Operational Defect Database
BugZero found this defect 2266 days ago.
Data sources
All data on this page is proprietary to BugZero® or gathered from public sources
Hewlett Packard Enterprise | a00039784en_us
Advisory: ProLiant Gen8 and Gen9 Series Servers - CUSTOMER ACTION REQUIRED: Some System ROMs That Addressed the Side Channel Analysis Vulnerability Have Been Removed from the HPE Download Site
Last update date:
1/29/2024
Affected products:
HPE ProLiant BL420c Gen8 Server Blade
HPE ProLiant BL460c Gen10 Server Blade
HPE ProLiant BL460c Gen8 Server Blade
HPE ProLiant BL460c Gen9 Server Blade
HPE ProLiant BL465c Gen8 Server Blade
HPE ProLiant BL660c Gen8 Server Blade
HPE ProLiant BL660c Gen9 Server Blade
HPE ProLiant DL120 Gen10 Server
HPE ProLiant DL120 Gen9 Server
HPE ProLiant DL160 Gen10 server
HPE ProLiant DL160 Gen8 Server
HPE ProLiant DL180 Gen10 server
Affected releases:
No affected releases provided.
Fixed releases:
No fixed releases provided.
Description:
Info
Document Version Release Date Details 7 03/07/2018 Updated document with finalized information on the System ROMs that address this issue and that all fixes have been implemented and there is no longer a need to revert to any previous ROM version; System ROMs for all platforms that were pulled from the HPE Support Site now have newer, updated System ROMs available . 6 03/04/2018 Updated document with additional information on this issue, added additional ProLiant Gen8 series systems that now have a System ROM fix, and specifics on ProLiant G7 and G6 platforms that will have a future System ROM fix. 5 02/28/2018 Updated document to include System ROMs that correct this issue for Gen9 and certain Gen8 series platforms. 4 02/20/2018 Updated document to include System ROMs that correct this issue for Gen10 series platforms 3 01/31/2018 Updated Description with detailed issue timeline 2 01/22/2018 Updated advisory with additional information on Gen10 platform System ROMs that have also been removed from the HPE Download Site and recommendation to revert to a previous version of the System ROM 1 01/13/2018 Original document release On January 3, 2018, an industry-wide vulnerability was publicly disclosed that involves modern microprocessor architectures. Based on new security research, there are software analysis methods that, when used for malicious purposes, have the potential to improperly gather sensitive data from computing devices that are operating as designed. Often referred to as the Side-Channel Analysis Method, or Spectre/Meltdown, this vulnerability impacts microprocessor architectures from both Intel and AMD used on HPE ProLiant and Synergy servers. Mitigation of these issues requires both an Operating System update, provided by the OS vendor, and a System ROM update from HPE. Additional information from Intel is available at the following links: https://www.intel.com/content/www/us/en/architecture-and-technology/facts-about-side-channel-analysis-and-intel-products.html . https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00088&languageid=en-fr https://newsroom.intel.com/press-kits/security-exploits-intel-products/ Within days of the public announcement of the Side Channel Analysis Vulnerability, HPE released System ROMs for Intel-based platforms utilizing updated microcodes that are required for full mitigation of the vulnerability. Specifically, these microcodes are required for Variant 2 (Spectre) of the vulnerability. Starting on January 11, Intel reported issues with the microcodes they had released as part of the mitigation of this issue. On January 22, Intel indicated that these microcodes could result in “unpredictable system behavior.” Due to the potential severity of the issue, HPE removed System ROMs including impacted microcodes from the HPE support site. See the scope section of this document for System ROMs which were removed from the HPE Support Site. Refer to the following links for more information regarding Intel’s public statements on the issues seen with the initial versions of their microcodes: On January 11, 2018 , Intel announced issues with an increased frequency of reboots when using the microcodes they released to address Variant 2 of the Spectre Vulnerability for Broadwell and Haswell processors: https://newsroom.intel.com/news/intel-security-issue-update-addressing-reboot-issues/ On January 17, 2018 , Intel announced issues with an increased frequency of reboots when using the microcodes they released to address Variant 2 of the Spectre Vulnerability for numerous processors including Skylake, Kaby Lake, Ivybridge, and Sandybridge processors: https://newsroom.intel.com/news/firmware-updates-and-initial-performance-data-for-data-center-systems/ On January 22, 2018 , Intel announced a recommendation to stop using the versions of the System ROMs that included the impacted microcode and to revert to a previous version of the System ROM, as detailed below: https://newsroom.intel.com/news/root-cause-of-reboot-issue-identified-updated-guidance-for-customers-and-partners/ HPE has partnered with Intel to validate updated microcodes that support mitigation of the Side Channel Analysis vulnerability while addressing the “unpredictable system behavior” issues seen with the initial microcodes. HPE has now released updated System ROMs (indicated in the Resolution section of this document) for all servers for which the System ROMs had been removed from the HPE support site. For more information on the Side Channel Analysis Vulnerability, also known as Spectre and Meltdown, see HPEs Customer Bulletin .
