Centre d'assistance
AnglaisJaponais
0 résultat(s) trouvé(s)
Aucun résultat n'a été trouvé
HPESBHF03805 rev.24 - Certain HPE products using Microprocessors from Intel, AMD, and ARM, with Speculative Execution, Elevation of Privilege and Information Disclosure (CVE-2017-5715, CVE-2017-5753, CVE-2017-5754)

HPESBHF03805 rev.24 - Certain HPE products using Microprocessors from Intel, AMD, and ARM, with Speculative Execution, Elevation of Privilege and Information Disclosure (CVE-2017-5715, CVE-2017-5753, CVE-2017-5754)

Document Subtype: Security Bulletin|Document ID: hpesbhf03805en_us|Last Updated: 2020-05-05|Release Date: 2018-01-04|Document Version: 24

Potential Security Impact: Local: Disclosure of Information, Elevation of Privilege

Source: Hewlett Packard Enterprise, HPE Product Security Response Team

VULNERABILITY SUMMARY

On January 3 2018, side-channel security vulnerabilities involving speculative execution were publicly disclosed. These vulnerabilities may impact the listed HPE products, potentially leading to information disclosure and elevation of privilege. Mitigation and resolution of these vulnerabilities may call for both an operating system update, provided by the OS vendor, and a system ROM update from HPE.

Note:

Update: On July 10th, 2018 Intel updated security advisory INTEL-OSS-10002 and spoke about CVE-2018-3693, Bounds Check Bypass Store. This vulnerability (AKA Spectre 1.1) is similar to Spectre variant 1.

In addition other similar vulnerabilities continue to be disclosed. Researchers continue to study and report research about the Spectre problems:

  • Spectre 1.2
  • SpectreRSB
  • NetSpectre
References:
  • CVE-2017-5715 - aka Spectre, branch target injection (Variant 2), SpectreRSB
  • CVE-2018-3693 - aka Bounds Check Bypass on Stores Variant 1.1
  • CVE-2017-5753 - aka Bounds Check Bypass, Spectre Variant 1, Variant 1.2, NetSpectre
  • CVE-2017-5754 - aka Meltdown, rogue data cache load, memory access permission check performed after kernel memory read (Variant 3)

SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.

