Operational Defect Database
BugZero found this defect 2323 days ago.
Data sources
All data on this page is proprietary to BugZero® or gathered from public sources
Hewlett Packard Enterprise | a00039575en_us
Bulletin: HPE Storage - Side Channel Analysis Method Allows Improper Information Disclosure in Microprocessors (CVE-2017-5715, CVE-2017-5753, CVE-2017-5754)
Last update date:
2/28/2024
Affected products:
Cisco MDS 8Gb Fabric Switch for HPE BladeSystem c-Class
Cisco MDS 9124e Fabric Switch for BladeSystem c-Class
HPE 1606 Extension SAN Switch
HPE 2000fc Modular Smart Array
HPE 2000i G2 Modular Smart Array
HPE 2000sa G2 Modular Smart Array
HPE 2000sa Modular Smart Array
HPE 3Gb SAS Switch for HPE BladeSystem c-Class
HPE 3PAR Application Software Suite for Microsoft Exchange
HPE 3PAR Application Software Suite for Microsoft SQL
HPE 3PAR Application Software Suite for Oracle
HPE 3PAR Application Software Suite for VMware
Affected releases:
No affected releases provided.
Fixed releases:
No fixed releases provided.
Description:
Info
On 3 January 2018, side-channel security vulnerabilities involving speculative execution were publicly disclosed. These vulnerabilities may impact the listed HPE Storage products, potentially leading to information disclosure and elevation of privilege. Product specific mitigation steps will be available through the HPE Support Center when available. Intel has provided a high level statement here: https://newsroom.intel.com/news/intel-responds-to-security-research-findings/ For additional information: https://security-center.intel.com/advisory.aspx?intelid=intel-sa-00088&languageid=en-fr Operating System Vendor Response Microsoft: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180002 Red Hat: https://access.redhat.com/security/vulnerabilities/speculativeexecution SuSE: https://www.suse.com/support/kb/doc/?id=7022512 VMware: https://www.vmware.com/security/advisories/VMSA-2018-0002.html Processor Vendor Response AMD: http://www.amd.com/en/corporate/speculative-execution ARM Holdings: https://developer.arm.com/support/security-update IMPORTANT: The products listed under "Hardware Platforms Affected" at the bottom of this Customer Bulletin are provided to identify the specific models of storage products to be notified. It is not intended to be a list of products affected by the specific vulnerability outlined in this bulletin. A list of affected products can be found in the body of this bulletin.
Scope
Determine if you have a storage system that is impacted by this vulnerability. HPE is maintaining a list of impacted products on the HPE vulnerability website.
Resolution
Determine if you have a system that is impacted by this vulnerability. HPE is maintaining a list of impacted products on the HPE vulnerability website. If your system is impacted, follow the mitigation link provided on the HPE vulnerability website. NOTE: Side-Channel Analysis Method is dependent on malware running locally on a system, which means it is important for customers to practice good security hygiene. As a general best practice, customers should always keep their software and firmware current. Disclaimer : One or more of the links above will take you outside of the Hewlett Packard Enterprise website. HPE does not control and is not responsible for information outside of the HPE website. RECEIVE PROACTIVE UPDATES : Receive support alerts (such as Customer Advisories), as well as updates on drivers, software, firmware, and customer replaceable components, proactively in your e-mail through HPE Subscriber's Choice. Sign up for Subscriber's Choice at the following URL: Proactive Updates Subscription Form.
