(update 2018/05/22) New security vulnerabilities, CVE-2018-3639 and CVE-2018-3640 are derivatives of speculative execution side-channel analysis methods publicly disclosed in January 2018.(CVE-2017-5715, CVE-2017-5753 and CVE-2017-5754). As intel’s recommendation, mitigation of these 2 new variants require both BIOS and OS/VMM update. Please refer to the link for new BIOS release version and schedule - http://www.qct.io/Press-Releases/index/PR/Server/Intel-SA-00115.
(update 2018/03/09) QCT has received new microcode for Skylake/Broadwell/Haswell/IvyBridge/SandyBridge CPU from Intel.
Please refer to ‘’Table 1 - BIOS updates for QCT products’’ for BIOS fixed version and available week.(update 2018/02/27) QCT has received new microcode for Broadwell/Haswell servers from Intel. We will release BIOS for D51B-1U/2U, D51BP-1U/2U, T41S-2U and T41SP-2U in WK09 and will keep you posted when other projects are available. Please refer to BIOS fixed version and release week in table 1.
| Table 1 - BIOS updates for QCT products | ||||
|---|---|---|---|---|
| QCT servers | CPU | BIOS fixed version | BIOS release week | Remark |
| D52B-1U | Intel® Xeon® Scalable Processor Family (Skylake) | 3A10.Q04 | WK09 | QCT recommends customers to update with''BIOS+BMC package’’ ver.1.04 Which fixed an issue on older than BMC v3.4x version that can not batch update BIOS. |
| D52BQ | 3A10.Q04 | |||
| T42S-2U | 3A10.Q04 | |||
| T42SP-2U | 3A10.Q04 | |||
| T42D-2U | 3A10.Q04 | |||
| D51B-1U/2U | Intel® Xeon® Processor E5v4 & E5v3 Product Family (Broadwell & Haswell) | 3B10.06 | WK09 (2/27) | n/a |
| T41S-2U | 3B09.06 | |||
| T21P-4U | 3B08.06 | |||
| T41SP-2U | 3B09.06 | WK10-WK11 (3/9) | ||
| D51PH-1ULH | 3B08.06 | |||
| T21SR-2U | 3B08.06 | |||
| D51PL-4U | 3B08.06 | |||
| D51BV-2U | 3B10.06 | |||
| D51PS-1U | 3B08.06 | |||
| D51BP-1U/2U | 3B10.03 | |||
| D51PC-1U | 3B08.06 | |||
| S31A-1U | Intel® Xeon® Processor E3-1200 v5 & 1200 v6 product family (Skylake E3) | 3B09.02 | WK12(3/28) | n/a |
| X10E-9N | 3B09.02 | WK12(3/28) | ||
| Rackgo X Leopard Cave | Intel® Xeon® Processor E5 & E5v2 Product Family (Ivy Bridge & Sandy Bridge) | in progress | WK13 | |
| SD1Q-1ULH | Intel® Xeon-D (Broadwell) | in progress | 2018 ww28 | |
| Q71L-4U | Intel® Xeon® processor E7 v2, v3 and v4 product family (Ivy Bridge EX, Haswell EX) | in progress | 2018 ww28 | |
| S910-X31E | Intel® Xeon® Processor E3-1200 v3 & v4 Product Family (Broadwell E3 & Haswell E3) | in progress | WK18-WK22 | |
| S810-X52L | Intel® Xeon® Processor E5 & E5v2 Product Family (Ivy Bridge & Sandy Bridge) | S2L_4A18 | 2018 ww28 | |
| S210-X12RS (1U) | S2RS4A21 | 2018 ww28 (depending on Intel microcode release schedule or debug-fixed schedule) | ||
| S210-X22RQ (2U) | S2RS4A21 | 2018 ww28 (depending on Intel microcode release schedule or debug-fixed schedule) | ||
| S210-X12MS | S2MS3B12 | 2018 ww29 | ||
| S210-X2A2J | S2J_3A32.02 | WK18-WK22 | ||
| S200-X22TQ | S2TQ3B06.02 | WK18-WK22 | ||
| S200-X12TS | S2TS3B06.02 | WK18-WK22 | ||
| F06A | Intel® Xeon® Processor E5v3 & E5v4 Product Family (Haswell & Broadwell) |
F06A3C16.03 | 2018 ww25 (depending on Intel microcode release schedule or debug-fixed schedule) | |
| F03A | Intel® Xeon® Processor E5 & E5v2 Product Family (Ivy Bridge & Sandy Bridge) | F03A3A09 | 2018 ww30 (depending on Intel microcode release schedule) | |
Regarding Customized BIOS, please contact your account sales for release schedule and BIOS with microcode.
As intel’s recommendation, mitigation of these 3 variants require both OS and BIOS update. (Table 2 - Security issue variants)
Please check with OS or VM vendors for related information.
Table2.
| Table 2 - Security issue variants | |||
|---|---|---|---|
| Variants | Mitigation options | ||
| No. | Codename | CVE# | |
| Variant 1 (Bound chech Bypass) |
Spectre | CVE 2017-5753 | OS/VMM |
| Variant 2 (Branch target injection) |
Spectre | CVE 2017-5715 | Microcode update + OS/VMM |
| Variant 3 (Rough data Load) |
Meltdown | CVE 2017-5754 | OS/VMM |
===== Updated 2018/1/4 =====
An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions
The security vulnerability affected QCT’s server and storage product lines. QCT had made update microcode available for most of our recent release products on the product download page. We highly recommend our customer allocate validation resource to implement new BIOS with update microcode. These vulnerabilities are not unique to QCT servers and will affect any systems using modern microprocessor architectures with impacted firmware revisions.Acknowledgements
|