Print | Rate this content

HPESBHF03805 rev.22 - Certain HPE products using Microprocessors from Intel, AMD, and ARM, with Speculative Execution, Elevation of Privilege and Information Disclosure (CVE-2017-5715, CVE-2017-5753, CVE-2017-5754)

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: hpesbhf03805en_us

Version: 1

HPESBHF03805 rev.22 - Certain HPE products using Microprocessors from Intel, AMD, and ARM, with Speculative Execution, Elevation of Privilege and Information Disclosure (CVE-2017-5715, CVE-2017-5753, CVE-2017-5754)
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.

Release Date: 2018-01-05

Last Updated: 2018-06-29


Potential Security Impact: Local: Disclosure of Information, Elevation of Privilege

Source: Hewlett Packard Enterprise, HPE Product Security Response Team

VULNERABILITY SUMMARY

On January 3 2018, side-channel security vulnerabilities involving speculative execution were publicly disclosed. These vulnerabilities may impact the listed HPE products, potentially leading to information disclosure and elevation of privilege. Mitigation and resolution of these vulnerabilities may call for both an operating system update, provided by the OS vendor, and a system ROM update from HPE.

Note:

References:
  • CVE-2017-5715 - aka Spectre, branch target injection (Variant 2)
  • CVE-2017-5753 - aka Spectre, bounds check bypass (Variant 1)
  • CVE-2017-5754 - aka Meltdown, rogue data cache load, memory access permission check performed after kernel memory read (Variant 3)

SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.

