Skip to main content
  • Place orders quickly and easily
  • View orders and track your shipping status
  • Create and access a list of your products

Speculative Execution Side-Channel Vulnerabilities (CVE-2018-3615, CVE-2018-3620, and CVE-2018-3646): Impact on Dell EMC PowerEdge Servers, Storage (SC, PS, and PowerVault MD), and Networking products

Summary: Dell guidance to mitigate risk and resolution for the side-channel analysis vulnerabilities (also known as L1 Terminal Fault or L1TF) for servers, storage, and networking products. For specific information about affected platforms and next steps to apply the updates, see this guide. ...

This article applies to This article does not apply to This article is not tied to any specific product. Not all product versions are identified in this article.

Symptoms

2018-08-31

CVE ID: CVE-2018-3615, CVE-2018-3620, CVE-2018-3646
Dell is aware of a recently disclosed class of CPU speculative execution vulnerabilities (CVE-2018-3615, CVE-2018-3620, and CVE-2018-3646) known collectively as "L1 Terminal Fault" (L1TF) that affect Intel microprocessors. For more information about these vulnerabilities, review the security advisory posted by Intel.

Dell is investigating the impact of these vulnerabilities on our products, and we are working with Intel and other industry partners to mitigate these vulnerabilities. Mitigation steps may vary by product and may include updates to firmware, operating system, and hypervisor components.

Dell EMC recommends customers follow security best practices for malware protection to help prevent possible exploitation of these vulnerabilities until any future updates can be applied. These practices include, but are not limited to, promptly deploying software updates, avoiding unknown hyperlinks and websites, never downloading files or applications from unknown sources, and employing up-to-date anti-virus and advanced threat protection solutions.

Dell EMC PowerEdge Servers/ XC Hyperconverged Appliances

There are two essential components that must be applied to mitigate the above mentioned vulnerabilities:

  1. System BIOS was previously released for CVE-2018-3639 and CVE-2018-3640 which contains the necessary microcode (see KB article 178082: Microprocessor Side-Channel Vulnerabilities (CVE-2018-3639 and CVE-2018-3640): Impact on Dell EMC PowerEdge Servers, Storage (SC Series, PS Series, and PowerVault MD Series) and Networking products.) Check the Product Tables for your system.
  2. Operating System and Hypervisor updates.

If your product has an updated BIOS listed, Dell recommends you upgrade to that BIOS and apply the appropriate operating system updates to provide mitigation against the listed CVEs.

Dell EMC Storage (SC Series, PS Series, and PowerVault MD Series) Products
See the Product Tables for the appropriate mitigations and analysis.

Dell EMC Networking Products
See the Product Tables for the appropriate mitigations and analysis.

For information about other Dell products, see KB article 145501: Speculative Execution Side-Channel Vulnerabilities “L1 Terminal Fault” (CVE-2017-3615, CVE-2018-3620, CVE-2018-3646) impact on Dell products.



BIOS, Firmware, and Driver updates for Storage (including server leveraged storage platforms), and Networking Products


Dell Storage Product Line
Assessment
EqualLogic PS Series Not applicable
The CPU used in the product is not impacted by the reported issues. CPU used is Broadcom MIPS processor without speculative execution.
Dell EMC SC Series (Dell Compellent) No additional security risk
To take advantage of these vulnerabilities, an attacker first must be able to run malicious code on the targeted system. The product is designed to prevent users from loading and running any external or untrusted code on the system. The reported issues do not introduce any additional security risk to the product.
Dell Storage MD3 and DSMS MD3 Series
Dell PowerVault Tape Drives and Libraries
Dell Storage FluidFS Series (includes: FS8600, FS7600, FS7610, FS7500, NX3600, NX3610, NX3500) No additional security risk
To take advantage of these vulnerabilities, an attacker first must be able to run malicious code on the targeted system. Access to the product to load external or potentially untrusted code is restricted to users with root or root-equivalent privileges only. The reported issues do not introduce any additional security risk to the product, if the recommended best practices to protect the access of highly privileged accounts are followed.
Dell Storage Virtual Appliance
Assessment
Dell Storage Manager Virtual Appliance (DSM VA - Dell Compellent) No additional security risk
To take advantage of these vulnerabilities, an attacker first must be able to run malicious code on the targeted system. Access to the product to load external or potentially untrusted code is restricted to users with root or root-equivalent privileges only. The reported issues do not introduce any additional security risk to the product, if the recommended best practices to protect the access of highly privileged accounts are followed. Customers are advised to update the virtual host environment where the product is deployed for full protection.
Dell Storage Integration tools for VMware (Dell Compellent)
Dell EqualLogic Virtual Storage Manager (VSM - EqualLogic)
Dell Storage Product Line
Assessment
Dell Storage NX family Impacted.
See relevant PowerEdge Server information for BIOS patch information. Follow relevant operating system vendor recommendations for operating system level mitigation.
Dell Storage DSMS family

