Info
Document Version
Release Date
Details
3
06/23/2021
Updated the Resolution section.
2
07/11/2018
Added a note in the Description section (also referred to as Meltdown and Spectre). Removed previous Resolution content and added new content.
1
01/10/2018
Original Document Release.
On January 3, 2018, side-channel security vulnerabilities involving speculative execution were publicly disclosed (also referred to as
Meltdown and Spectre). These vulnerabilities may impact the listed HPE products, potentially leading to information disclosure and elevation of privilege. Mitigation and resolution of these vulnerabilities calls for a firmware update, a hypervisor update and potentially an update to the embedded controller virtual machine for SimpliVity.
Intel has provided a high level statement here:
https://newsroom.intel.com/news/intel-responds-to-security-research-findings/
For additional information:
https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00088&languageid=en-fr
Operating System Vendor Response:
VMware:
https://www.vmware.com/security/advisories/VMSA-2018-0002.html
Scope
Any HPE Simplivity 380 Gen9 and Gen10 Nodes, SimpliVity OmniCube and SimpliVity OmniStack for Cisco, for Dell or for Lenovo.
Resolution
HPE OmniStack version 3.7.4 provides for resolution of the Spectre(CVE-2017-5715, CVE-2017-5753) and Meltdown (CVE 2017-5754) vulnerabilities on the HPE SimpliVity 380 and SimpliVity OmniStack/OmniCube systems running with VMware ESXi versions 6.0 and 6.5.
HPE OmniStack v3.7.4 delivers microcode updates for the HPE hardware platforms and the OmniStack OS updates required by all SimpliVity systems. Microcode updates for Cisco, Dell, and Lenovo systems can be obtained from the respective hardware vendor. VMware ESXi v6.0 and v6.5 patches for Spectre and Meltdown must be installed separately.
HPE OmniStack v3.7.10 U1 includes HPE OmniStack software, HPE hardware, and VMware updates to address the Spectre and Meltdown vulnerabilities.
VMware ESXi 5.5 patches to address the Spectre and Meltdown vulnerabilities are qualified to run on the SimpliVity OmniStack for Cisco, SimpliVity OmniStack for Dell and SimpliVity OmniCube platforms.
RECEIVE PROACTIVE UPDATES
: Receive support alerts (such as Customer Advisories), as well as updates on drivers, software, firmware, and customer replaceable components, proactively via e-mail through HPE Subscriber's Choice. Sign up for Subscriber's Choice at the following URL:
Proactive Updates Subscription Form.
NAVIGATION TIP
: For hints on navigating HPE.com to locate the latest drivers, patches, and other support software downloads for ProLiant servers and Options, refer to the
Navigation Tips document
.
SEARCH TIP
: For hints on locating similar documents on HPE.com, refer to the
Search Tips Document
.
