Meltdown and Spectre Vulnerabilities
Server
22 May. 2018
 

New security vulnerabilities, CVE-2018-3639 and CVE-2018-3640 are derivatives of speculative execution side-channel analysis methods publicly disclosed in January 2018.(CVE-2017-5715, CVE-2017-5753 and CVE-2017-5754). They could facilitate the unauthorized exposure of privileged data from memory.

As intel’s recommendation, mitigation of these 2 variants require both BIOS and OS/VMM update. QCT will have fixed BIOS with new microcode release starting from wk23. QCT will keep providing frequent and real-time update info once Intel releases further message or updated microcode. For OS/VMM update, please contact your OS or VM vendors for detail information.

 

No.

CVE#

Mitigation options

Intel SA #

CVSS

link

Variant 4
(Speculative Store Bypass)

CVE-2018-3639

Microcode update + OS/VMM

Intel-SA-00115

4.3 Medium
CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N

http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2018-3639

Variant 3a
(Rogue System Register Read)

CVE-2018-3640

4.3 Medium CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N

http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2018-3640

 

 

Table 1 - BIOS updates for CVE-2018-3639 & CVE-2018-3640

QCT servers

CPU

BIOS fixed version

BIOS release week

D52B-1U

 

Intel® Xeon® Scalable Processor Family (Skylake)

3A10.Q05

2018 ww25 (depending on Intel microcode release schedule)
D52BQ 3A10.Q05
T42S-2U 3A10.Q05
T42SP-2U 3A10.Q05
T42D-2U 3A10.Q05
D52T-1ULH 3A10.Q05

D52BV-2U

3A10.Q05

D52G-4U

3A10.G14

Q72D-2U

3A10.02
D51B-1U/2U Intel® Xeon® Processor E5v3 & E5v4 Product Family
(Haswell & Broadwell)
S2B_3B10.08 2018 ww25 (depending on Intel microcode release schedule)
T41S-2U S2S_3B10.03
T21P-4U S2P_3B08.07
T41SP-2U S2S_3B10.03
D51PH-1ULH S2P_3B08.07
T21SR-2U S2S_3B10.03
D51PL-4U S2P_3B08.07
D51BV-2U S2B_3B10.08
D51PS-1U S2P_3B08.07
D51BP-1U/2U S2BP3B10.04
D51PC-1U S2P_3B08.07
S31A-1U Intel® Xeon® Processor E3-1200 v5 & 1200 v6 product family (Skylake E3) in progress (depending on Intel microcode release schedule)
X10E-9N
Rackgo X Leopard Cave Intel® Xeon® Processor E5 & E5v2 Product Family (Ivy Bridge & Sandy Bridge)
SD1Q-1ULH Intel® Xeon-D (Broadwell)
Q71L-4U Intel® Xeon® processor E7 v2, v3 and v4 product family (Ivy Bridge EX, Haswell EX)
S910-X31E Intel® Xeon® Processor E3-1200 v3 & v4 Product Family (Broadwell E3 & Haswell E3)
S810-X52L Intel® Xeon® Processor E5 & E5v2 Product Family (Ivy Bridge & Sandy Bridge)
S210-X12RS (1U)
S210-X22RQ (2U)
S210-X12MS
S210-X2A2J
S200-X22TQ
S200-X12TS
F06A Intel® Xeon® Processor E5v3 & E5v4 Product Family
(Haswell & Broadwell)
F03A Intel® Xeon® Processor E5 & E5v2 Product Family (Ivy Bridge & Sandy Bridge)

 

 [Remark]
Regarding Customized BIOS, please contact your account sales for release schedule and BIOS with microcode.