Intel Security Advisory update
Server
04 Jan. 2018

An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions  

  • Variant 1: bounds check bypass (CVE-2017-5753)

  • Variant 2: branch target injection (CVE-2017-5715)

  • Variant 3: rogue data cache load (CVE-2017-5754)

The security vulnerability affected QCT’s server and storage product lines. QCT had made update microcode available for most of our recent release products on the product download page. We highly recommend our customer allocate validation resource to implement new BIOS with update microcode. These vulnerabilities are not unique to QCT servers and will affect any systems using modern microprocessor architectures with impacted firmware revisions.

Acknowledgements
QCT would like to thank Google Project Zero for reporting this issue.
External References

https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00088&languageid=en-fr

https://googleprojectzero.blogspot.com/2018/01/reading-privileged-memory-with-side.html