Scope
The following System ROMs were previously available but have since been removed from the HPE Support Site due to the issues Intel reported with the microcode updates included in them: ROM Family ROM Version Servers U30 v1.28 (12/11/2017) ProLiant DL380 Gen10 U31 v1.28 (12/11/2017) ProLiant DL160 Gen10, ProLiant DL180 Gen10 U32 v1.28 (12/11/2017) ProLiant DL360 Gen10 U33 v1.28 (12/11/2017) ProLiant ML110 Gen10 U34 v1.28 (12/11/2017) ProLiant DL560 Gen10, ProLiant DL580 Gen10 U36 v1.28 (12/11/2017) ProLiant DL120 Gen10 U37 v1.28 (12/11/2017) ProLiant XL230k Gen10 U38 v1.28 (12/11/2017) ProLiant XL170r Gen10, ProLiant XL190r Gen10 U40 v1.28 (12/11/2017) ProLiant XL450 Gen10 U41 v1.28 (12/11/2017) ProLiant ML350 Gen10 I41 v1.28 (12/11/2017) ProLiant BL460c Gen10 I42 v1.28 (12/11/2017) SY480 Gen10 I43 v1.28 (12/11/2017) SY660 Gen10 U22 v2.52 (12/12/2017) ProLiant DL20 Gen9 U23 v2.52 (12/12/2017) ProLiant ML30 Gen9 H07 v1.60 (12/12/2017 ProLiant m710x Server Cartridge U13 v2.54 (12/07/2017) ProLiant XL230a Gen9, ProLiant XL250a Gen9 U14 v2.54 (12/07/2017) ProLiant XL170r Gen9, ProLiant XL190r Gen9 U15 v2.54 (12/07/2017) ProLiant DL60 Gen9, ProLiant DL80 Gen9 U18 v2.54 (12/07/2017) ProLiant XL730f Gen9, ProLiant XL740f Gen9, ProLiant XL750f Gen9 U19 v2.54 (12/07/2017) HPE Apollo 4200 Gen9 U20 v2.54 (12/07/2017) ProLiant DL160 Gen9, ProLiant DL180 Gen9 U21 v2.54 (12/07/2017) ProLiant XL450 Gen9 U25 v2.54 (12/07/2017) ProLiant XL270d Accelerator Tray P85 v2.54 (12/07/2017) ProLiant DL560 Gen9 P86 v2.54 (12/07/2017) ProLiant DL120 Gen9 P89 v2.54 (12/07/2017) ProLiant DL380 Gen9, ProLiant DL360 Gen9 P92 v2.54 (12/07/2017) ProLiant ML350 Gen9 P95 v2.54 (12/07/2017) ProLiant ML150 Gen9 P99 v2.54 (12/07/2017) ProLiant ML110 Gen9 I36 v2.54 (12/07/2017) ProLiant BL460c Gen9, ProLiant WS460c Gen9 I37 v2.54 (12/07/2017) SY480 Gen9 I38 v2.54 (12/07/2017) ProLiant BL660c Gen9 I39 v2.54 (12/07/2017) HPE Synergy 660 Gen9 Compute Module U17 v2.54 (12/07/2017) ProLiant DL580 Gen9 I40 v2.54 (12/07/2017) HPE Synergy 620 Gen9 Compute Module, HPE Synergy 680 Gen9 Compute Module H06 12/12/2017 ProLiant m710p Server Cartridge P78 12/12/2017 ProLiant ML310e Gen8 v2 P80 12/12/2017 ProLiant DL320e Gen8 v2 J10 12/12/2017 ProLiant ML10 v2 H03 12/12/2017 ProLiant m710 Server Cartridge
Resolution
HPE has released updated System ROMs including updated microcodes from Intel for all ProLiant and Synergy servers for which the System ROMs had been previously removed from the HPE Support Site. The following table indicates the updated revisions of System ROMs which replace those which were removed from the HPE Support Site (replace those indicated in the Scope section of this document): ROM Family Updated