Global Technical Service Hotline Tel: 1-844-860-0011 1-646-517-4966 E-mail:serversupport@inspur.com Follow Inspur


Current position: Home > About Us > Company news

Inspur’s Solution Announcement for the “Meltdown” and “Spectre” Security Exploits 0320

  1. Security Leakage introduction

  On January 3, 2018, security researchers disclosed two security leakages named “Meltdown” (CVE#: CVE-2017-5754) and “Spectre” (CVE#: CVE-2017-5753 and CVE#: CVE-2017-5715). Many computing devices are susceptible to both exploits and hackers may be able to use the exploits to get access to computing processes or to OS kernel’s sensitive data beyond their privilege.

  Inspur is working closely with Chip vendors and industry partners to develop prompt solutions to resolve these issues. We will provide updated announcements frequently based on our progress.

  2. Recommended solution

  • CVE-2017-5754(Rogue data cache load) solution

  Need OS patch, see more detail on chapter 3.

  • CVE-2017-5753(Bounds check bypass)solution

  Need OS patch, see more detail on chapter 3.

  • CVE-2017-5715(Branch target injection)solution

  Need update both OS patch and CPU Microcode.

  3. Download and update OS patches

  Now Microsoft, Redhat, SUSE and Vmware have Released OS patches to fix the security leakage, Inspur strongly advice customer update OS patches following OS vendor’s security Advisory. Below listed related security Advisory link.

  1.  Microsoft security update Advisory

  https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180002

  2.  RedHat security update Advisory

  https://access.redhat.com/security/vulnerabilities/speculativeexecution

  3. Vmware security update Advisory

  https://www.vmware.com/us/security/advisories/VMSA-2018-0002.html

  4.Suse security update Advisory

  https://www.suse.com/support/kb/doc/?id=7022512

  4.  Download and update CPU Microcode

  Inspur provide the following two methods to update CPU Microcode。

  1. Solution 1: Download the OS based Microcode update toolset and do the update in OS environment. This solution doesn’t need reset the system to take effect, It’s more convenient and stable to operate.
  • This toolset support all the inspur server product with the following processor family.
  • Intel Xeon E5 V3 Series Processor
  • Intel Xeon E5 V4 Series Processor
  • Intel Xeon E7 V3 Series Processor
  • Intel Xeon Scalable Series Processor
  • This toolset support OS include:
  • RedHat Enterprise Linux 6.x/7.x
  • MicroSoft Windows Server 2012/2016
  • SUSE Linux Enterprise Server 11.2/11.3
  • Vmware 5.5/6.0/6.5
  1. Solution 2: Inspur provides method to update CPU Microcode of its various products as mentioned in the table below. Download your product’s corresponding BIOS image and perform the BIOS upgrade; new microcode will take effect in the next system reboot. The affected products and corresponding fix versions are listed in the table below.

  Note: BIOS update needs to meet the corresponding BMC requirement, and customer may have to update BMC Firmware in the meantime.

Product

Updated Version

Oldest BMC Version required

Download Link

TS860

4.0.18

4.0.5

Target to release on Mar. 31

TS860G3

4.0.18

4.0.5

Target to release on Mar. 31

NF5166M4

4.1.5

3.2.0

Download Link

NF5170M4

4.1.15

4.21.0

Download Link

NF5180M4

4.1.19

4.23.0

Download Link

NF5180M5

4.0.1

3.3.0

Download Link

NF5240M4

4.1.3

4.0.0

Target to release on Apr. 15

NF5270M4

4.1.20

4.8.0

Download Link

NF5280M4

4.1.19

4.30.0

Download Link

NF5280M5

4.0.2

3.12.0

Download Link

NF5460M4

4.1.16

3.5.0

Download Link

NF8460M4

4.1.04

4.28.0

Target to release on Mar. 31

NF8460M4(DDR4)

4.2.18

4.11.0

Target to release on Mar. 31

NF8460M4S

4.2.18

4.11.0

Target to release on Mar. 31

NF8465M4

4.1.04

4.28.0

Target to release on Mar. 31

NF8465M4(DDR4)

4.2.18

4.11.0

Target to release on Mar. 31

NF8480M3

4.0.12

4.3.0

Target to release on Mar. 31

NF8480M4

4.0.12

4.3.0

Target to release on Mar. 31

NP5540M4

4.1.3

2.3.0

Target to release on Apr. 15

NP5570M4

4.1.13

3.5.0

Download Link

NX5440M4

4.0.10

4.1.4

Target to release on Apr. 15

NX8280M4

4.0.05

3.1.0

Target to release on Mar. 31

NX8480M4

4.0.05

3.1.0

Target to release on Mar. 31

NX8880M4

4.0.05

3.1.0

Target to release on Mar. 31

SA5112M4

4.1.15

4.21.0

Download Link

SA5112M5

4.0.1

3.3.0

Download Link

SA5212M4

4.1.15

4.23.0

Download Link

SA5212M5

4.0.2

3.12.0

Download Link

NF5288M5

4.0.03

1.14.2

Target to release on Apr. 15

       5. Releated web link

  1. Intel released new

  https://newsroom.intel.com/news/intel-responds-to-security-research-findings/

  1. Intel security Advisory

  https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00088&languageid=en-fr

  https://www.intel.com/content/www/us/en/architecture-and-technology/facts-about-side-channel-analysis-and-intel-products.html

  https://www.intel.cn/content/www/cn/zh/architecture-and-technology/facts-about-side-channel-analysis-and-intel-products.html

  1. Google Security blog

  https://security.googleblog.com/2018/01/todays-cpu-vulnerability-what-you-need.html

  1. Research from Google Project Zero

  https://googleprojectzero.blogspot.com/2018/01/reading-privileged-memory-with-side.html

  1. Third-party research

  https://meltdownattack.com/

  https://spectreattack.com/

  1. Microsoft security update Advisory

  https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180002

  1. RedHat security update Advisory

  https://access.redhat.com/security/vulnerabilities/speculativeexecution

       6. Release history

version

date

description

V1.0

2018.01.08

Initial release

V1.1

2018.01.09

updated