  • HPE ProLiant DL120 Gen10 Server - prior to 1.32_02-01-2018(16 Feb 2018)
  • HPE ProLiant DL160 Gen10 Server - prior to 1.32_02-01-2018(16 Feb 2018)
  • HPE ProLiant DL180 Gen10 Server - prior to 1.32_02-01-2018(16 Feb 2018)
  • HPE ProLiant DL360 Gen10 Server - prior to 1.32_02-01-2018(16 Feb 2018)
  • HPE ProLiant DL380 Gen10 Server - prior to 1.32_02-01-2018(16 Feb 2018)
  • HPE ProLiant DL385 Gen10 Server - prior to 1.06_02-01-2018(19 Mar 2018)
  • HPE ProLiant DL560 Gen10 Server - prior to 1.32_02-01-2018(16 Feb 2018)
  • HPE ProLiant DL580 Gen10 Server - prior to 1.32_02-01-2018(16 Feb 2018)
  • HPE ProLiant ML110 Gen10 Server - prior to 1.32_02-01-2018(16 Feb 2018)
  • HPE Synergy 480 Gen10 Compute Module - prior to 1.32_02-01-2018(16 Feb 2018)
  • HPE Synergy 660 Gen10 Compute Module - prior to 1.32_02-01-2018(16 Feb 2018)
  • HPE ProLiant BL460c Gen10 Server Blade - prior to 1.32_02-01-2018(16 Feb 2018)
  • HPE Apollo 2000 System - Prior to 1.32_02-01-2018 (16 Feb 2018) - Includes System ROM Flash Binary and RESTful API BIOS Schemas
  • HPE Apollo 4500 System - Prior to 1.32_02-01-2018 (16 Feb 2018) - Includes System ROM Flash Binary and RESTful API BIOS
  • HPE ProLiant XL230k Gen10 Server - prior to 1.32_02-01-2018(16 Feb 2018)
  • HPE ProLiant XL450 Gen10 Server - Prior to 1.32_02-01-2018(16 Feb 2018)
  • HPE Cloudline CL2100 Gen10 Server - Prior to 1.0.5.1(6 Mar 2018)
  • HPE Cloudline CL2200 Gen10 Server - Prior to 1.0.5.1(6 Mar 2018)
  • HPE Cloudline CL3150 Gen10 Server (AMD) - Prior to 4.3.0.0(31 Jan 2018)
  • HPE ProLiant XL170r Gen9 Server - Prior to 2.56_01-22-2018(23 Feb 2018)
  • HPE ProLiant XL190r Gen9 Server - Prior to 2.56_01-22-2018(23 Feb 2018)
  • HPE ProLiant XL250a Gen9 Server - Prior to 2.56_01-22-2018(23 Feb 2018)
  • HPE ProLiant XL260a Gen9 Server - Prior to 1.60_01-22-2018(26 Feb 2018)
  • HPE ProLiant XL270d Gen9 Accelerator Tray 2U Configure-to-order Server - Prior to 2.56_01-22-2018(23 Feb 2018)
  • HPE ProLiant XL450 Gen9 Server - Prior to 2.56_01-22-2018(23 Feb 2018)
  • HPE ProLiant XL740f Gen9 Server - Prior to 2.56_01-22-2018(23 Feb 2018)
  • HPE ProLiant XL750f Gen9 Server - Prior to 2.56_01-22-2018(23 Feb 2018)
  • HPE ProLiant DL20 Gen9 Server - Prior to 2.56_01-22-2018(27 Feb 2018)
  • HPE ProLiant DL60 Gen9 Server - Prior to 2.56_01-22-2018(23 Feb 2018)
  • HPE ProLiant DL80 Gen9 Server - Prior to 2.56_01-22-2018(23 Feb 2018)
  • HPE ProLiant DL360 Gen9 Server - Prior to 2.56_01-22-2018(23 Feb 2018)
  • HPE ProLiant DL560 Gen9 Server - Prior to 2.56_01-22-2018(23 Feb 2018)
  • HPE ProLiant DL580 Gen9 Server - Prior to 2.56_01-22-2018(2 Mar 2018)
  • HPE Apollo 4200 Gen9 Server - Prior to 2.56_01-22-2018 (23 Feb 2018) - Includes System ROM Flash Binary and RESTful API BIOS Schemas
  • HPE ProLiant BL460c Gen9 Server Blade - Prior to 2.56_01-22-2018(23 Feb 2018)
  • HPE ProLiant BL660c Gen9 Server - Prior to 2.56_01-22-2018(23 Feb 2018)
  • HPE ProLiant ML150 Gen9 Server - Prior to 2.56_01-22-2018(23 Feb 2018)
  • HPE ProLiant ML110 Gen9 Server - Prior to 2.56_01-22-2018(23 Feb 2018)
  • HPE ProLiant ML30 Gen9 Server - Prior to 2.56_01-22-2018(27 Feb 2018)
  • HPE ProLiant ML10 Gen9 Server - Prior to 2018.01.22(22 Mar 2018)
  • HPE Synergy 660 Gen9 Compute Module - Prior to 2.56_01-22-2018(23 Feb 2018)
  • HPE Synergy 480 Gen9 Compute Module - Prior to 2.56_01-22-2018(23 Feb 2018)
