Loading...
Loading...
Document VersionRelease DateDetails703/07/2018Updated document with finalized information on the System ROMs that address this issue and that all fixes have been implemented and there is no longer a need to revert to any previous ROM version; System ROMs for all platforms that were pulled from the HPE Support Site now have newer, updated System ROMs available.603/04/2018Updated document with additional information on this issue, added additional ProLiant Gen8 series systems that now have a System ROM fix, and specifics on ProLiant G7 and G6 platforms that will have a future System ROM fix.502/28/2018Updated document to include System ROMs that correct this issue for Gen9 and certain Gen8 series platforms.402/20/2018Updated document to include System ROMs that correct this issue for Gen10 series platforms301/31/2018Updated Description with detailed issue timeline201/22/2018Updated advisory with additional information on Gen10 platform System ROMs that have also been removed from the HPE Download Site and recommendation to revert to a previous version of the System ROM101/13/2018Original document releaseOn January 3, 2018,an industry-wide vulnerability was publicly disclosed that involves modern microprocessor architectures. Based on new security research, there are software analysis methods that, when used for malicious purposes, have the potential to improperly gather sensitive data from computing devices that are operating as designed. Often referred to as the Side-Channel Analysis Method, or Spectre/Meltdown, this vulnerability impacts microprocessor architectures from both Intel and AMD used on HPE ProLiant and Synergy servers. Mitigation of these issues requires both an Operating System update, provided by the OS vendor, and a System ROM update from HPE.Additional information from Intel is available at the following links:https://www.intel.com/content/www/us/en/architecture-and-technology/facts-about-side-channel-analysis-and-intel-products.html.https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00088&languageid=en-frhttps://newsroom.intel.com/press-kits/security-exploits-intel-products/Within days of the public announcement of the Side Channel Analysis Vulnerability, HPE released System ROMs for Intel-based platforms utilizing updated microcodes that are required for full mitigation of the vulnerability. Specifically, these microcodes are required for Variant 2 (Spectre) of the vulnerability. Starting on January 11, Intel reported issues with the microcodes they had released as part of the mitigation of this issue. On January 22, Intel indicated that these microcodes could result in “unpredictable system behavior.” Due to the potential severity of the issue, HPE removed System ROMs including impacted microcodes from the HPE support site. See the scope section of this document for System ROMs which were removed from the HPE Support Site.Refer to the following links for more information regarding Intel’s public statements on the issues seen with the initial versions of their microcodes:On January 11, 2018, Intel announced issues with an increased frequency of reboots when using the microcodes they released to address Variant 2 of the Spectre Vulnerability for Broadwell and Haswell processors:https://newsroom.intel.com/news/intel-security-issue-update-addressing-reboot-issues/On January 17, 2018, Intel announced issues with an increased frequency of reboots when using the microcodes they released to address Variant 2 of the Spectre Vulnerability for numerous processors including Skylake, Kaby Lake, Ivybridge, and Sandybridge processors:https://newsroom.intel.com/news/firmware-updates-and-initial-performance-data-for-data-center-systems/On January 22, 2018, Intel announced a recommendation to stop using the versions of the System ROMs that included the impacted microcode and to revert to a previous version of the System ROM, as detailed below:https://newsroom.intel.com/news/root-cause-of-reboot-issue-identified-updated-guidance-for-customers-and-partners/HPE has partnered with Intel to validate updated microcodes that support mitigation of the Side Channel Analysis vulnerability while addressing the “unpredictable system behavior” issues seen with the initial microcodes. HPE has now released updated System ROMs (indicated in the Resolution section of this document) for all servers for which the System ROMs had been removed from the HPE support site.For more information on the Side Channel Analysis Vulnerability, also known as Spectre and Meltdown, seeHPEs Customer Bulletin.