  • HPE ProLiant DL120 Gen10 Server - prior to 1.32_02-01-2018(16 Feb 2018)
  • HPE ProLiant DL160 Gen10 Server - prior to 1.32_02-01-2018(16 Feb 2018)
  • HPE ProLiant DL180 Gen10 Server - prior to 1.32_02-01-2018(16 Feb 2018)
  • HPE ProLiant DL360 Gen10 Server - prior to 1.32_02-01-2018(16 Feb 2018)
  • HPE ProLiant DL380 Gen10 Server - prior to 1.32_02-01-2018(16 Feb 2018)
  • HPE ProLiant DL385 Gen10 Server - prior to 1.06_02-01-2018(19 Mar 2018)
  • HPE ProLiant DL560 Gen10 Server - prior to 1.32_02-01-2018(16 Feb 2018)
  • HPE ProLiant DL580 Gen10 Server - prior to 1.32_02-01-2018(16 Feb 2018)
  • HPE ProLiant ML110 Gen10 Server - prior to 1.32_02-01-2018(16 Feb 2018)
  • HPE ProLiant ML350 Gen10 Server - prior to 1.32_02-01-2018(16 Feb 2018)
  • HPE Synergy 480 Gen10 Compute Module - prior to 1.32_02-01-2018(16 Feb 2018)
  • HPE Synergy 660 Gen10 Compute Module - prior to 1.32_02-01-2018(16 Feb 2018)
  • HPE ProLiant BL460c Gen10 Server Blade - prior to 1.32_02-01-2018(16 Feb 2018)
  • HPE Apollo 2000 System - Prior to 1.32_02-01-2018 (16 Feb 2018) - Includes System ROM Flash Binary and RESTful API BIOS Schemas
  • HPE Apollo 4500 System - Prior to 1.32_02-01-2018 (16 Feb 2018) - Includes System ROM Flash Binary and RESTful API BIOS
  • HPE ProLiant XL170r Gen10 Server - prior to 1.32_02-01-2018 (16 Feb 2018) - Includes System ROM Flash Binary and RESTful API BIOS Schemas
  • HPE ProLiant XL190r Gen10 Server - prior to 1.32_02-01-2018 (16 Feb 2018) - Includes System ROM Flash Binary and RESTful API BIOS Schemas
  • HPE ProLiant XL230k Gen10 Server - prior to 1.32_02-01-2018(16 Feb 2018)
  • HPE ProLiant XL450 Gen10 Server - Prior to 1.32_02-01-2018(16 Feb 2018)
  • HPE Cloudline CL2100 Gen10 Server - Prior to 1.0.5.1(6 Mar 2018)
  • HPE Cloudline CL2200 Gen10 Server - Prior to 1.0.5.1(6 Mar 2018)
  • HPE Cloudline CL3150 Gen10 Server (AMD) - Prior to 4.3.0.0(31 Jan 2018)
  • HPE ProLiant XL170r Gen9 Server - Prior to 2.56_01-22-2018(23 Feb 2018)
  • HPE ProLiant XL190r Gen9 Server - Prior to 2.56_01-22-2018(23 Feb 2018)
  • HPE ProLiant XL230a Gen9 Server - Prior to 2.56_01-22-2018(23 Feb 2018)
  • HPE ProLiant XL250a Gen9 Server - Prior to 2.56_01-22-2018(23 Feb 2018)
  • HPE ProLiant XL260a Gen9 Server - Prior to 1.60_01-22-2018(26 Feb 2018)
  • HPE ProLiant XL270d Gen9 Accelerator Tray 2U Configure-to-order Server - Prior to 2.56_01-22-2018(23 Feb 2018)
  • HPE ProLiant XL450 Gen9 Server - Prior to 2.56_01-22-2018(23 Feb 2018)
  • HPE ProLiant XL730f Gen9 Server - Prior to 2.56_01-22-2018(23 Feb 2018)
  • HPE ProLiant XL740f Gen9 Server - Prior to 2.56_01-22-2018(23 Feb 2018)
  • HPE ProLiant XL750f Gen9 Server - Prior to 2.56_01-22-2018(23 Feb 2018)
  • HPE ProLiant DL20 Gen9 Server - Prior to 2.56_01-22-2018(27 Feb 2018)
  • HPE ProLiant DL60 Gen9 Server - Prior to 2.56_01-22-2018(23 Feb 2018)
  • HP ProLiant DL80 Gen9 Server - Prior to 2.56_01-22-2018(23 Feb 2018)
  • HP ProLiant DL120 Gen9 Server - Prior to 2.56_01-22-2018(23 Feb 2018)
  • HP ProLiant DL160 Gen9 Server - Prior to 2.56_01-22-2018(23 Feb 2018)
  • HPE ProLiant DL180 Gen9 Server - Prior to 2.56_01-22-2018(23 Feb 2018)
  • HPE ProLiant DL360 Gen9 Server - Prior to 2.56_01-22-2018(23 Feb 2018)
  • HP ProLiant DL380 Gen9 Server - Prior to 2.56_01-22-2018(23 Feb 2018)
  • HPE ProLiant DL560 Gen9 Server - Prior to 2.56_01-22-2018(23 Feb 2018)