  • HPE Synergy 620 Gen9 Compute Module - Prior to 2.56_01-22-2018(2 Mar 2018)
  • HPE Synergy 680 Gen9 Compute Module - Prior to 2.56_01-22-2018(2 Mar 2018)
  • HPE ProLiant WS460c Gen9 Graphics Server Blade - Prior to 2.56_01-22-2018(23 Feb 2018)
  • HPE ProLiant m510 Server Cartridge - Prior to 1.64_01-22-2018(27 Feb 2018)
  • HPE ProLiant m710p Server Cartridge - Prior to 2018.01.22(24 Feb 2018)
  • HPE ProLiant m710x Server Blade - Prior to 1.64_01-22-2018(27 Feb 2018)
  • HPE ProLiant XL220a Gen8 v2 Server - Prior to 2018.01.22(23 Feb 2018)
  • HPE ProLiant Thin Micro TM200 Server - Prior to 2.56_01-22-2018(27 Feb 2018)
  • HPE ProLiant m350 Server Cartridge - Prior to 2018.01.22(27 Feb 2018)
  • HPE ProLiant m300 Server Cartridge - Prior to 2018.01.22(27 Feb 2018)
  • HPE ProLiant MicroServer Gen8 - Prior to 2018.01.22(5 Mar 2018)
  • HPE ProLiant ML310e Gen8 v2 Server - Prior to 2018.01.22(23 Feb 2018)
  • HPE Superdome Flex Server - Prior to v2.4.98(03/16/2018)
  • HPE Integrity Superdome X Server - Prior to 8.8.14(3 May 2018)
  • HPE 3PAR StoreServ File Controller - To be determined - - v3 impacted
  • HPE StoreVirtual 3000 File Controller - To be determined
  • HPE StoreEasy 1450 Storage - To be determined
  • HPE StoreEasy 1550 Storage - To be determined
  • HPE StoreEasy 1650 Storage - To be determined
  • HPE StoreEasy 1650E Storage - To be determined
  • HPE StoreEasy 3000 Gateway Storage - To be determined
  • HPE StoreEasy 1850 Storage - To be determined
  • HPE Converged Architecture 700 - All currently delivered versions
  • HPE Cloudline CL2100 G3 807S - Prior to DC1F119A (9 Mar 2018) - SKU 811147-B21 or 1A426AP00-600-G
  • HPE Cloudline CL2100 G3 806R (Broadwell) - Prior to DC1F119A (9 Mar 2018) - SKU 811146-B21 or 1A32YP700-600-G
  • HPE Cloudline CL2100 G3 407S/807S (Broadwell) - Prior to 4D4C2130(7 Mar 2018) - SKU 855358-B21 or 1A427PK00-600-G
  • HPE Cloudline CL2100 G3 807S Duplicate - Prior to 4D4C2130(7 Mar 2018) - SKU 855361-B21 or 1A427PJ00-600-G
  • HPE Cloudline CL2100 G3 407S/807S (Haswell) - Prior to 4C4C2100(9 Mar 2018) - SKU 855426-B21 (1A428QN00-600-G)
  • HPE Cloudline CL2200 G3 1211R (Broadwell) - Prior to DC1F109B(14 Mar 2018)
  • HPE Cloudline CL2200 G3 1211R (Haswell) - Prior to 4B4C2100(9 Mar 2018)
  • HPE ProLiant DL580 Gen8 Server - Prior to 2.00_02-22-2018(2 Mar 2018)
  • HPE ProLiant DL385p Gen8 (AMD) - Prior to 2018.03.14(12 Apr 2018)
  • HPE ProLiant DL380p Gen8 Server - Prior to 2018.01.22(2 Mar 2018)
  • HPE ProLiant DL360p Gen8 Server - Prior to 2018.01.22(2 Mar 2018)
  • HPE ProLiant ML350e Gen8 Server - Prior to 2018.01.22(2 Mar 2018)
  • HPE ProLiant ML350e Gen8 v2 Server - Prior to 2018.01.22(2 Mar 2018)
  • HPE ProLiant ML350p Gen8 Server - Prior to 2018.01.22(2 Mar 2018)
  • HPE ProLiant ML310e Gen8 Server - Prior to 2018.01.22(5 Mar 2018)
  • HPE ProLiant ML10 v2 Server - Prior to 2018.01.22(23 Feb 2018)
  • HPE ProLiant BL420c Gen8 Server - Prior to 2018.01.22(2 Mar 2018)
  • HPE ProLiant DL160 Gen8 Server - Prior to 2018.01.22(2 Mar 2018)
  • HPE ProLiant DL560 Gen8 Server - Prior to 2018.01.22(2 Mar 2018)
  • HPE ProLiant DL380e Gen8 Server - Prior to 2018.01.22(2 Mar 2018)
  • HPE ProLiant DL360e Gen8 Server - Prior to 2018.01.22(2 Mar 2018)
  • HPE ProLiant DL320e Gen8 Server - Prior to 2018.01.22(5 Mar 2018)
