Global Technical Service Hotline Tel: 1-844-860-0011 1-646-517-4966 E-mail:serversupport@inspur.com Follow Inspur


Current position: Home > About Us > Company news

Inspur’s Solution Announcement for the “Meltdown” and “Spectre” Security Exploits

  1.  Security Leakage introduction

  On January 3, 2018, security researchers disclosed two security leakages named “Meltdown” (CVE#: CVE-2017-5754) and “Spectre” (CVE#: CVE-2017-5753 and CVE#: CVE-2017-5715). Many computing devices are susceptible to both exploits and hackers may be able to use the exploits to get access to computing processes or to OS kernel’s sensitive data beyond their authorization.

  Inspur is working closely with Chip vendors and industry partners to develop prompt solutions to resolve these issues. We will provide updated announcements frequently based on our progress.

  .

  2. Recommended solution

  • CVE-2017-5754(Rogue data cache load) solution

  Need OS patch, see more detail on chapter 3.

  • CVE-2017-5753(Bounds check bypass)solution

  Need OS patch, see more detail on chapter 3.

  • CVE-2017-5715(Branch target injection)solution

  Need update both OS patch and CPU Microcode

  3. Download and update OS patches

  Microsoft, Redhat, SUSE and Vmware already Released OS patches to fix the security leakage, Inspur suggests customer should update OS patches following OS vendor’s security Advisory. Below listed related security Advisory links.

  1.  Microsoft security update Advisory

  https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180002

  2.  RedHat security update Advisory

  https://access.redhat.com/security/vulnerabilities/speculativeexecution

  3. Vmware security update Advisory

  https://www.vmware.com/us/security/advisories/VMSA-2018-0002.html

  4.  Suse security update Advisory

  https://www.suse.com/support/kb/doc/?id=7022512

  4.  Download and update CPU Microcode

  Inspur provides the following two methods to update CPU Microcode。

  Solution 1: Download the OS based Microcode update toolset and do the update in OS environment. This solution doesn’t need reset the system to take effect, more convenient and stable to operate.

  This toolset support all the inspur server product with the following processor family.

  Intel Xeon E5 V2 Series Processor

  Intel Xeon E5 V3 Series Processor

  Intel Xeon E7 V3 Series Processor

  Intel Xeon Scalable Series Processor

  This toolset support OS include:

  RedHat Enterprise Linux 6.x/7.x

  MicroSoft Windows Server 2012/2016

  SUSE Linux Enterprise Server 11.2/11.3

  Vmware 5.5/6.0/6.5

  Solution 2: Inspur provides method to update CPU Microcode for its various products as displayed in the table below. Download your product’s corresponding BIOS image and perform the BIOS upgrade; new microcode will take effect in the next system reboot. The affected products and corresponding fix versions are listed in the table below.

  Note: BIOS update needs to meet the corresponding BMC requirement, and customer may have to update BMC Firmware in the meantime.

  .

Product

BIOS Version

Oldest BMC Version required

Download Link

Corresponding fixed Processor family

TS860

4.0.17

4.0.5

Download Link

Intel Xeon E7 V3 Series Processor

TS860G3

4.0.17

4.0.5

Download Link

Intel Xeon E7 V3 Series Processor

NF5166M4

4.1.4

3.2.0

Target to release on Jan. 16

Intel Xeon E5 V3 Series Processor

NF5170M4

4.1.14

4.21.0

Download Link

Intel Xeon E5 V3 Series Processor

NF5177M4

4.1.3

4.3.0

Target to release on Jan. 16

Intel Xeon E5 V3 Series Processor

NF5180M4

4.1.18

4.23.0

Download Link

Intel Xeon E5 V3 Series Processor

NF5180M5

4.0.0

3.3.0

Download Link

Intel Xeon Scalable Series Processor

NF5240M4

4.1.3

4.0.0

Target to release on Jan. 16

Intel Xeon E5 V3 Series Processor

NF5270M4

4.1.19

4.8.0

Download Link

Intel Xeon E5 V3 Series Processor

NF5280M4

4.1.18

4.30.0

Download Link

Intel Xeon E5 V3 Series Processor

NF5280M5

3.0.9

3.12.0

Download Link

Intel Xeon Scalable Series Processor

NF5460M4

4.1.15

3.5.0

Target to release on Jan. 16

Intel Xeon E5 V3 Series Processor

NF8460M4

4.1.03

4.28.0

Target to release on Jan. 16

Intel Xeon E7 V3 Series Processor

NF8460M4(DDR4)

4.2.16

4.11.0

Target to release on Jan. 16

Intel Xeon E7 V3 Series Processor

NF8460M4S

4.2.16

4.11.0

Target to release on Jan. 16

Intel Xeon E7 V3 Series Processor

NF8465M4

4.1.03

4.28.0

Target to release on Jan. 16

Intel Xeon E7 V3 Series Processor

NF8465M4(DDR4)

4.2.16

4.11.0

Target to release on Jan. 16

Intel Xeon E7 V3 Series Processor

NF8480M3

4.0.11

4.3.0

Target to release on Jan. 16

Intel Xeon E7 V3 Series Processor

NF8480M4

4.0.11

4.3.0

Target to release on Jan. 16

Intel Xeon E7 V3 Series Processor

NP5540M4

4.1.3

2.3.0

Target to release on Jan. 16

Intel Xeon E5 V3 Series Processor

NP5570M4

4.1.12

3.5.0

Download Link

Intel Xeon E5 V3 Series Processor

NX5440M4

4.0.08

4.1.4

Target to release on Jan. 16

Intel Xeon E5 V3 Series Processor

NX8280M4

4.0.04

3.1.0

Target to release on Jan. 16

Intel Xeon E7 V3 Series Processor

NX8480M4

4.0.04

3.1.0

Download Link

Intel Xeon E7 V3 Series Processor

NX8880M4

4.0.04

3.1.0

Download Link

Intel Xeon E7 V3 Series Processor

SA5112M4

4.1.14

4.21.0

Target to release on Jan. 16

Intel Xeon E5 V3 Series Processor

SA5112M5

4.0.0

3.3.0

Download Link

Intel Xeon Scalable Series Processor

SA5212M4

4.1.14

4.23.0

Download Link

Intel Xeon E5 V3 Series Processor

SA5212M5

3.0.9

3.12.0

Download Link

Intel Xeon Scalable Series Processor

NF5270M3

2.1.11

1.2.24

Target to release on Jan. 16

Intel Xeon E5 V2 Series Processor

Intel Xeon E5 V3 Series Processor

NF5288M5

4.0.01

1.14.2

DownLoad Link

Intel Xeon Scalable Series Processor

  1.   

  2.         5.Related web link

  Intel released new

  https://newsroom.intel.com/news/intel-responds-to-security-research-findings/

  Intel security Advisory

  https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00088&languageid=en-fr

  https://www.intel.com/content/www/us/en/architecture-and-technology/facts-about-side-channel-analysis-and-intel-products.html

  https://www.intel.cn/content/www/cn/zh/architecture-and-technology/facts-about-side-channel-analysis-and-intel-products.html

  Google Security blog

  https://security.googleblog.com/2018/01/todays-cpu-vulnerability-what-you-need.html

     Research from Google Project Zero

  https://googleprojectzero.blogspot.com/2018/01/reading-privileged-memory-with-side.html

  Third-party research

  https://meltdownattack.com/

  https://spectreattack.com/

  Microsoft security update Advisory

  https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180002

  RedHat security update Advisory

  https://access.redhat.com/security/vulnerabilities/speculativeexecution