Platforms Assessment
C-Series - C1048P, C9010 No Additional Security Risk
To take advantage of these vulnerabilities, an attacker must first be able to run malicious code on the targeted system. Access to the product to load potentially untrusted code is restricted to users with root or root-equivalent privileges only. The reported issues do not introduce any additional security risk to the product, if the recommended best practices to protect access to highly privileged accounts are followed.
M I/O Aggregator Not Applicable
The CPU used in the products is not impacted by the reported issues.
MXL
FX2
N11xx, N15xx, N20xx, N30xx
N2128PX, N3128PX
Navasota
S55, S60
SIOM
S-Series - Standard and -ON No Additional Security Risk
To take advantage of these vulnerabilities, an attacker must first be able to run malicious code on the targeted system. Access to the product to load potentially untrusted code is restricted to users with root or root-equivalent privileges only. The reported issues do not introduce any additional security risk to the product, if the recommended best practices to protect access to highly privileged accounts are followed.
Z-Series - Standard and ON
 

Networking - Fixed Port Switches
Platforms Assessment
PowerConnect Series Switches Not Applicable
The CPU used in the products is not impacted by the reported issues.
C9000 Series Line Cards
Mellanox SB7800 Series, SX6000 Series No Additional Security Risk
To take advantage of these vulnerabilities, an attacker must first be able to run malicious code on the targeted system. Access to the product to load potentially untrusted code is restricted to users with root or root-equivalent privileges only. The reported issues do not introduce any additional security risk to the product, if the recommended best practices to protect access to highly privileged accounts are followed.
Platform Software Assessment
VM and Emulator No Additional Security Risk
To take advantage of these vulnerabilities, an attacker must first be able to run malicious code on the targeted system. Access to the product to load potentially untrusted code is restricted to users with root or root-equivalent privileges only. The reported issues do not introduce any additional security risk to the product, if the recommended best practices to protect access to highly privileged accounts are followed. Customers are advised to update the virtual host environment where the product is deployed for full protection.
OS10.4.0 and earlier Base and Enterprise No Additional Security Risk
To take advantage of these vulnerabilities, an attacker must first be able to run malicious code on the targeted system. Access to the product to load potentially untrusted code is restricted to users with root or root-equivalent privileges only. The reported issues do not introduce any additional security risk to the product, if the recommended best practices to protect access to highly privileged accounts are followed.
OS10.4.1 Base and Enterprise
OS9 All Versions Not Applicable
The operating system is not vulnerable to this attack.
Platform Assessment
W-Series Not Applicable.
The CPU used in the products is not impacted by the reported issues.
Wireless Appliances:
W-Airwave No Additional Security Risk
To take advantage of these vulnerabilities, an attacker must first be able to run malicious code on the targeted system. Access to the product to load potentially untrusted code is restricted to users with root or root-equivalent privileges only. The reported issues do not introduce any additional security risk to the product, if the recommended best practices to protect access to highly privileged accounts are followed. Customers are advised to update the virtual host environment where the product is deployed for full protection.
W-ClearPass Hardware Appliances
W-ClearPass Virtual Appliances
W-ClearPass 100 Software Not Applicable
The Software operates in a Virtual Environment. Customers are advised to update the virtual host environment where the product is deployed.


External references

Cause

-

Resolution

-

Affected Products

Datacenter Scalable Solutions, PowerEdge, C Series, Entry Level & Midrange, Compellent (SC, SCv & FS Series), Legacy Storage Models, Dell Networking Z9500, C1048P Port Extender, C9000 Series Line Cards, C9010 Modular Chassis Switch , Dell EMC PowerSwitch N3000E-ON Series, Dell EMC PowerSwitch N3100 Series ...

