: Vulnerability CVE Number Microcode Required? OS/Hypervisor Changes Required? Impacted Processor Vendor Found by? Variant 4 – Speculative Store Bypass CVE-2018-3639 Yes Yes Intel and AMD Google Project Zero Variant 3a – Rogue Register Load (Intel Found) CVE-2018-3640 Yes No Intel Intel Intel Statements: Intel Blog Intel Security First Website Intel Software Side Channel Security Site Intel Security Advisory INTEL-SA-00115
The following indicates HPE ProLiant and Synergy servers that are impacted by these issues. For Intel-based servers, HPE plans to release System ROMs that include the microcodes required for mitigation for the Variant 4 and Variant 3A vulnerabilities, when available from Intel. Intel has informed HPE that Itanium is not impacted by these vulnerabilities. NOTE: the Intel Phi 7200-series processor is not impacted by this issue. Server(s) ProLiant DL380 Gen10 ProLiant DL160 Gen10, ProLiant DL180 Gen10 ProLiant DL360 Gen10 ProLiant ML110 Gen10 ProLiant DL560 Gen10, ProLiant DL580 Gen10 ProLiant DL120 Gen10 ProLiant XL230k Gen10 ProLiant XL170r Gen10, ProLiant XL190r Gen10 ProLiant XL450 Gen10 ProLiant ML350 Gen10 ProLiant BL460c Gen10 HPE Synergy SY480 Gen10 HPE Synergy 660 Gen10 ProLiant XL230a Gen9, ProLiant XL250a Gen9 ProLiant XL170r Gen9, ProLiant XL190r Gen9 ProLiant DL60 Gen9, ProLiant DL80 Gen9 ProLiant XL730f Gen9, ProLiant XL740f Gen9, ProLiant XL750f Gen9 HPE Apollo 4200 Gen9 ProLiant DL160 Gen9, ProLiant DL180 Gen9 ProLiant XL450 Gen9 ProLiant XL270d Accelerator Tray ProLiant DL560 Gen9 ProLiant DL120 Gen9 ProLiant DL380 Gen9, ProLiant DL360 Gen9 ProLiant ML350 Gen9 ProLiant ML150 Gen9 ProLiant ML110 Gen9 ProLiant BL460c Gen9, WS460c Gen9 HPE Synergy 480 Gen9 ProLiant BL660c Gen9 HPE Synergy 660 Gen9 ProLiant DL580 Gen9 HPE Synergy 620 Gen9, HPE Synergy 680 Gen9 ProLiant Thin Micro TM200 ProLiant m510 Server Cartridge ProLiant DL20 Gen9 ProLiant ML30 Gen9 ProLiant m710x Server Cartridge ProLiant m710p Server Cartridge ProLiant BL420c Gen8 ProLiant BL460c Gen8 ProLiant BL660c Gen8 ProLiant ML350e Gen8, ProLiant ML350e Gen8 v2 ProLiant DL160 Gen8 ProLiant DL380p Gen8 ProLiant DL360p Gen8 ProLiant ML350p Gen8 ProLiant DL360e Gen8, ProLiant DL380e Gen8 ProLiant SL4540 Gen8 ProLiant SL230s Gen8, ProLiant SL250s Gen8, ProLiant SL270s Gen8 ProLiant DL560 Gen8 ProLiant SL210t Gen8 ProLiant DL580 Gen8 ProLiant ML10 ProLiant ML310e Gen8 ProLiant DL320e Gen8 Microserver Gen8 ProLiant ML310e Gen8 v2 ProLiant DL320e Gen8 v2 ProLiant ML10 v2 ProLiant XL220a Gen8 v2 ProLiant m710 Server Cartridge HPE Synergy Composer ProLiant BL620c G7, BL680 G7 ProLiant DL580 G7 ProLiant DL980 G7 ProLiant BL460c G7 ProLiant BL490c G7 ProLiant BL2x220c G7 ProLiant DL380 G7 ProLiant DL360 G7 ProLiant SL390s G7 ProLiant DL380 G7 SE ProLiant ML110 G7, DL120 G7 ProLiant ML350 G6 ProLiant BL490c G6 ProLiant BL280c G6 ProLiant BL460c G6 ProLiant BL2x220c G6 ProLiant DL380 G6 ProLiant ML370 G6, ProLiant DL370 G6 ProLiant DL360 G6 ProLiant ML330 G6, ProLiant DL320 G6 ProLiant DL385 Gen10 ProLiant m700 server cartridge ProLiant m700p server cartridge ProLiant BL465c Gen8 ProLiant DL385 Gen10 ProLiant DL585 G7 ProLiant DL385 G7 ProLiant BL465c G7 ProLiant BL685c G7 ProLiant SL4545 G7
