Hewlett Packard Enterprise Product Security Vulnerability Alerts
AMD Processor Security Vulnerabilities (Fallout/Masterkey/Ryzenfall/Chimera)
Version 3.0 : Last Updated: June 25, 2018
This website is updated frequently, as new product information becomes available.
On March 13, 2018, CTS Labs publicly released information regarding research into security vulnerabilities impacting some AMD products. In terms of HPE Servers, the relevant vulnerabilities impact the AMD Secure Processor (PSP) utilized in the AMD EPYC 7000 Series processor used on the HPE ProLiant DL385 Gen10 and HPE Cloudline CL3150 Gen10 servers. No other HPE server products are impacted by these potential vulnerabilities.
As HPE, working with AMD, learns more information, we will update our communications.
HPE is working with AMD to determine the extent of the vulnerability and what precautions might be needed to mitigate any exposure. Fortunately, the new HPE DL385 Gen10 product ships with all the new HPE security features, including the HPE Silicon Root of Trust. This new HPE technology protects against typical denial of service or permanent denial of service conditions that might be caused by one part of this vulnerability.
Usage Instructions and Definitions for CVE Vulnerability Information |
|
Data |
Definition |
Product Category |
High-level product description. |
Product Sub-Category |
Medium-level product description. |
Product Name |
Detailed product description. |
|
|
(Impacted) |
Indicates whether the specific product is affected by the cited vulnerability. |
|
|
If Impacted - Mitigation or |
Information regarding how to address a vulnerability. |
Under Investigation |
|
Link(s) to security bulletin (Vendor) |
Link to Vendor's Security Bulletin. |
Use the following table to find vulnerability information.
Product Sub-Category |
Product Name |
Impacted |
ROM Family |
Resolved in ROM Version |
Mitigation and Notes |
Customer Bulletin |
Security Bulletin |
|
Cloudline |
Cloudline |
Cloudline CL3150 Gen10 (AMD) |
Yes |
O51 |
5.1.2.0 |
https://www.hpe.com/global/swpublishing/MTX-7bd9870474004043907ec08a8d |
|
|
Servers |
ProLiant |
ProLiant
DL385 Gen10 (AMD System) |
Yes |
A40 |
1.22(04/16/2018) |
Vulnerable
to Fallout Only. Patches available below: |
|
|
Servers |
Moonshot |
Moonshot m700 Server Cartridge (AMD System) |
No |
A34 |
|
|
|
|
Servers |
Moonshot |
Moonshot m700p Server Cartridge (AMD System) |
No |
A35 |
|
|
|
|
Servers |
ProLiant |
ProLiant
BL465c Gen8 (AMD System) |
No |
A26 |
|
|
|
|
Servers |
ProLiant |
ProLiant
DL385 Gen8 (AMD System) |
No |
A28 |
|
|
|
|
Servers |
ProLiant |
ProLiant
DL385 G7 (AMD System) |
No |
|
|
|
|
|
Servers |
ProLiant |
ProLiant
DL585 G7 (AMD System) |
No |
|
|
|
|
|
Servers |
ProLiant |
ProLiant
BL465 G7 (AMD System) |
No |
|
|
|
|
|
Servers |
ProLiant |
ProLiant
BL685 G7 (AMD System) |
No |
|
|
|
|
|
Servers |
ProLiant |
ProLiant
Microserver Gen10 (AMD System) |
No |
|
|
|
|
|