MeltdownSpectre
Meltdown and Spectre security flaw : Informations for Bull HPC Servers
On January 3, 2018, CVE-2017-5753, CVE-2017-5715 and CVE-2017-5754 have been disclosed announcing speculative execution and indirect branch prediction vulnerabilities with many moderm microprocessors commonly referred to as Meldon and Spectre. There are known through the following name:
Variant 1: Bounds Check Bypass – CVE-2017-5753
Variant 2: Branch Target Injection – CVE-2017-5715
Variant 3: Rogue Data Cache Load (Meltdown) – CVE-2017-5754
Intel Security Advisory : INTEL-SA-00088.
Mitigations for Variant 1 and Variant 3 require a software update.
Mitigations for Variant 2 require a software update and new processor microcode usually provided with new BIOS.
On May 21, 2018, CVE-2018-3639 and CVE-2018-3640 have been disclosed annoucing new variant of the Spectre/Meldown vulnerabilities.
Variant 3a: Rogue System Register Read – CVE-2018-3640
Variant 4: Speculative Store Bypass – CVE-2018-3639
Intel Security Advisory : INTEL-SA-00115.
Mitigations for Variant 3a are only available with a new processor microcode. There is no software.
Mitigation for Variant 4 require a new processor microcode and a software update
Iinformation on software and BIOS to mitigate variant 3a and 4 will be added as information becomes available.
Software updates for Spectre variant 1, 2 and 3:
| SCS5 R1 | RHEL7.4 |
|---|---|
|
FIX#1300: RHEL7.4 kernel 3.10.0-693.11.6 tested with SCS5 FIX#1301: SCS5 kernel drivers tested with RHEL7.4 kernel 3.10.0-693.11.6 |
RHSA-2018:0007: kernel 3.10.0-693.11.6 RHSA-2018:0012: microcode_ctl RHSA-2018:0023: qemu-kvm RHSA-2018:0029: libvirt RHBA-2018:0042: dracut |
| SCS4 AE4 | RHEL6.9 |
|---|---|
|
FIX#1302: RHEL 6.9 kernel 2.6.32-696.18.7 tested with SCS4 AE4 FIX#1303: AE4 kernel drivers and kernel_H for RHEL 6.9 kernel 2.6.32-696.18.7 |
RHSA-2018:0008: kernel 2.6.32-696.18.7 RHSA-2018:0024: qemu-kvm RHSA-2018:0030: libvirt RHSA-2018:0013: microcode_ctl |
All the FIXs for SCS5 R1 , SCS4 AE4 and Red Hat Erratas have been released and can be downloaded from the Bull HPC software distribution server.
For any other Operating System, customers are advised to contact their OS distributor.
BIOS updates for Spectre & Meltdown:
BIOS availability for bullx S, bullx R, bullx B, bullx DLC and Bull Sequana
| Description | CPU | Firmware link | Date | |
|---|---|---|---|---|
Sequana |
BIOSX09_BD | Broadwell | TS022.01 | 30 Mar 2018 |
| BIOS_KNL020 | KNL | |||
| BIOS_SKL030 | Skylake | |||
Mesca2 |
BIOSX05 | IvyBridge-EX | TS024.05 | Oct 2018 |
| BIOSX08 | Haswell-EX | |||
| BIOSX10 | Broadwell-EX | |||
Mesca3 |
BIOS_SKL040 | Skylake | TS005.02 | 10 April 2018 |
Newsca |
BIOSX03 | SandyBridge/IvyBridge | TS042.03 | Nov 2018 |
| BIOSX07 | Haswell | |||
| BIOSX09 | Broadwell | |||
Inca |
BIOSX03 | SandyBridge/IvyBridge B510 | ||
| BIOSX06 | SandyBridge/IvyBridge B515 | |||
| BIOSX07 | Haswell | 07.037.05.007 | 28 Mar 2018 | |
| BIOSX09 | Broadwell | 09.048.02.002 | 28 Mar 2018 |
| Reference | Motherboard | Firmware rev. | Date | |
|---|---|---|---|---|
E5 |
Bull Sequana X410 1U | X11DGQ | v2.0b |
2/28/2018 |
| Bull Sequana X430 2U2S | X11DPI-NT | v2.0b | 6/14/2018 | |
| Bull Sequana X430 1U1S | X11SPW-TF | v2.1 | 2/26/2018 | |
| Bull Sequana X440 2U4N 3x3.5" | X11DPT-PS | v2.0b | 2/24/2018 | |
| Bull Sequana X440 2U4N 6x2.5" | X11DPT-PS | v2.0b | 2/24/2018 | |
| Bull Sequana X450 4U | X11DPG-QT | v2.1 | 7/20/2018 | |
SuperBlade |
Bull Sequana X550 blade | B11DPT | ||
E4 |
R421-E4 | X10DRG-H | v3.1 | 6/15/2018 |
| R421 E4k | X10DGQ | v3.0a | 2/15/2018 | |
| R425 E4 | X10DRG-Q | v3.1 | 6/08/2018 | |
| R424 E4 | X10DRT-P | v3.1 | 6/07/2018 | |
| R424 E4j | X10DRT-P | v3.1 | 6/07/2018 | |
| R423 E4i | X10DRi | v3.0a | 2/06/2018 | |
| R423 E4j | X10SRW-F | v3.1 | 6/06/2018 | |
| R423 E4m | X10DRS | |||
E3 |
R421 E3 | X9DRG-HF+ | ||
| R424 E3 | X9DRT-HF | v3.3 | 7/19/2018 | |
| R424 E3-IBQ | X9DRT-HIBQF | |||
| R424 E3-IBF | X9DRT-HIBFF | |||
| R424 F3 | X9DRT-HF | |||
| R424 F3-IBQ | X9DRT-HIBQF | |||
| R424 F3-IBF | X9DRT-HIBFF | |||
| R423 E3i | X9DRi-F | |||
| R423 E3 | X9DRH-7F | v3.3 | 7/13/2018 | |
| R425 E3 | X9DRi-F | v3.3 | 7/12/2018 | |
| R428 E3 | X9QR7-TF+ | |||
E2 |
R424 E2 | |||
| R424 E2-IBQ | ||||
| R424 F2 | ||||
| R424 F2-IBQ | ||||
| R423 E2 | ||||
| R425 E2 |
| Reference | CPU | Firmware rev. | Date | |
|---|---|---|---|---|
| S2600WF | Wolf Pass | Skylake | S2600WF_EFI | |
| S2600BP | Buchanan Pass | S2600BP_EFI | ||
| S2600ST | Sawtooth Pass | S2600ST_EFI | ||
| S2600SP | Silver Pass | |||
| S2600WT | Wildcat Pass | HSW/BRD | ||
| S2600TP | Taylor Pass | S2600TP_EFI | ||
| S2600KP | Kennedy Pass | S2600KP_EFI | ||
| S2600CW | Cottonwood Pass | S2600CW_EFI | ||
| S7200AP | Adam Pass | KNL | S7200APR_UEFI |
If you have any issues to access software or BIOS or if you have an issue to install them, please open a ticket to Atos SMILE