HPE recommends updating the Operating System for Intel and AMD-based platforms and, for Intel-based platforms only, the System ROM including an updated microcode when available to mitigate the above mentioned vulnerabilities. Refer to the following table for a list of System ROM revisions that include updated microcodes for Intel-based Gen10, Gen9, Gen9, G7, and G6 servers. System ROMs indicated as “Not Yet Available†will be made available after production status microcodes are available from Intel. For these System ROMs, the Projected Availability indicates an estimate of when the System ROM will be available based on Intel’s latest production status grant schedule. These are not committed release dates and will be updated if microcode production status grant dates change. ROM Family Server(s) Availability of ROM ROM Version/Date U30 ProLiant DL380 Gen10 Available v1.42 U31 ProLiant DL160 Gen10, ProLiant DL180 Gen10 Available v1.42 U32 ProLiant DL360 Gen10 Available v1.42 U33 ProLiant ML110 Gen10 Available v1.42 U34 ProLiant DL560 Gen10, ProLiant DL580 Gen10 Available v1.42 U36 ProLiant DL120 Gen10 Available v1.42 U37 ProLiant XL230k Gen10 Available v1.42 U38 ProLiant XL170r Gen10, ProLiant XL190r Gen10 Available v1.42 U40 ProLiant XL450 Gen10 Available v1.42 U41 ProLiant ML350 Gen10 Available v1.42 I41 ProLiant BL460c Gen10 Available v1.42 I42 HPE Synergy SY480 Gen10 Available v1.42 I43 HPE Synergy 660 Gen10 Available v1.42 U13 ProLiant XL230a Gen9, ProLiant XL250a Gen9 Available v2.60(5/21/2018) U14 ProLiant XL170r Gen9, ProLiant XL190r Gen9 Available v2.60(5/21/2018) U15 ProLiant DL60 Gen9, ProLiant DL80 Gen9 Available v2.60(5/21/2018) U18 ProLiant XL730f Gen9, ProLiant XL740f Gen9, ProLiant XL750f Gen9 Available v2.60(5/21/2018) U19 HPE Apollo 4200 Gen9 Available v2.60(5/21/2018) U20 ProLiant DL160 Gen9, ProLiant DL180 Gen9 Available v2.60(5/21/2018) U21 ProLiant XL450 Gen9 Available v2.60(5/21/2018) U25 ProLiant XL270d Accelerator Tray Available v2.60(5/21/2018) P85 ProLiant DL560 Gen9 Available v2.60(5/21/2018) P86 ProLiant DL120 Gen9 Available v2.60(5/21/2018) P89 ProLiant DL380 Gen9, ProLiant DL360 Gen9 Available v2.60(5/21/2018) P92 ProLiant ML350 Gen9 Available v2.60(5/21/2018) P95 ProLiant ML150 Gen9 Available v2.60(5/21/2018) P99 ProLiant ML110 Gen9 Available v2.60(5/21/2018) I36 ProLiant BL460c Gen9, WS460c Gen9 Available v2.60(5/21/2018) I37 HPE Synergy 480 Gen9 Available v2.60(5/21/2018) I38 ProLiant BL660c Gen9 Available v2.60(5/21/2018) I39 HPE Synergy 660 Gen9 Available v2.60(5/21/2018) U17 ProLiant DL580 Gen9 Available v2.60(5/21/2018) I40 HPE Synergy 620 Gen9, HPE Synergy 680 Gen9 Available v2.60(5/23/2018) U26 ProLiant Thin Micro TM200 Available v2.60 H05 ProLiant m510 Server Cartridge Available 1.68_05-21-2018 U22 ProLiant DL20 Gen9 Available v2.60(5/23/2018) U23 ProLiant ML30 Gen9 Available v2.60 (5/23/2018) H07 ProLiant m710x Server Cartridge Available v1.68 (5/10/2018) H06 ProLiant m710p Server Cartridge Available v05/21/2018 I30 ProLiant BL420c Gen8 Available v05/21/2018 I31 ProLiant BL460c Gen8 Available v05/21/2018 I32 ProLiant BL660c Gen8 Available v05/21/2018 J02 ProLiant ML350e Gen8, ProLiant ML350e Gen8 v2 Available v05/21/2018 J03 ProLiant DL160 Gen8 Available v05/21/2018 P70 ProLiant DL380p Gen8 Available v05/21/2018 P71 