Intel Security Advisory update
Server
04 Jan. 2018
 

(update 2018/05/22) New security vulnerabilities, CVE-2018-3639 and CVE-2018-3640 are derivatives of speculative execution side-channel analysis methods publicly disclosed in January 2018.(CVE-2017-5715, CVE-2017-5753 and CVE-2017-5754). As intel’s recommendation, mitigation of these 2 new variants require both BIOS and OS/VMM update. Please refer to the link for new BIOS release version and schedule - http://www.qct.io/Press-Releases/index/PR/Server/Intel-SA-00115.

(update 2018/03/09) QCT has received new microcode for Skylake/Broadwell/Haswell/IvyBridge/SandyBridge CPU from Intel.

Please refer to ‘’Table 1 - BIOS updates for QCT products’’ for BIOS fixed version and available week.
 

(update 2018/02/27) QCT has received new microcode for Broadwell/Haswell servers from Intel. We will release BIOS for D51B-1U/2U, D51BP-1U/2U, T41S-2U and T41SP-2U in WK09 and will keep you posted when other projects are available. Please refer to BIOS fixed version and release week in table 1.

 
(update 2018/02/21) QCT has received new microcode for Skylake servers from Intel which fixed reboot issues and we will release new BIOS updates in the first week of March. https://security-center.intel.com./advisory.aspx?intelid=INTEL-SA-00088&languageid=en-fr
 
table 1.
Table 1 - BIOS updates for QCT products
QCT servers CPU BIOS fixed version BIOS release week Remark
D52B-1U Intel® Xeon® Scalable Processor Family (Skylake) 3A10.Q04 WK09 QCT recommends customers to update with''BIOS+BMC package’’ ver.1.04 Which fixed an issue on older than BMC v3.4x version that can not batch update BIOS.
D52BQ 3A10.Q04
T42S-2U 3A10.Q04
T42SP-2U 3A10.Q04
T42D-2U 3A10.Q04
D51B-1U/2U Intel® Xeon® Processor E5v4 & E5v3 Product Family  (Broadwell & Haswell) 3B10.06 WK09 (2/27) n/a
T41S-2U 3B09.06
T21P-4U 3B08.06
T41SP-2U 3B09.06 WK10-WK11 (3/9)
D51PH-1ULH 3B08.06
T21SR-2U 3B08.06
D51PL-4U 3B08.06
D51BV-2U 3B10.06
D51PS-1U 3B08.06
D51BP-1U/2U 3B10.03
D51PC-1U 3B08.06
S31A-1U Intel® Xeon® Processor E3-1200 v5 & 1200 v6 product family (Skylake E3) 3B09.02 WK12(3/28) n/a
X10E-9N 3B09.02 WK12(3/28)
Rackgo X Leopard Cave Intel® Xeon® Processor E5 & E5v2 Product Family (Ivy Bridge & Sandy Bridge) in progress WK13
SD1Q-1ULH Intel® Xeon-D (Broadwell) in progress 2018 ww28
Q71L-4U Intel® Xeon® processor E7 v2, v3 and v4 product family (Ivy Bridge EX, Haswell EX) in progress 2018 ww28
S910-X31E Intel® Xeon® Processor E3-1200 v3 & v4 Product Family (Broadwell E3 & Haswell E3) in progress WK18-WK22
S810-X52L Intel® Xeon® Processor E5 & E5v2 Product Family (Ivy Bridge & Sandy Bridge) S2L_4A18 2018 ww28
S210-X12RS (1U) S2RS4A21 2018 ww28 (depending on Intel microcode release schedule or debug-fixed schedule)
S210-X22RQ (2U) S2RS4A21 2018 ww28 (depending on Intel microcode release schedule or debug-fixed schedule)
S210-X12MS S2MS3B12 2018 ww29
S210-X2A2J S2J_3A32.02 WK18-WK22
S200-X22TQ S2TQ3B06.02 WK18-WK22
S200-X12TS S2TS3B06.02 WK18-WK22
F06A Intel® Xeon® Processor E5v3 & E5v4 Product Family
(Haswell & Broadwell)
F06A3C16.03 2018 ww25 (depending on Intel microcode release schedule or debug-fixed schedule)
F03A Intel® Xeon® Processor E5 & E5v2 Product Family (Ivy Bridge & Sandy Bridge) F03A3A09 2018 ww30 (depending on Intel microcode release schedule)
[Remark]
Regarding Customized BIOS, please contact your account sales for release schedule and BIOS with microcode.

 

As intel’s recommendation, mitigation of these 3 variants require both OS and BIOS update. (Table 2 - Security issue variants)

Please check with OS or VM vendors for related information.

Table2.

Table 2 - Security issue variants
Variants Mitigation options
No. Codename CVE#
Variant 1
(Bound chech Bypass)
Spectre CVE 2017-5753 OS/VMM
Variant 2
(Branch target injection)
Spectre CVE 2017-5715 Microcode update + OS/VMM
Variant 3
(Rough data Load)
Meltdown CVE 2017-5754 OS/VMM

 

===== Updated 2018/1/4 =====

 
 

An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions  

  • Variant 1: bounds check bypass (CVE-2017-5753)

  • Variant 2: branch target injection (CVE-2017-5715)

  • Variant 3: rogue data cache load (CVE-2017-5754)

The security vulnerability affected QCT’s server and storage product lines. QCT had made update microcode available for most of our recent release products on the product download page. We highly recommend our customer allocate validation resource to implement new BIOS with update microcode. These vulnerabilities are not unique to QCT servers and will affect any systems using modern microprocessor architectures with impacted firmware revisions.

Acknowledgements
QCT would like to thank Google Project Zero for reporting this issue.
External References

https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00088&languageid=en-fr

https://googleprojectzero.blogspot.com/2018/01/reading-privileged-memory-with-side.html