Super Micro Computer, Inc.
search
 

Services and Support
Downloads
Online Support
Onsite Services
Product Manuals
Quick-References
RMA
Warranty




Security Vulnerabilities Regarding Side Channel Speculative Execution and Indirect Branch Prediction Information Disclosure (CVE-2017-5715, CVE-2017-5753, CVE-2017-5754, CVE-2018-3639, CVE-2018-3640)


Details regarding a microprocessor vulnerability that could impact Supermicro systems has been announced and requires a microcode update of the system BIOS along with an operating system update. Commonly referred to as Meltdown and Spectre the vulnerability involves malicious code utilizing a new method of side-channel analysis and running locally on a normally operating platform has the potential to allow the inference of data values from memory.

To address the issue systems may require both an Operating System update and a BIOS update. Please check with operating system or VM vendors for related information.


RESOURCES:
    - Intel Advisory (Intel-SA-00088)
    - AMD Advisory
    - NVD CVE-2017-5715
    - NVD CVE-2017-5754
    - NVD CVE-2017-5753

UPDATE (June 8, 2018):

A 3rd party security firm who has been testing the BIOS/Firmware security of our systems. They recently published the results of that effort and we have introduced fixes to the issues raised in the blog.

There are three different security areas identified in the blog.

  1. Read/Write versus Read Only Firmware/Flash Descriptor Table

    This issue does not affect the latest generation of X11 or earlier generation X9 products, but X10 products are impacted. We do not believe this issue will impact any customers data, but could make the system non-operational.

    For the effected platforms we will be rolling out the fix along w/ the latest Spectre/Meltdown (Intel-SA-00115) firmware update. These combined updates will be rolling out over the next few weeks. Please check the status of individual updates below. We are combining this update with the fix for latest fix for the Spectre/Meltdown BIOS to minimize the number of reboots and BIOS updates required.

  2. The two other issues raised in the article are new security features (cryptographically signing the BIOS and limiting BIOS downgrades in cases of a critical security patch). We are already shipping these features for some customers and for all new platforms moving forward these features are enabled.

    Due to issues of backward compatibility, we are making the upgrade to these new features optional for existing systems. For customers with existing platforms please contact your sales representative or associated product manager to determine if upgrading the features for software signing and limited rollbacks on your existing systems is appropriate. A new BIOS with these features enabled will be required. Availability of the BIOS will be based on demand.

BIOS and Firmware security has become a growing challenge for the industry. We highly recommend customers update BIOS and Firmware on their systems on a regular basis as these new vulnerabilities are addressed.


UPDATE (May 21, 2018):

On May 21st 2018 Intel announced additional microcode updates will be released (Intel-SA-00115). These new updates will include enhancements to address these potential security vulnerabilities.

    - CVE-2018-3639 7.1 High CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
    - CVE-2018-3640 4.3 Medium CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N

When Intel releases the microcode we will productize, test and release new BIOS. Please refer to the comment column in the tables below regarding version and status for these additional BIOS updates.

For AMD systems, refer to the H11 & H8 tab below.

We will update this web page with BIOS updates when they become available.



  Dual & Single Processor H11 Systems (top)
Motherboard BIOS Version BIOS Availability Related Systems Comments
H11DSU-iN v 1.1 Released AS -1023US-TR4, AS -1123US-TR4, AS -2023US-TR4 Immune to Intel-SA-00115
H11DSi v 1.0c Released n/a Immune to Intel-SA-00115
H11DSi-NT v 1.0c Released AS -4023S-TRT Immune to Intel-SA-00115
H11DST-B v 1.0b Released AS -2123BT-HNC0R, AS -2123BT-HNR, AS -2123BT-HTR Immune to Intel-SA-00115
H11SSL-i v 1.0a Released AS -1013S-MTR Immune to Intel-SA-00115
H11SSL-C v 1.0a Released AS -2013S-C0R Immune to Intel-SA-00115
H11SSL-NC v 1.0a Released n/a Immune to Intel-SA-00115



  Dual, Single & Multi-Processor H8 Motherboards (top)
Motherboard Download Patch Comments
H8DGU-LN4F+
H8DGT-H Series
H8DG6(-F)
H8DGi(-F)
H8DGU(-F)
H8DGG-QF
H8DCL-6(F)
H8DCL-i(F)
H8DCT-F
H8DCT-IBQ(F)
H8DCT-HIBQF
H8DCT-HLN4F
H8SCM(-F)
H8SGL(-F)
H8SME-F
H8SML-7/i(F)
H8QG6(+)-F
H8QGi(+)-F
H8QGL-6F(+)
H8QGL-6F(+)
H8QG7(+)-LN4F
H8QGi(+)-LN4F
BHDGT
BHQGE
n/a Immune to Intel-SA-00115





Terms & Conditions   |   Privacy   |   Investor Relations   |   Jobs   |   Site Map   |   Follow Us
SuperServer® | Motherboards | Chassis | SuperRack® | SuperBlade® | Embedded | Networking | Storage | Accessories | AMD Solutions | Power Supplies
 
Copyright © 2018 Super Micro Computer, Inc. Information in this document is subject to change without notice.
Other products and companies referred to herein are trademarks or registered trademarks of their respective companies or mark holders.