  • HPE ProLiant DL580 Gen9 Server - Prior to 2.56_01-22-2018(2 Mar 2018)
  • HPE Apollo 4200 Gen9 Server - Prior to 2.56_01-22-2018 (23 Feb 2018) - Includes System ROM Flash Binary and RESTful API BIOS Schemas
  • HPE ProLiant BL460c Gen9 Server Blade - Prior to 2.56_01-22-2018(23 Feb 2018)
  • HPE ProLiant BL660c Gen9 Server - Prior to 2.56_01-22-2018(23 Feb 2018)
  • HPE ProLiant ML350 Gen9 Server - Prior to 2.56_01-22-2018(23 Feb 2018)
  • HPE ProLiant ML150 Gen9 Server - Prior to 2.56_01-22-2018(23 Feb 2018)
  • HPE ProLiant ML110 Gen9 Server - Prior to 2.56_01-22-2018(23 Feb 2018)
  • HPE ProLiant ML30 Gen9 Server - Prior to 2.56_01-22-2018(27 Feb 2018)
  • HPE ProLiant ML10 Gen9 Server - Prior to 2018.01.22(22 Mar 2018)
  • HPE Synergy 660 Gen9 Compute Module - Prior to 2.56_01-22-2018(23 Feb 2018)
  • HPE Synergy 480 Gen9 Compute Module - Prior to 2.56_01-22-2018(23 Feb 2018)
  • HPE Synergy 620 Gen9 Compute Module - Prior to 2.56_01-22-2018(2 Mar 2018)
  • HPE Synergy 680 Gen9 Compute Module - Prior to 2.56_01-22-2018(2 Mar 2018)
  • HPE ProLiant WS460c Gen9 Workstation - Prior to 2.56_01-22-2018(23 Feb 2018)
  • HPE ProLiant m510 Server Cartridge - Prior to 1.64_01-22-2018(27 Feb 2018)
  • HPE ProLiant m710p Server Cartridge - Prior to 2018.01.22(24 Feb 2018)
  • HPE ProLiant m710x Server Cartridge - Prior to 1.64_01-22-2018(27 Feb 2018)
  • HP ProLiant m710 Server Cartridge - Prior to 2018.01.22(24 Feb 2018)
  • HP ProLiant XL220a Gen8 v2 Server - Prior to 2018.01.22(23 Feb 2018)
  • HPE ProLiant Thin Micro TM200 Server - Prior to 2.56_01-22-2018(27 Feb 2018)
  • HPE ProLiant m350 Server Cartridge - Prior to 2018.01.22(27 Feb 2018)
  • HPE ProLiant m300 Server Cartridge - Prior to 2018.01.22(27 Feb 2018)
  • HPE ProLiant MicroServer Gen8 - Prior to 2018.01.22(5 Mar 2018)
  • HPE ProLiant ML310e Gen8 v2 Server - Prior to 2018.01.22(23 Feb 2018)
  • HPE Superdome Flex Server - Prior to v2.4.98(03/16/2018)
  • HPE Integrity Superdome X Server -Prior to 8.8.14(3 May 2018)
  • HP 3PAR StoreServ File Controller - To be determined - - v3 impacted
  • HPE StoreVirtual 3000 File Controller - To be determined
  • HPE StoreEasy 1450 Storage - To be determined
  • HPE StoreEasy 1550 Storage - To be determined
  • HPE StoreEasy 1650 Storage - To be determined
  • HPE StoreEasy 1650E Storage - To be determined
  • HPE StoreEasy 3850 Gateway Storage - To be determined
  • HPE StoreEasy 1850 Storage - To be determined
  • HP ConvergedSystem 700 - All currently delivered versions
  • HPE Converged Architecture 700 - All currently delivered versions
  • HPE Cloudline CL5200 G3 Server - Prior to 4H4C2130(3/14/2018)
  • HPE Cloudline CL3100 G3 Server - Prior to 2F4C2230(3/7/2018) - Windows and Linux
  • HPE Cloudline CL2100 G3 807S 8 SFF Configure-to-order Server (Haswell) - Prior to DC1F119A (9 Mar 2018) - SKU 811147-B21 or 1A426AP00-600-G
  • HPE Cloudline CL2100 G3 407S 4 LFF Configure-to-order Server (Haswell) - Prior to DC1F119A (9 Mar 2018) - SKU 811146-B21 or 1A32YP700-600-G
  • HPE Cloudline CL2100 G3 407S 12G 4LFF Configure-to-order Server (Broadwell) - Prior to 4D4C2130(7 Mar 2018) - SKU 855358-B21 or 1A427PK00-600-G
  • HPE Cloudline CL2100 G3 807S 12G 8SFF Configure-to-order Server (Broadwell) - Prior to 4D4C2130(7 Mar 2018) - SKU 855361-B21 or 1A427PJ00-600-G
  • HPE Cloudline CL2100 G3 806R 8SFF Configure-to-order Server (Broadwell) - Prior to 4C4C2100(9 Mar 2018) - SKU 855426-B21 (1A428QN00-600-G)