Products

S Series, W-Series Wireless Networking, OS9, Force10 MXL Blade, Force10 S55T, Force10 S60-44T, Force10 Z9000, Mellanox SB7800 Series, Mellanox SX6000 Series, PowerSwitch N1100-ON Series, PowerSwitch N1500 Series, PowerSwitch N2000 Series , PowerSwitch N2100 Series, PowerSwitch N3000 Series, PowerSwitch Z9100-ON, PowerSwitch Z9264F-ON, PowerSwitch Z9332F-ON, PowerSwitch Z9432F-ON, PowerConnect 2124, PowerConnect 2216, PowerConnect 2224, PowerConnect 2324, PowerConnect 2508, PowerConnect 2608, PowerConnect 2616, PowerConnect 2624, PowerConnect 2708, PowerConnect 2716, PowerConnect 2724, PowerConnect 2748, PowerConnect 2808, PowerConnect 2816, PowerConnect 2824, PowerConnect 2848, PowerConnect 3248, PowerConnect 3324, PowerConnect 3348, PowerConnect 3424, PowerConnect 3424P, PowerConnect 3448, PowerConnect 3448P, PowerConnect 3524, PowerConnect 3524P, PowerConnect 3548, PowerConnect 3548P, PowerConnect 5212, PowerConnect 5224, PowerConnect 5316M, PowerConnect 5324, PowerConnect 5424, PowerConnect 5448, PowerConnect 5524, PowerConnect 5524P, PowerConnect 5548, PowerConnect 5548p, PowerConnect 6024, PowerConnect 6024F, PowerConnect 6224, PowerConnect 6224F, PowerConnect 6224P, PowerConnect 6248, PowerConnect 6248P, PowerConnect 7024, PowerConnect 7024F, PowerConnect 7024P, PowerConnect 7048, PowerConnect 7048P, PowerConnect 7048R, PowerConnect 8024, PowerConnect 8024F, PowerConnect 8100 Series, PowerConnect B-8000, PowerConnect B-8000e, PowerConnect B-DCX, PowerConnect B-DCX-4s, PowerConnect B-FCXs, PowerConnect B-MLXE16, PowerConnect B-MLXE4, PowerConnect B-MLXE8, PowerConnect B-RX, PowerConnect B-RX16, PowerConnect B-RX4, PowerConnect B-RX8, PowerConnect B-TI24X, PowerConnect 5012, PowerConnect 3024, PowerConnect 3048, PowerConnect 2016, PowerConnect FCS624S, PowerConnect J-EX4200-24F, PowerConnect J-EX4200-24t, PowerConnect J-EX4200-48t, PowerConnect J-EX8208, PowerConnect J-EX8216, PowerConnect J-EX4200, PowerConnect J-EX4500, PowerConnect J-EX82XX, PowerConnect J-SRX100, PowerConnect J-SRX210, PowerConnect J-SRX240, PowerConnect M6220, PowerConnect M6348, PowerConnect M8024, PowerConnect M8024-K, W-3200, W-3400, W-3600, W-6000, W-620, W-650, W-651, W-7005, W-7008, W-7010, W-7024, W-7030, W-7200 Series, W-7205, W-Airwave, W-AP103, W-AP103H, W-AP105, W-AP114/115, W-AP124/125, W-AP134/135, W-AP175, W-AP204/205, W-Series 205H Access Points, W-AP214/215, W-AP224/225, W-AP274/275, W-AP68, W-AP92/93, W-AP93H, W-Series 228 Access Points, W-Series 277 Access Points, W-Clearpass 100 Software, W-ClearPass Hardware Appliances, W-ClearPass Virtual Appliances, W-IAP103, W-IAP104/105, W-IAP108/109, W-IAP114/115, W-IAP134/135, W-IAP155/155P, W-IAP175P/AC, W-IAP204/205, W-IAP214/215, W-IAP224/225, W-IAP274/275, W-IAP3WN/P, W-IAP92/93, W-Series FIPS, PowerEdge FX2/FX2s, PowerEdge M IO Aggregator, SmartFabric OS10 Software ...
Article Properties
Article Number: 000137307
Article Type: Solution
Last Modified: 07 Oct 2021
Version:  5
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.