  • HPE ProLiant DL320e Gen8 v2 Server - Prior to 2018.01.22(23 Feb 2018)
  • HPE ProLiant SL210t Gen8 Server - Prior to 2018.01.22(2 Mar 2018)
  • HPE ProLiant SL230s Gen8 Server - Prior to 2018.01.22(2 Mar 2018)
  • HPE ProLiant SL250s Gen8 Server - Prior to 2018.01.22(2 Mar 2018)
  • HPE ProLiant SL270s Gen8 Server - Prior to 2018.01.22(2 Mar 2018)
  • HPE ProLiant SL4540 Gen8 1 Node Server - Prior to 2018.01.22(2 Mar 2018)
  • HPE ProLiant BL465c Gen8 Server Blade - Prior to 2018.03.14(12 Apr 2018)
  • HPE Integrity NonStop X NS7 X1 System - To be determined - NonStop customers should carefully review all pertinent NonStop Hotstuff notices BEFORE taking any action.
  • HPE NonStop CLIM-based Software - NonStop customers see Hotstuff HS03372B - NonStop customers should carefully review all pertinent NonStop Hotstuff notices BEFORE taking any action.
  • HPE NonStop System Console - NonStop customers see Hotstuff HS03369C - NonStop customers should carefully review all pertinent NonStop Hotstuff notices BEFORE taking any action.
  • HPE NonStop Virtual TapeServer (VTS) - NonStop customers see Hotstuff HS03374A - NonStop customers should carefully review all pertinent NonStop Hotstuff notices BEFORE taking any action.
  • HPE NonStop Virtual Tape Repository (VTR) - NonStop customers see Hotstuff HS03371C - NonStop customers should carefully review all pertinent NonStop Hotstuff notices BEFORE taking any action.
  • HPE NonStop BackBox Virtual Tape Controller (VTC) - NonStop customers see Hotstuff HS03371C - NonStop customers should carefully review all pertinent NonStop Hotstuff notices BEFORE taking any action.
  • HPE Moonshot m700 Server Cartridge - All currently delivered versions
  • HPE Moonshot m700p Server Cartridge - All currently delivered versions
  • HPE Synergy Image Streamer - All currently delivered versions
  • HPE GL20 IoT Gateway - All currently delivered versions
  • HPE GL10 IoT Gateway - All currently delivered versions
  • Big Switch OS - To be determined
  • HPE ProLiant BL2x220c G7 Server Blade - Prior to 2018.02.22(16 Mar 2018)
  • HPE ProLiant BL680c G7 Server Blade - Prior to 2018.02.23(16 Mar 2018)
  • HPE ProLiant BL620c G7 Server Blade - Prior to 2018.02.22(16 Mar 2018)
  • HPE ProLiant BL490c G7 Server Blade - Prior to 2018.02.22(16 Mar 2018)
  • HPE ProLiant BL460c G7 Server Blade - Prior to 2018.02.22(16 Mar 2018)
  • HPE ProLiant DL980 G7 Server - Prior to 2018.02.22(17 Mar 2018)
  • HPE ProLiant DL360 G7 Server - Prior to 2018.02.22(16 Mar 2018)
  • HPE ProLiant DL120 G7 Server - Prior to 2018.02.22(16 Mar 2018)
  • HPE ProLiant ML110 G7 Server - Prior to 2018.02.22(16 Mar 2018)
  • HPE ProLiant DL580 G7 Server - Prior to 2018.02.22(16 Mar 2018)
  • HPE ProLiant DL380 G7 Server - Prior to 2018.02.22(16 Mar 2018)
  • HPE ProLiant ML370 G6 Server - Prior to 2018.02.22(16 Mar 2018)
  • HPE ProLiant BL2x220c G6 Server Blade - Prior to 2018.02.22(16 Mar 2018)
  • HPE ProLiant BL490c G6 Server Blade - Prior to 2018.02.22(16 Mar 2018)
  • HPE ProLiant BL460c G6 Server Blade - Prior to 2018.02.22(16 Mar 2018)
  • HPE ProLiant BL280c G6 Server Blade - Prior to 2018.02.22(16 Mar 2018)
  • HPE ProLiant DL380 G6 Server - Prior to 2018.02.22(16 Mar 2018)
  • HPE ProLiant DL370 G6 Server - Prior to 2018.02.22(16 Mar 2018)
  • HPE ProLiant DL360 G6 Server - Prior to 2018.02.22(16 Mar 2018)