  • HPE Cloudline CL2200 G3 1211R 12 LFF Configure-to-order Server (Haswell) - Prior to DC1F109B(14 Mar 2018)
  • HPE Cloudline CL2200 G3 12G 1211R 12LFF Configure-to-order Server (Broadwell) - Prior to 4B4C2100(9 Mar 2018)
  • HPE ProLiant DL580 Gen8 Server - Prior to 2.00_02-22-2018(2 Mar 2018)
  • HPE ProLiant DL385p Gen8 (AMD) - Prior to 2018.03.14(12 Apr 2018)
  • HPE ProLiant DL380p Gen8 Server - Prior to 2018.01.22(2 Mar 2018)
  • HPE ProLiant DL360p Gen8 Server - Prior to 2018.01.22(2 Mar 2018)
  • HPE ProLiant ML350e Gen8 Server - Prior to 2018.01.22(2 Mar 2018)
  • HPE ProLiant ML350e Gen8 v2 Server - Prior to 2018.01.22(2 Mar 2018)
  • HPE ProLiant ML350p Gen8 Server - Prior to 2018.01.22(2 Mar 2018)
  • HPE ProLiant ML310e Gen8 Server - Prior to 2018.01.22(5 Mar 2018)
  • HPE ProLiant ML10 v2 Server - Prior to 2018.01.22(23 Feb 2018)
  • HPE ProLiant BL420c Gen8 Server - Prior to 2018.01.22(2 Mar 2018)
  • HP ProLiant BL460c Gen8 Server - Prior to 2018.01.22(2 Mar 2018)
  • HP ProLiant BL660c Gen8 Server - Prior to 2018.01.22(2 Mar 2018)
  • HPE ProLiant DL160 Gen8 Server - Prior to 2018.01.22(2 Mar 2018)
  • HPE ProLiant DL560 Gen8 Server - Prior to 2018.01.22(2 Mar 2018)
  • HP ProLiant DL380e Gen8 Server - Prior to 2018.01.22(2 Mar 2018)
  • HP ProLiant DL360e Gen8 Server - Prior to 2018.01.22(2 Mar 2018)
  • HPE ProLiant DL320e Gen8 Server - Prior to 2018.01.22(5 Mar 2018)
  • HPE ProLiant DL320e Gen8 v2 Server - Prior to 2018.01.22(23 Feb 2018)
  • HPE ProLiant SL210t Gen8 Server - Prior to 2018.01.22(2 Mar 2018)
  • HP ProLiant SL230s Gen8 Server - Prior to 2018.01.22(2 Mar 2018)
  • HPE ProLiant SL250s Gen8 Server - Prior to 2018.01.22(2 Mar 2018)
  • HPE ProLiant SL270s Gen8 Server - Prior to 2018.01.22(2 Mar 2018)
  • HPE ProLiant SL4540 Gen8 1 Node Server - Prior to 2018.01.22(2 Mar 2018)
  • HPE ProLiant BL465c Gen8 (AMD) - Prior to 2018.03.14(12 Apr 2018)
  • HPE Integrity X NonStop CPUs (x86) - To be determined - NonStop customers should carefully review all pertinent NonStop Hotstuff notices BEFORE taking any action.
  • HPE NonStop Cluster I/O Modules (CLIMs) - NonStop customers see Hotstuff HS03372B - NonStop customers should carefully review all pertinent NonStop Hotstuff notices BEFORE taking any action.
  • HPE NonStop System Consoles - NonStop customers see Hotstuff HS03369C - NonStop customers should carefully review all pertinent NonStop Hotstuff notices BEFORE taking any action.
  • HPE NonStop Virtual TapeServer (VTS) - NonStop customers see Hotstuff HS03374A - NonStop customers should carefully review all pertinent NonStop Hotstuff notices BEFORE taking any action.
  • HPE NonStop Virtual Tape Repository (VTR) - NonStop customers see Hotstuff HS03371C - NonStop customers should carefully review all pertinent NonStop Hotstuff notices BEFORE taking any action.
  • HPE NonStop BackBox Virtual Tape Controller (VTC) - NonStop customers see Hotstuff HS03371C - NonStop customers should carefully review all pertinent NonStop Hotstuff notices BEFORE taking any action.
  • HPE Moonshot m700 Server Cartridge - All currently delivered versions
  • HPE Moonshot m700p Server Cartridge - All currently delivered versions
  • Synergy Image Streamer - All currently delivered versions
  • HPE GL20 IoT Gateway - All currently delivered versions
  • HPE GL10 IoT Gateway - All currently delivered versions
  • Big Switch OS - To be determined
  • HPE ProLiant BL2x220c G7 Server Blade - Prior to 2018.02.22(16 Mar 2018)
  • HPE ProLiant BL680c G7 Server Blade - Prior to 2018.02.23(16 Mar 2018)
  • HPE ProLiant BL620c G7 Server Blade - Prior to 2018.02.22(16 Mar 2018)
  • HPE ProLiant BL490c G7 Server Blade - Prior to 2018.02.22(16 Mar 2018)
  • HPE ProLiant BL460c G7 Server Blade - Prior to 2018.02.22(16 Mar 2018)
  • HPE ProLiant DL980 G7 Server - Prior to 2018.02.22(17 Mar 2018)
  • HPE ProLiant DL360 G7 Server - Prior to 2018.02.22(16 Mar 2018)
  • HPE ProLiant DL120 G7 Server - Prior to 2018.02.22(16 Mar 2018)
  • HPE ProLiant ML110 G7 Server - Prior to 2018.02.22(16 Mar 2018)
  • HPE ProLiant DL580 G7 Server - Prior to 2018.02.22(16 Mar 2018)
  • HPE ProLiant DL380 G7 Server - Prior to 2018.02.22(16 Mar 2018)
  • HPE ProLiant SL390s G7 Server - Prior to 2018.02.22(16 Mar 2018)
  • HPE ProLiant ML370 G6 Server - Prior to 2018.02.22(16 Mar 2018)
  • HPE ProLiant BL2x220c G6 Server Blade - Prior to 2018.02.22(16 Mar 2018)
  • HPE ProLiant BL490c G6 Server Blade - Prior to 2018.02.22(16 Mar 2018)
  • HPE ProLiant BL460c G6 Server Blade - Prior to 2018.02.22(16 Mar 2018)
  • HPE ProLiant BL280c G6 Server Blade - Prior to 2018.02.22(16 Mar 2018)
  • HPE ProLiant DL380 G6 Server - Prior to 2018.02.22(16 Mar 2018)
  • HPE ProLiant DL370 G6 Server - Prior to 2018.02.22(16 Mar 2018)
  • HPE ProLiant DL360 G6 Server - Prior to 2018.02.22(16 Mar 2018)
  • HPE ProLiant ML350 G6 Server - Prior to v02/22/2018
  • HPE ProLiant ML330 G6 Server - Prior to 2018.02.22(16 Mar 2018)
  • HPE ProLiant DL320 G6 Server - Prior to 2018.02.22(16 Mar 2018)
  • HPE Integrity MC990 X Server - Prior to 2018.03 (3/17/2018)
  • SGI UV 300, 300H, 300RL, 30EX - Prior to 2018.03 (3/17/2018)
  • HPE AppSystems for SAP HANA - Scale Out Configurations - All currently delivered versions
  • HPE ProLiant DL585 G7 Server (AMD) - Prior to 2018.03.14(12 Apr 2018)
  • HPE ProLiant SL4545 G7 Server (AMD) - Prior to 2018.03.14(A)(12 Apr 2018)
  • HPE ProLiant BL685c G7 Server Blade (AMD) - Prior to 2018.03.14(12 Apr 2018)
  • HPE ProLiant DL180 G6 Server HPE will not provide a microcode patch. Apply OS vendor patches to mitigate
  • HPE ProLiant SL160z G6 Server HPE will not provide a microcode patch. Apply OS vendor patches to mitigate
  • HPE ProLiant ML110 G6 Server HPE will not provide a microcode patch. Apply OS vendor patches to mitigate
  • HPE ProLiant SL160s G6 Server HPE will not provide a microcode patch. Apply OS vendor patches to mitigate
  • HPE ProLiant DL120 G6 Server HPE will not provide a microcode patch. Apply OS vendor patches to mitigate
  • HPE ProLiant ML150 G6 Server HPE will not provide a microcode patch. Apply OS vendor patches to mitigate
  • HPE ProLiant DL160 G6 Server HPE will not provide a microcode patch. Apply OS vendor patches to mitigate
  • HPE ProLiant DL170e G6 Server HPE will not provide a microcode patch. Apply OS vendor patches to mitigate
  • HPE ProLiant DL170h G6 Server HPE will not provide a microcode patch. Apply OS vendor patches to mitigate
  • HPE ProLiant SL170s G6 Server HPE will not provide a microcode patch. Apply OS vendor patches to mitigate
  • HPE ProLiant SL170z G6 Server HPE will not provide a microcode patch. Apply OS vendor patches to mitigate
  • HPE ProLiant SL2x170z G6 Server HPE will not provide a microcode patch. Apply OS vendor patches to mitigate

BACKGROUND

CVSS Version 3.0 and Version 2.0 Base Metrics
Reference
V3 Vector
V3 Base Score
V2 Vector
V2 Base Score
CVE-2017-5715
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
5.5
(AV:L/AC:M/Au:N/C:C/I:N/A:N)
4.7
CVE-2017-5753
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
5.5
(AV:L/AC:M/Au:N/C:C/I:N/A:N)
4.7
CVE-2017-5754
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
5.5
(AV:L/AC:M/Au:N/C:C/I:N/A:N)
4.7
Information on CVSS is documented in HPE Customer Notice: HPSN-2008-002

RESOLUTION

Intel has now granted the microcode update for certain G7 and G6 system ROM updates and they are available for download as of March 16, 2018. Intel has now granted the microcode update for certain Gen9 and Gen8 system ROM updates and they are available for download as of February 23, 2018. Intel has now granted the microcode update for Gen10 System ROM updates and they are available for download as of February 20, 2018.

On January 11, Intel announced issues with an increased frequency of reboots when using the microcodes they released to address Variant 2 of the Spectre Vulnerability for numerous processors including Broadwell, Haswell, Skylake, Kaby Lake, Ivybridge, and Sandybridge processors. Intel has now identified the root cause of these issues and determined that these microcodes may introduce reboots and other unpredictable system behavior. Due to the severity of the potential issues that may occur when using these microcodes, Intel is now recommending that customers discontinue their use. Additional information is available from Intel’s Security Exploit Newsroom here: https://newsroom.intel.com/press-kits/security-exploits-intel-products/ Non-HPE site . HPE is in alignment with Intel in our recommendation that customers discontinue use of System ROMs including impacted microcodes and revert to earlier System ROM versions.

All System ROMs including impacted microcodes were removed from the HPE Support Site. This impacts HPE ProLiant and Synergy, Gen9, and Gen8 v2 servers as well as HPE Superdome servers for which updated System ROMs had previously been made available. Intel is working on updated microcodes to address these issues, and HPE will validate updated System ROMs including these microcodes and make them available to our customers in the coming weeks.

Mitigations for Variant 1 (Spectre) and Variant 3 (Meltdown) vulnerabilities require only OS updates and are not impacted.

  • HPE has provided a customer bulletin https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-a00039267en_us with specific instructions to obtain the udpated sytem ROM

  • NonStop customers should carefully review all pertinent NonStop Hotstuff notices BEFORE taking any action.

  • Note:

    • CVE-2017-5715 (Variant 2) requires that the System ROM be updated and a vendor supplied operating system update be applied as well.
    • For CVE-2017-5753, CVE-2017-5754 (Variants 1 and 3) require only updates of a vendor supplied operating system.
    • HPE will continue to add additional products to the list.
HISTORY
  • Version:1 (rev.1) - 4 January 2018 Initial release
  • Version:2 (rev.2) - 5 January 2018 Added additional impacted products
  • Version:3 (rev.3) - 10 January 2018 Added more impacted products
  • Version:4 (rev.4) - 9 January 2018 Fixed product ID
  • Version:5 (rev.5) - 18 January 2018 Added additional impacted products
  • Version:6 (rev.6) - 19 January 2018 updated impacted product list
  • Version:7 (rev.7) - 23 January 2018 Marked impacted products with TBD for System ROM updates per Intel's guidance on microcode issues
  • Version:8 (rev.8) - 24 January 2018 Added additional impacted products
  • Version:9 (rev.9) - 25 January 2018 Added additional impacted products
  • Version:10 (rev.10) - 25 January 2018 Added additional impacted products, adjusted CVSS score
  • Version:11 (rev.11) - 1 February 2018 Added additional impacted products
  • Version:12 (rev.12) - 13 February 2018 Updated NonStop Product information
  • Version:13 (rev.13) - 16 February 2018 Removed not impacted product
  • Version:14 (rev.14) - 22 February 2018 Updated Gen10 products (for Intel Skylake-SP) with released System Rom
  • Version:15 (rev.15) - 2 March 2018 Updated certain Gen9, and Gen8 products, corrected CVSS vectors
  • Version:16 (rev.16) - 6 March 2018 Added Gen6 and Gen7 Systems
  • Version:17 (rev.17) - 17 March 2018 Updated nonstop information, added CVEs to title
  • Version:18 (rev.18) - 19 March 2018 Added superdome flex resolution, added resolution for certain G6, G7 servers
  • Version:19 (rev.19) - 30 March 2018 Added Cloudline products and adjusted ROM version names to match HPE Support Center
  • Version:20 (rev.20) - 14 April 2018 Added certain AMD processor-based systems
  • Version:21 (rev.21) - 8 May 2018 Updated Superdome X and Superdome Flex Version Information
  • Version:22 (rev.22) - 29 June 2018 HPE will not provide microcode patches for certain ProLiant G6 Systems. Apply OS vendor patches to mitigate

Third Party Security Patches: Third party security patches that are to be installed on systems running Hewlett Packard Enterprise (HPE) software products should be applied in accordance with the customer's patch management policy.

Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HPE Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hpe.com.

Report: To report a potential security vulnerability for any HPE supported product:

Subscribe: To initiate a subscription to receive future HPE Security Bulletin alerts via Email: http://www.hpe.com/support/Subscriber_Choice

Security Bulletin Archive: A list of recently released Security Bulletins is available here: http://www.hpe.com/support/Security_Bulletin_Archive

Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.

3C = 3COM
3P = 3rd Party Software
GN = HP General Software
HF = HP Hardware and Firmware
MU = Multi-Platform Software
NS = NonStop Servers
OV = OpenVMS
PV = ProCurve
ST = Storage Software
UX = HP-UX

©Copyright 2018 Hewlett Packard Enterprise Development LP
Hewlett Packard Enterprise Development shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HPE nor its affiliates, subcontractors or suppliers will be liable for incidental, special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett Packard Enterprise Development and the names of Hewlett Packard Enterprise Development products referenced herein are trademarks of Hewlett Packard Enterprise Development in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners.

Provide feedback

Please rate the information on this page to help us improve our content. Thank you!