Global Technical Service E-mail:serversupport@inspur.com Europe Technical Service E-mail:eu@inspur.com

Inspur’s Solution Announcement for the “Meltdown” and “Spectre” Security Exploits

  1. Security Leakage introduction

  On January 3, 2018, security researchers disclosed two security leakages named “Meltdown” (CVE#: CVE-2017-5754) and “Spectre” (CVE#: CVE-2017-5753 and CVE#: CVE-2017-5715). Many computing devices are susceptible to both exploits and hackers may be able to use the exploits to get access to computing processes or to OS kernel’s sensitive data beyond their privilege.

  Inspur is working closely with Chip vendors and industry partners to develop prompt solutions to resolve these issues. We will provide updated announcements frequently based on our progress.

  2. Recommended solution

CVE-2017-5754(Rogue data cache load) solution

  - Need OS patch, see more detail on chapter 3.

CVE-2017-5753(Bounds check bypass)solution

  - Need OS patch, see more detail on chapter 3.

CVE-2017-5715(Branch target injection)solution

  - Need update both OS patch and CPU Microcode.

  3. Download and update OS patches

  Now Microsoft, Redhat, SUSE and Vmware have Released OS patches to fix the security leakage, Inspur strongly advice customer update OS patches following OS vendor’s security Advisory. Below listed related security Advisory link.

      1.  Microsoft security update Advisory

           https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180002

      2.  RedHat security update Advisory

           https://access.redhat.com/security/vulnerabilities/speculativeexecution

      3. Vmware security update Advisory

           https://www.vmware.com/us/security/advisories/VMSA-2018-0002.html

      4.Suse security update Advisory

         https://www.suse.com/support/kb/doc/?id=7022512

  4.  Download and update CPU Microcode

  Inspur provide the following two methods to update CPU Microcode.

       1. Solution 1: Download  the OS based Microcode update toolset and do the update in OS environment. This solution doesn’t need reset the system to take effect, It’s more convenient and stable to operate.

This toolset support all the inspur server product with the following processor family.

Intel Xeon E5 V3 Series Processor

Intel Xeon E5 V4 Series Processor

Intel Xeon E7 V3 Series Processor

Intel Xeon Scalable Series Processor

This toolset support OS include:

RedHat Enterprise Linux 6.x/7.x

MicroSoft Windows Server 2012/2016

SUSE Linux Enterprise Server 11.2/11.3

Vmware 5.5/6.0/6.5

       2. Solution 2: Inspur provides method to update CPU Microcode of its various products as mentioned in the table below. Download your product’s corresponding BIOS image and perform the BIOS upgrade; new microcode will take effect in the next system reboot. The affected products and corresponding fix versions are listed in the table below.

  Note: BIOS update needs to meet the corresponding BMC requirement, and customer may have to update BMC Firmware in the meantime.

       5. Releated web link

   1. Intel released new

    https://newsroom.intel.com/news/intel-responds-to-security-research-findings/

   2. Intel security Advisory

    https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00088&languageid=en-fr

    https://www.intel.com/content/www/us/en/architecture-and-technology/facts-about-side-channel-analysis-and-intel-products.html

    https://www.intel.cn/content/www/cn/zh/architecture-and-technology/facts-about-side-channel-analysis-and-intel-products.html

   3. Google Security blog

  https://security.googleblog.com/2018/01/todays-cpu-vulnerability-what-you-need.html

   4. Research from Google Project Zero

  https://googleprojectzero.blogspot.com/2018/01/reading-privileged-memory-with-side.html

   5. Third-party research

     https://meltdownattack.com/

     https://spectreattack.com/

   6. Microsoft security update Advisory

     https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180002

   7. RedHat security update Advisory

     https://access.redhat.com/security/vulnerabilities/speculativeexecution

       6. Release history

version

date

description

V1.0

2018.01.08

Initial release

V1.1

2018.01.09

updated


ABOUT US

Inspur Group Core Values Partners News

SUPPORT

Download Center Service & Warranty

WHERE TO BUY

Where to buy

CONTACT US

Contact Us Join Us

FOLLOW INSPUR

Facebook Instagram Twitter

Copyright © 2017 Inspur. All Rights Reserved.

inspur logo
  • Support:

    1-844-860-0011

  • Sales Inquiries:

    1-800-697-5893