  • HPE ProLiant ML350 G6 Server - Prior to v02/22/2018
  • HPE ProLiant ML330 G6 Server - Prior to 2018.02.22(16 Mar 2018)
  • HPE ProLiant DL320 G6 Server - Prior to 2018.02.22(16 Mar 2018)
  • HPE Integrity MC990 X Server - Prior to 2018.03 (3/17/2018)
  • SGI UV 300, 300H, 300RL, 30EX - Prior to 2018.03 (3/17/2018)
  • HPE AppSystems for SAP HANA - Scale Out Configurations - All currently delivered versions
  • HPE ProLiant DL585 G7 Server (AMD) - Prior to 2018.03.14(12 Apr 2018)
  • HPE ProLiant SL4545 G7 Server (AMD) - Prior to 2018.03.14(A)(12 Apr 2018)
  • HPE ProLiant BL685c G7 Server Blade (AMD) - Prior to 2018.03.14(12 Apr 2018)
  • HPE ProLiant DL180 G6 Server HPE will not provide a microcode patch. Apply OS vendor patches to mitigate
  • HPE ProLiant SL160z G6 Server HPE will not provide a microcode patch. Apply OS vendor patches to mitigate
  • HPE ProLiant ML110 G6 Server HPE will not provide a microcode patch. Apply OS vendor patches to mitigate
  • HPE ProLiant SL160s G6 Server HPE will not provide a microcode patch. Apply OS vendor patches to mitigate
  • HPE ProLiant DL120 G6 Server HPE will not provide a microcode patch. Apply OS vendor patches to mitigate
  • HPE ProLiant ML150 G6 Server HPE will not provide a microcode patch. Apply OS vendor patches to mitigate
  • HPE ProLiant DL160 G6 Server HPE will not provide a microcode patch. Apply OS vendor patches to mitigate
  • HPE ProLiant DL170e G6 Server HPE will not provide a microcode patch. Apply OS vendor patches to mitigate
  • HPE ProLiant DL170h G6 Server HPE will not provide a microcode patch. Apply OS vendor patches to mitigate
  • HPE ProLiant SL170s G6 Server HPE will not provide a microcode patch. Apply OS vendor patches to mitigate
  • HPE ProLiant SL170z G6 Server HPE will not provide a microcode patch. Apply OS vendor patches to mitigate
  • HPE ProLiant SL2x170z G6 Server HPE will not provide a microcode patch. Apply OS vendor patches to mitigate
  • HPE ProLiant DL120 Gen9 Server - Prior to 2.56_01-22-2018(23 Feb 2018)
  • HPE ProLiant DL160 Gen9 Server - Prior to 2.56_01-22-2018(23 Feb 2018)
  • HPE ProLiant DL380 Gen9 Server - Prior to 2.56_01-22-2018(23 Feb 2018)
  • HPE ProLiant m710 Server Cartridge - Prior to 2018.01.22(24 Feb 2018)
  • HPE ConvergedSystem 700 (CS700) - All currently delivered versions
  • HPE ProLiant BL460c Gen8 Server Blade - Prior to 2018.01.22(2 Mar 2018)
  • HPE ProLiant BL660c Gen8 Server Blade - Prior to 2018.01.22(2 Mar 2018)
  • HPE ProLiant XL230a Gen9 Server - Prior to 2.56_01-22-2018(23 Feb 2018)
  • HPE ProLiant ML350 Gen10 Server - prior to 1.32_02-01-2018(16 Feb 2018)
  • HPE ProLiant XL190r Gen10 Server - prior to 1.32_02-01-2018 (16 Feb 2018) - Includes System ROM Flash Binary and RESTful API BIOS Schemas
  • HPE ProLiant XL170r Gen10 Server - prior to 1.32_02-01-2018 (16 Feb 2018) - Includes System ROM Flash Binary and RESTful API BIOS Schemas
  • HPE ProLiant XL730f Gen9 Server - Prior to 2.56_01-22-2018(23 Feb 2018)
  • HPE ProLiant DL180 Gen9 Server - Prior to 2.56_01-22-2018(23 Feb 2018)
  • HPE ProLiant ML350 Gen9 Server - Prior to 2.56_01-22-2018(23 Feb 2018)
  • HPE Cloudline CL5200 Gen9 Server - Prior to 4H4C2130(3/14/2018)
  • HPE Cloudline CL3100 Gen9 Server - Prior to 2F4C2230(3/7/2018) - Windows and Linux
  • HPE ProLiant SL390s G7 Server - Prior to 2018.02.22(16 Mar 2018)

