Skip to main content
Sign Out

Welcome to Dell

My Account
  • Place orders quickly and easily
  • View orders and track your shipping status
  • Enjoy members-only rewards and discounts
  • Create and access a list of your products
  • Manage your Dell EMC sites, products, and product-level contacts using Company Administration.
Sign In Create an Account Dell Financial Services Premier Sign In Partner Program Sign In
Contact Us

Your Dell.com Carts

Article Number: 000153854

DSA-2019-003: Dell EMC Isilon OneFS Security Update for Multiple Multiprocessor Side-Channel Vulnerabilities

Article Content

Impact

Medium

Details

Summary:     
Dell EMC Isilon OneFS contains firmware, and operating system updates to mitigate new variants of speculative execution side-channel vulnerabilities.

This advisory addresses the following vulnerabilities:     

  • CVE-2018-3640   Rogue System Register Read (RSRE)   also known as Variant 3a
    CPU may have speculatively performed a read of the system registers not accessible in the current privilege level and the data value may have been returned to speculative dependent operations.

  • CVE-2018-3639   Speculative Store Bypass (SSB)   also known as Variant 4
    Used memory disambiguation to cause a load to speculatively read an old value, then use that value to create a side channel.

  • CVE-2018-3620   L1 Terminal Fault: OS/SMM
    Systems with microprocessors utilizing speculative execution and address translations may have allowed unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access via a terminal page fault and a side-channel analysis.

For more information, review Intel s security advisories INTEL-SA-00115 and INTEL-SA-00161.

This advisory addresses the following vulnerabilities:     

  • CVE-2018-3640   Rogue System Register Read (RSRE)   also known as Variant 3a
    CPU may have speculatively performed a read of the system registers not accessible in the current privilege level and the data value may have been returned to speculative dependent operations.

  • CVE-2018-3639   Speculative Store Bypass (SSB)   also known as Variant 4
    Used memory disambiguation to cause a load to speculatively read an old value, then use that value to create a side channel.

  • CVE-2018-3620   L1 Terminal Fault: OS/SMM
    Systems with microprocessors utilizing speculative execution and address translations may have allowed unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access via a terminal page fault and a side-channel analysis.

For more information, review Intel s security advisories INTEL-SA-00115 and INTEL-SA-00161.

Dell Technologies recommends all customers consider both the CVSS base score and any relevant temporal and environmental scores that may impact the potential severity associated with a particular security vulnerability.

Affected Products and Remediation

Affected products:     
Dell EMC Isilon OneFS 8.1.2 and earlier
Dell EMC Isilon OneFS 8.1.0.4 and earlier
Dell EMC Isilon OneFS 8.0.0.7 and earlier
Dell EMC Isilon OneFS 8.0.1.2 and earlier
Dell EMC Isilon OneFS 7.2.1.6 and earlier
Dell EMC IsilonSD Edge 8.1.2 and earlier
Dell EMC IsilonSD Edge 8.1.0.4 and earlier
Dell EMC IsilonSD Edge 8.0.0.7 and earlier
Dell EMC IsilonSD Edge 8.0.1.2 and earlier
Dell EMC IsilonSD Edge 7.2.1.6 and earlier


Remediation:    
The following Dell EMC Isilon OneFS release addresses these vulnerabilities:    

  • Dell EMC Isilon OneFS 8.1.2.0 

  • Dell EMC Isilon OneFS 8.1.0.4

Dell EMC recommends all customers upgrade at the earliest opportunity. Dell recommends customers to follow security best practices for malware protection to help prevent possible exploitation of these vulnerabilities. These practices include, but are not limited to, promptly deploying software updates, avoiding unknown hyperlinks and websites, never downloading files or applications from unknown sources, and employing up-to-date anti-virus and advanced threat protection solutions.


Link to Remedies:    

For Dell EMC Isilon OneFS 8.1.2.0 and 8.1.0.4, the security updates are contained in the following patches. The fixes will also apply to IsilonSD Edge.  



Affected products:     
Dell EMC Isilon OneFS 8.1.2 and earlier
Dell EMC Isilon OneFS 8.1.0.4 and earlier
Dell EMC Isilon OneFS 8.0.0.7 and earlier
Dell EMC Isilon OneFS 8.0.1.2 and earlier
Dell EMC Isilon OneFS 7.2.1.6 and earlier
Dell EMC IsilonSD Edge 8.1.2 and earlier
Dell EMC IsilonSD Edge 8.1.0.4 and earlier
Dell EMC IsilonSD Edge 8.0.0.7 and earlier
Dell EMC IsilonSD Edge 8.0.1.2 and earlier
Dell EMC IsilonSD Edge 7.2.1.6 and earlier


Remediation:    
The following Dell EMC Isilon OneFS release addresses these vulnerabilities:    

  • Dell EMC Isilon OneFS 8.1.2.0 

  • Dell EMC Isilon OneFS 8.1.0.4

Dell EMC recommends all customers upgrade at the earliest opportunity. Dell recommends customers to follow security best practices for malware protection to help prevent possible exploitation of these vulnerabilities. These practices include, but are not limited to, promptly deploying software updates, avoiding unknown hyperlinks and websites, never downloading files or applications from unknown sources, and employing up-to-date anti-virus and advanced threat protection solutions.


Link to Remedies:    

For Dell EMC Isilon OneFS 8.1.2.0 and 8.1.0.4, the security updates are contained in the following patches. The fixes will also apply to IsilonSD Edge.  



For all other versions of OneFS, upgrade to a newer OneFS version that has a patch available, and then install the patch.

Related Information

Dell Security Advisories and Notices
Dell Vulnerability Response Policy
CVSS Scoring Guide

Legal Information

Article Properties

Affected Product

PowerScale OneFS

Product

PowerScale OneFS, Product Security Information

Last Published Date

22 May 2021

Article Type

Dell Security Advisory

Back to Top