Article Number: 000153854
Medium
Summary:
Dell EMC Isilon OneFS contains firmware, and operating system updates to mitigate new variants of speculative execution side-channel vulnerabilities.
This advisory addresses the following vulnerabilities:
CVE-2018-3640 Rogue System Register Read (RSRE) also known as Variant 3a
CPU may have speculatively performed a read of the system registers not accessible in the current privilege level and the data value may have been returned to speculative dependent operations.
CVE-2018-3639 Speculative Store Bypass (SSB) also known as Variant 4
Used memory disambiguation to cause a load to speculatively read an old value, then use that value to create a side channel.
CVE-2018-3620 L1 Terminal Fault: OS/SMM
Systems with microprocessors utilizing speculative execution and address translations may have allowed unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access via a terminal page fault and a side-channel analysis.
For more information, review Intel s security advisories INTEL-SA-00115 and INTEL-SA-00161.
This advisory addresses the following vulnerabilities:
CVE-2018-3640 Rogue System Register Read (RSRE) also known as Variant 3a
CPU may have speculatively performed a read of the system registers not accessible in the current privilege level and the data value may have been returned to speculative dependent operations.
CVE-2018-3639 Speculative Store Bypass (SSB) also known as Variant 4
Used memory disambiguation to cause a load to speculatively read an old value, then use that value to create a side channel.
CVE-2018-3620 L1 Terminal Fault: OS/SMM
Systems with microprocessors utilizing speculative execution and address translations may have allowed unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access via a terminal page fault and a side-channel analysis.
For more information, review Intel s security advisories INTEL-SA-00115 and INTEL-SA-00161.
Affected products:
Dell EMC Isilon OneFS 8.1.2 and earlier
Dell EMC Isilon OneFS 8.1.0.4 and earlier
Dell EMC Isilon OneFS 8.0.0.7 and earlier
Dell EMC Isilon OneFS 8.0.1.2 and earlier
Dell EMC Isilon OneFS 7.2.1.6 and earlier
Dell EMC IsilonSD Edge 8.1.2 and earlier
Dell EMC IsilonSD Edge 8.1.0.4 and earlier
Dell EMC IsilonSD Edge 8.0.0.7 and earlier
Dell EMC IsilonSD Edge 8.0.1.2 and earlier
Dell EMC IsilonSD Edge 7.2.1.6 and earlier
Remediation:
The following Dell EMC Isilon OneFS release addresses these vulnerabilities:
Dell EMC Isilon OneFS 8.1.2.0
Dell EMC Isilon OneFS 8.1.0.4
Dell EMC recommends all customers upgrade at the earliest opportunity. Dell recommends customers to follow security best practices for malware protection to help prevent possible exploitation of these vulnerabilities. These practices include, but are not limited to, promptly deploying software updates, avoiding unknown hyperlinks and websites, never downloading files or applications from unknown sources, and employing up-to-date anti-virus and advanced threat protection solutions.
Link to Remedies:
For Dell EMC Isilon OneFS 8.1.2.0 and 8.1.0.4, the security updates are contained in the following patches. The fixes will also apply to IsilonSD Edge.
Patch-246713 for OneFS 8.1.2.0: https://download.emc.com/downloads/DL93067
Patch-245399 for OneFS 8.1.0.4: https://download.emc.com/downloads/DL92698
Affected products:
Dell EMC Isilon OneFS 8.1.2 and earlier
Dell EMC Isilon OneFS 8.1.0.4 and earlier
Dell EMC Isilon OneFS 8.0.0.7 and earlier
Dell EMC Isilon OneFS 8.0.1.2 and earlier
Dell EMC Isilon OneFS 7.2.1.6 and earlier
Dell EMC IsilonSD Edge 8.1.2 and earlier
Dell EMC IsilonSD Edge 8.1.0.4 and earlier
Dell EMC IsilonSD Edge 8.0.0.7 and earlier
Dell EMC IsilonSD Edge 8.0.1.2 and earlier
Dell EMC IsilonSD Edge 7.2.1.6 and earlier
Remediation:
The following Dell EMC Isilon OneFS release addresses these vulnerabilities:
Dell EMC Isilon OneFS 8.1.2.0
Dell EMC Isilon OneFS 8.1.0.4
Dell EMC recommends all customers upgrade at the earliest opportunity. Dell recommends customers to follow security best practices for malware protection to help prevent possible exploitation of these vulnerabilities. These practices include, but are not limited to, promptly deploying software updates, avoiding unknown hyperlinks and websites, never downloading files or applications from unknown sources, and employing up-to-date anti-virus and advanced threat protection solutions.
Link to Remedies:
For Dell EMC Isilon OneFS 8.1.2.0 and 8.1.0.4, the security updates are contained in the following patches. The fixes will also apply to IsilonSD Edge.
Patch-246713 for OneFS 8.1.2.0: https://download.emc.com/downloads/DL93067
Patch-245399 for OneFS 8.1.0.4: https://download.emc.com/downloads/DL92698
For all other versions of OneFS, upgrade to a newer OneFS version that has a patch available, and then install the patch.
PowerScale OneFS
PowerScale OneFS, Product Security Information
22 May 2021
Dell Security Advisory