The following System ROMs were previously available but have since been removed from the HPE Support Site due to the issues Intel reported with the microcode updates included in them:ROM FamilyROM VersionServersU30v1.28 (12/11/2017)ProLiant DL380 Gen10U31v1.28 (12/11/2017)ProLiant DL160 Gen10, ProLiant DL180 Gen10U32v1.28 (12/11/2017)ProLiant DL360 Gen10U33v1.28 (12/11/2017)ProLiant ML110 Gen10U34v1.28 (12/11/2017)ProLiant DL560 Gen10, ProLiant DL580 Gen10U36v1.28 (12/11/2017)ProLiant DL120 Gen10U37v1.28 (12/11/2017)ProLiant XL230k Gen10U38v1.28 (12/11/2017)ProLiant XL170r Gen10, ProLiant XL190r Gen10U40v1.28 (12/11/2017)ProLiant XL450 Gen10U41v1.28 (12/11/2017)ProLiant ML350 Gen10I41v1.28 (12/11/2017)ProLiant BL460c Gen10I42v1.28 (12/11/2017)SY480 Gen10I43v1.28 (12/11/2017)SY660 Gen10U22v2.52 (12/12/2017)ProLiant DL20 Gen9U23v2.52 (12/12/2017)ProLiant ML30 Gen9H07v1.60 (12/12/2017ProLiant m710x Server CartridgeU13v2.54 (12/07/2017)ProLiant XL230a Gen9, ProLiant XL250a Gen9U14v2.54 (12/07/2017)ProLiant XL170r Gen9, ProLiant XL190r Gen9U15v2.54 (12/07/2017)ProLiant DL60 Gen9, ProLiant DL80 Gen9U18v2.54 (12/07/2017)ProLiant XL730f Gen9, ProLiant XL740f Gen9, ProLiant XL750f Gen9U19v2.54 (12/07/2017)HPE Apollo 4200 Gen9U20v2.54 (12/07/2017)ProLiant DL160 Gen9, ProLiant DL180 Gen9U21v2.54 (12/07/2017)ProLiant XL450 Gen9U25v2.54 (12/07/2017)ProLiant XL270d Accelerator TrayP85v2.54 (12/07/2017)ProLiant DL560 Gen9P86v2.54 (12/07/2017)ProLiant DL120 Gen9P89v2.54 (12/07/2017)ProLiant DL380 Gen9, ProLiant DL360 Gen9P92v2.54 (12/07/2017)ProLiant ML350 Gen9P95v2.54 (12/07/2017)ProLiant ML150 Gen9P99v2.54 (12/07/2017)ProLiant ML110 Gen9I36v2.54 (12/07/2017)ProLiant BL460c Gen9, ProLiant WS460c Gen9I37v2.54 (12/07/2017)SY480 Gen9I38v2.54 (12/07/2017)ProLiant BL660c Gen9I39v2.54 (12/07/2017)HPE Synergy 660 Gen9 Compute ModuleU17v2.54 (12/07/2017)ProLiant DL580 Gen9I40v2.54 (12/07/2017)HPE Synergy 620 Gen9 Compute Module, HPE Synergy 680 Gen9 Compute ModuleH0612/12/2017ProLiant m710p Server CartridgeP7812/12/2017ProLiant ML310e Gen8 v2P8012/12/2017ProLiant DL320e Gen8 v2J1012/12/2017ProLiant ML10 v2H0312/12/2017ProLiant m710 Server Cartridge
HPE has released updated System ROMs including updated microcodes from Intel for all ProLiant and Synergy servers for which the System ROMs had been previously removed from the HPE Support Site.The following table indicates the updated revisions of System ROMs which replace those which were removed from the HPE Support Site (replace those indicated in the Scope section of this document):ROM FamilyUpdated System ROM VersionServersU30v1.32 (02/01/2018)ProLiant DL380 Gen10U31v1.32 (02/01/2018)ProLiant DL160 Gen10, ProLiant DL180 Gen10U32v1.32 (02/01/2018)ProLiant DL360 