System ROM Version Servers U30 v1.32 (02/01/2018) ProLiant DL380 Gen10 U31 v1.32 (02/01/2018) ProLiant DL160 Gen10, ProLiant DL180 Gen10 U32 v1.32 (02/01/2018) ProLiant DL360 Gen10 U33 v1.32 (02/01/2018) ProLiant ML110 Gen10 U34 v1.32 (02/01/2018) ProLiant DL560 Gen10, ProLiant DL580 Gen10 U36 v1.32 (02/01/2018) ProLiant DL120 Gen10 U37 v1.32 (02/01/2018) ProLiant XL230k Gen10 U38 v1.32 (02/01/2018) ProLiant XL170r Gen10, ProLiant XL190r Gen10 U40 v1.32 (02/01/2018) ProLiant XL450 Gen10 U41 v1.32 (02/01/2018) ProLiant ML350 Gen10 I41 v1.32 (02/01/2018) ProLiant BL460c Gen10 I42 v1.32 (02/01/2018) SY480 Gen10 I43 v1.32 (02/01/2018) SY660 Gen10 U22 v2.56 (01/22/2018) ProLiant DL20 Gen9 U23 v2.56 (01/22/2018) ProLiant ML30 Gen9 H07 v1.64 (01/22/2018) ProLiant m710x Server Cartridge U13 v2.56 (01/22/2018) ProLiant XL230a Gen9, ProLiant XL250a Gen9 U14 v2.56 (01/22/2018) ProLiant XL170r Gen9, ProLiant XL190r Gen9 U15 v2.56 (01/22/2018) ProLiant DL60 Gen9, ProLiant DL80 Gen9 U18 v2.56 (01/22/2018) ProLiant XL730f Gen9, ProLiant XL740f Gen9, ProLiant XL750f Gen9 U19 v2.56 (01/22/2018) HPE Apollo 4200 Gen9 U20 v2.56 (01/22/2018) ProLiant DL160 Gen9, ProLiant DL180 Gen9 U21 v2.56 (01/22/2018) ProLiant XL450 Gen9 U25 v2.56 (01/22/2018) ProLiant XL270d Accelerator Tray P85 v2.56 (01/22/2018) ProLiant DL560 Gen9 P86 v2.56 (01/22/2018) ProLiant DL120 Gen9 P89 v2.56 (01/22/2018) ProLiant DL380 Gen9, ProLiant DL360 Gen9 P92 v2.56 (01/22/2018) ProLiant ML350 Gen9 P95 v2.56 (01/22/2018) ProLiant ML150 Gen9 P99 v2.56 (01/22/2018) ProLiant ML110 Gen9 I36 v2.56 (01/22/2018) ProLiant BL460c Gen9, ProLiant WS460c Gen9 I37 v2.56 (01/22/2018) SY480 Gen9 I38 v2.56 (01/22/2018) ProLiant BL660c Gen9 I39 v2.56 (01/22/2018) HPE Synergy 660 Gen9 Compute Module U17 v2.56 (01/22/2018) ProLiant DL580 Gen9 I40 v2.56 (01/22/2018) HPE Synergy 620 Gen9 Compute Module, HPE Synergy 680 Gen9 Compute Module H06 01/22/2018 ProLiant m710p Server Cartridge P78 01/22/2018 ProLiant ML310e Gen8 v2 P80 01/22/2018 ProLiant DL320e Gen8 v2 J10 01/22/2018 ProLiant ML10 v2 H03 01/22/2018 ProLiant m710 Server Cartridge RECEIVE PROACTIVE UPDATES : Receive support alerts (such as Customer Advisories), as well as updates on drivers, software, firmware, and customer replaceable components, proactively via e-mail through HPE Subscriber's Choice. Sign up for Subscriber's Choice at the following URL: Proactive Updates Subscription Form. NAVIGATION TIP : For hints on navigating HPE.com to locate the latest drivers, patches, and other support software downloads for ProLiant servers and Options, refer to the Navigation Tips document . SEARCH TIP : For hints on locating similar documents on HPE.com, refer to the Search Tips Document .