ProLiant DL360p Gen8 Available v05/21/2018 P72 ProLiant ML350p Gen8 Available v05/21/2018 P73 ProLiant DL360e Gen8, ProLiant DL380e Gen8 Available v05/21/2018 P74 ProLiant SL4540 Gen8 Available v05/21/2018 P75 ProLiant SL230s Gen8, ProLiant SL250s Gen8, ProLiant SL270s Gen8 Available v05/21/2018 P77 ProLiant DL560 Gen8 Available v05/21/2018 P83 ProLiant SL210t Gen8 Available v05/21/2018 P79 ProLiant DL580 Gen8 Available v2.20 P88 ProLiant ML10 Available v05/21/2018 J04 ProLiant ML310e Gen8 Available v05/21/2018 J05 ProLiant DL320e Gen8 Available v05/21/2018 J06 Microserver Gen8 Available v05/21/2018 P78 ProLiant ML310e Gen8 v2 Available v05/21/2018 P80 ProLiant DL320e Gen8 v2 Available v05/21/2018 J10 ProLiant ML10 v2 Available v05/21/2018 P94 ProLiant XL220a Gen8 v2 Available v05/21/2018 H03 ProLiant m710 Server Cartridge Available v05/21/2018 J08 HPE Synergy Composer Available v05/21/2018 I25 ProLiant BL620c G7, BL680 G7 Not Yet Available July 2-July 6 P65 ProLiant DL580 G7 Not Yet Available July 2-July 6 P66 ProLiant DL980 G7 Not Yet Available July 2-July 6 I27 ProLiant BL460c G7 Available v05/21/2018 I28 ProLiant BL490c G7 Available v05/21/2018 I29 ProLiant BL2x220c G7 Available v05/21/2018 P67 ProLiant DL380 G7 Available v05/21/2018 P68 ProLiant DL360 G7 Available v05/21/2018 P69 ProLiant SL390s G7 Available v05/21/2018 V67 ProLiant DL380 G7 SE Available v05/21/2018 J01 ProLiant ML110 G7, DL120 G7 Available v05/21/2018 D22 ProLiant ML350 G6 Available v05/21/2018 I21 ProLiant BL490c G6 Available v05/21/2018 I22 ProLiant BL280c G6 Available v05/21/2018 I24 ProLiant BL460c G6 Available v05/21/2018 I26 ProLiant BL2x220c G6 Available v05/21/2018 P62 ProLiant DL380 G6 Available v05/21/2018 P63 ProLiant ML370 G6, ProLiant DL370 G6 Available v05/21/2018 P64 ProLiant DL360 G6 Available v05/21/2018 W07 ProLiant ML330 G6, ProLiant DL320 G6 Available v05/21/2018 A40 ProLiant DL385 Gen10 System ROM update not required/OS update only A34 ProLiant m700 server cartridge System ROM update not required/OS update only A35 ProLiant m700p server cartridge System ROM update not required/OS update only A26 ProLiant BL465c Gen8 System ROM update not required/OS update only A16 ProLiant DL585 G7 System ROM update not required/OS update only A18 ProLiant DL385 G7 System ROM update not required/OS update only A19 ProLiant BL465c G7 System ROM update not required/OS update only A20 ProLiant BL685c G7 System ROM update not required/OS update only A31 ProLiant SL4545 G7 System ROM update not required/OS update only A28 ProLiant DL385p Gen8 System ROM update not required/OS update only The System ROMs are available as follows: Click the following link: https://support.hpe.com/hpesc/public/home 1.Enter a product name (e.g., "DL380 Gen9") in the text search field and wait for a list of products to populate. From the products displayed, identify the desired product and click on the Drivers & software icon to the right of the product. 2.From the Drivers & software dropdown menus on the left side of the page: 3.Under Software Type, select "BIOS-(Entitlement Required") 4.For further filtering if needed - Select the specific Operating System from the Operating Environment. 5.Select the appropriate version of the System ROM. 6. Click Download .