BACKGROUND

CVSS Version 3.0 and Version 2.0 Base Metrics
Reference
V3 Vector
V3 Base Score
V2 Vector
V2 Base Score
CVE-2017-5715
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
5.5
(AV:L/AC:M/Au:N/C:C/I:N/A:N)
4.7
CVE-2017-5753
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
5.5
(AV:L/AC:M/Au:N/C:C/I:N/A:N)
4.7
CVE-2017-5754
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
5.5
(AV:L/AC:M/Au:N/C:C/I:N/A:N)
4.7
CVE-2018-3693
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
5.5
(AV:L/AC:M/Au:N/C:C/I:N/A:N)
4.7
Information on CVSS is documented in HPE Customer Notice: HPSN-2008-002

RESOLUTION

Intel has now granted the microcode update for certain G7 and G6 system ROM updates and they are available for download as of March 16, 2018. Intel has now granted the microcode update for certain Gen9 and Gen8 system ROM updates and they are available for download as of February 23, 2018. Intel has now granted the microcode update for Gen10 System ROM updates and they are available for download as of February 20, 2018.

On January 11, Intel announced issues with an increased frequency of reboots when using the microcodes they released to address Variant 2 of the Spectre Vulnerability for numerous processors including Broadwell, Haswell, Skylake, Kaby Lake, Ivybridge, and Sandybridge processors. Intel has now identified the root cause of these issues and determined that these microcodes may introduce reboots and other unpredictable system behavior. Due to the severity of the potential issues that may occur when using these microcodes, Intel is now recommending that customers discontinue their use. Additional information is available from Intel’s Security Exploit Newsroom here: https://newsroom.intel.com/press-kits/security-exploits-intel-products/  Non-HPE site . HPE is in alignment with Intel in our recommendation that customers discontinue use of System ROMs including impacted microcodes and revert to earlier System ROM versions.

All System ROMs including impacted microcodes were removed from the HPE Support Site. This impacts HPE ProLiant and Synergy, Gen9, and Gen8 v2 servers as well as HPE Superdome servers for which updated System ROMs had previously been made available. Intel is working on updated microcodes to address these issues, and HPE will validate updated System ROMs including these microcodes and make them available to our customers in the coming weeks.

Mitigations for Variant 1 (Spectre) and Variant 3 (Meltdown) vulnerabilities require only OS updates and are not impacted.

  • HPE has provided a customer bulletin https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-a00039267en_us with specific instructions to obtain the udpated sytem ROM

  • NonStop customers should carefully review all pertinent NonStop Hotstuff notices BEFORE taking any action.

  • Note:

    • CVE-2017-5715 (Variant 2) and SpectreRSB require that the System ROM be updated and a vendor supplied operating system update be applied as well.
    • For CVE-2017-5753, CVE-2017-5754 (Spectre variants 1, 1.2, NetSpectre and variant 3) require only updates of a vendor supplied operating system.
    • For CVE-2018-3693 Spectre variant 1.1 Bounds Check Bypass Stores require only updates of a vendor supplied operating system.
    • HPE will continue to add additional products to the list.
HISTORY
  • Version:1 (rev.1) - 4 January 2018 Initial release
  • Version:2 (rev.2) - 5 January 2018 Added additional impacted products
  • Version:3 (rev.3) - 10 January 2018 Added more impacted products
  • Version:4 (rev.4) - 9 January 2018 Fixed product ID
  • Version:5 (rev.5) - 18 January 2018 Added additional impacted products
  • Version:6 (rev.6) - 19 January 2018 updated impacted product list
  • Version:7 (rev.7) - 23 January 2018 Marked impacted products with TBD for System ROM updates per Intel's guidance on microcode issues
  • Version:8 (rev.8) - 24 January 2018 Added additional impacted products
  • Version:9 (rev.9) - 25 January 2018 Added additional impacted products
  • Version:10 (rev.10) - 25 January 2018 Added additional impacted products, adjusted CVSS score
  • Version:11 (rev.11) - 1 February 2018 Added additional impacted products
  • Version:12 (rev.12) - 13 February 2018 Updated NonStop Product information
  • Version:13 (rev.13) - 16 February 2018 Removed not impacted product
  • Version:14 (rev.14) - 22 February 2018 Updated Gen10 products (for Intel Skylake-SP) with released System Rom
  • Version:15 (rev.15) - 2 March 2018 Updated certain Gen9, and Gen8 products, corrected CVSS vectors
  • Version:16 (rev.16) - 6 March 2018 Added Gen6 and Gen7 Systems
  • Version:17 (rev.17) - 17 March 2018 Updated nonstop information, added CVEs to title
  • Version:18 (rev.18) - 19 March 2018 Added superdome flex resolution, added resolution for certain G6, G7 servers
  • Version:19 (rev.19) - 30 March 2018 Added Cloudline products and adjusted ROM version names to match HPE Support Center
  • Version:20 (rev.20) - 14 April 2018 Added certain AMD processor-based systems
  • Version:21 (rev.21) - 8 May 2018 Updated Superdome X and Superdome Flex Version Information
  • Version:22 (rev.22) - 29 June 2018 HPE will not provide microcode patches for certain ProLiant G6 Systems. Apply OS vendor patches to mitigate
  • Version:23 (rev.23) - 23 July 2019 Added Spectre 1.1 Bounds Check Bypass Store CVE-2018-3693, added Spectre 1.2, SpectreRSB, NetSpectre - these are remediated by the fixes provided by OS vendors
  • Version:24 (rev.24) - 5 May 2020 Added Moonshot m710x to impacted products list