Gen10U33v1.32 (02/01/2018)ProLiant ML110 Gen10U34v1.32 (02/01/2018)ProLiant DL560 Gen10, ProLiant DL580 Gen10U36v1.32 (02/01/2018)ProLiant DL120 Gen10U37v1.32 (02/01/2018)ProLiant XL230k Gen10U38v1.32 (02/01/2018)ProLiant XL170r Gen10, ProLiant XL190r Gen10U40v1.32 (02/01/2018)ProLiant XL450 Gen10U41v1.32 (02/01/2018)ProLiant ML350 Gen10I41v1.32 (02/01/2018)ProLiant BL460c Gen10I42v1.32 (02/01/2018)SY480 Gen10I43v1.32 (02/01/2018)SY660 Gen10U22v2.56 (01/22/2018)ProLiant DL20 Gen9U23v2.56 (01/22/2018)ProLiant ML30 Gen9H07v1.64 (01/22/2018)ProLiant m710x Server CartridgeU13v2.56 (01/22/2018)ProLiant XL230a Gen9, ProLiant XL250a Gen9U14v2.56 (01/22/2018)ProLiant XL170r Gen9, ProLiant XL190r Gen9U15v2.56 (01/22/2018)ProLiant DL60 Gen9, ProLiant DL80 Gen9U18v2.56 (01/22/2018)ProLiant XL730f Gen9, ProLiant XL740f Gen9, ProLiant XL750f Gen9U19v2.56 (01/22/2018)HPE Apollo 4200 Gen9U20v2.56 (01/22/2018)ProLiant DL160 Gen9, ProLiant DL180 Gen9U21v2.56 (01/22/2018)ProLiant XL450 Gen9U25v2.56 (01/22/2018)ProLiant XL270d Accelerator TrayP85v2.56 (01/22/2018)ProLiant DL560 Gen9P86v2.56 (01/22/2018)ProLiant DL120 Gen9P89v2.56 (01/22/2018)ProLiant DL380 Gen9, ProLiant DL360 Gen9P92v2.56 (01/22/2018)ProLiant ML350 Gen9P95v2.56 (01/22/2018)ProLiant ML150 Gen9P99v2.56 (01/22/2018)ProLiant ML110 Gen9I36v2.56 (01/22/2018)ProLiant BL460c Gen9, ProLiant WS460c Gen9I37v2.56 (01/22/2018)SY480 Gen9I38v2.56 (01/22/2018)ProLiant BL660c Gen9I39v2.56 (01/22/2018)HPE Synergy 660 Gen9 Compute ModuleU17v2.56 (01/22/2018)ProLiant DL580 Gen9I40v2.56 (01/22/2018)HPE Synergy 620 Gen9 Compute Module, HPE Synergy 680 Gen9 Compute ModuleH0601/22/2018ProLiant m710p Server CartridgeP7801/22/2018ProLiant ML310e Gen8 v2P8001/22/2018ProLiant DL320e Gen8 v2J1001/22/2018ProLiant ML10 v2H0301/22/2018ProLiant m710 Server CartridgeRECEIVE PROACTIVE UPDATES: Receive support alerts (such as Customer Advisories), as well as updates on drivers, software, firmware, and customer replaceable components, proactively via e-mail through HPE Subscriber's Choice. Sign up for Subscriber's Choice at the following URL:Proactive Updates Subscription Form.NAVIGATION TIP: For hints on navigating HPE.com to locate the latest drivers, patches, and other support software downloads for ProLiant servers and Options, refer to theNavigation Tips document.SEARCH TIP: For hints on locating similar documents on HPE.com, refer to theSearch Tips Document.
Operating Systems Affected:Not Applicable
Click on a version to see all relevant bugs
Hewlett Packard Enterprise Integration
Learn more about where this data comes from
Bug Scrub Advisor
Streamline upgrades with automated vendor bug scrubs
BugZero Enterprise
Wish you caught this bug sooner? Get proactive today.