Third Party Security Patches: Third party security patches that are to be installed on systems running Hewlett Packard Enterprise (HPE) software products should be applied in accordance with the customer's patch management policy.

Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HPE Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hpe.com.

Report: To report a potential security vulnerability for any HPE supported product:

Subscribe: To initiate a subscription to receive future HPE Security Bulletin alerts via Email: http://www.hpe.com/support/Subscriber_Choice

Security Bulletin Archive: A list of recently released Security Bulletins is available here: http://www.hpe.com/support/Security_Bulletin_Archive

©Copyright 2025 Hewlett Packard Enterprise Development LP
Hewlett Packard Enterprise Development shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HPE nor its affiliates, subcontractors or suppliers will be liable for incidental, special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett Packard Enterprise Development and the names of Hewlett Packard Enterprise Development products referenced herein are trademarks of Hewlett Packard Enterprise Development in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners.
Risque global de sécurité
Afficher les détails du CVE (failles et vulnérabilités communes)
Produits associés
  • HPE ProLiant SL170s G6 Server
  • HPE Integrity MC990 X Server
  • HPE ProLiant XL450 Gen9 Server
    • Afficher tout
    Sur cette page
    • HPESBHF03805 rev.24 - Certain HPE products using Microprocessors from Intel, AMD, and ARM, with Speculative Execution, Elevation of Privilege and Information Disclosure (CVE-2017-5715, CVE-2017-5753, CVE-2017-5754)
      • VULNERABILITY SUMMARY
      • SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
      • BACKGROUND
      • RESOLUTION
    Avis juridique: Les produits vendus avant le 1er novembre 2015, date de la séparation de Hewlett-Packard Company en Hewlett Packard Enterprise Company et HP Inc. peuvent avoir d'autres noms et des numéros de modèle différents des versions actuelles.
    Hewlett Packard Enterprise est convaincu qu'il faut être inclusif sans condition. Les travaux de travaux de remplacement des termes non inclusifs dans nos produits actifs sont en cours.
    This page has an error. You might just need to refresh it. [NoErrorObjectAvailable] lightningout:client-error:script-setup:https://support.hpe.com/connect/l/%7B%22mode%22%3A%22PROD%22%2C%22dfs%22%3A%228%22%2C%22app%22%3A%22c%3AdceLightningOutApp%22%2C%22loaded%22%3A%7B%22APPLICATION%40markup%3A%2F%2Fc%3AdceLightningOutApp%22%3A%22739_dzZllEEIH7iFM5YnuoPToQ%22%7D%2C%22styleContext%22%3A%7B%22c%22%3A%22other%22%2C%22x%22%3A%5B%223%22%2C%22SLDS%22%2C%22isDesktop%22%5D%2C%22tokens%22%3A%5B%22markup%3A%2F%2Fforce%3AsldsTokens%22%2C%22markup%3A%2F%2Fforce%3Abase%22%2C%22markup%3A%2F%2Fforce%3AformFactorLarge%22%5D%2C%22tuid%22%3A%22614bpEEa2TzAg8-fXeYADg%22%2C%22cuid%22%3A547826658%7D%2C%22pathPrefix%22%3A%22%2Fconnect%22%7D/app.css?3=
    wiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwiwi