Hewlett Packard Enterprise Product Security Vulnerability Alerts
Microarchitectural Data Sampling (a.k.a. MDS, ZombieLoad, RIDL & Fallout)
Version 9.0 : Last Updated: February 4, 2020
This website is updated frequently, as new product information becomes available.
On May 14, 2019, Intel and other industry partners shared details and information about a new group of vulnerabilities collectively called Microarchitectural Data Sampling (MDS). These security vulnerabilities in CPUs may allow information disclosure. Intel is releasing microcode updates (MCU) to support mitigation of these potential vulnerabilities.These are coupled with corresponding updates to operating system and hypervisor software.
More details are available through CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091 and Intel Security Advisory.
Note: Itanium® microarchitecture Processors are not affected by MDS. For Intel back up on this statement, see the link below:
In the CPUID Enumeration section, a note states:
"Note: Processors that are not explicitly listed in the List of MDS-affected processors by Family/Model table, like processors based on Itanium® microarchitecture, are not affected by MDS."
- Resources
- Intel Security Advisory
- HPE Vulnerability Homepage
- Intel Microarchitectural Data Sampling (MDS) Technical Advisory
- National Vulnerability Database (NVD) Website
- HPE Security Bulletin
- HPE Support Center
|
Usage Instructions and Definitions for CVE Vulnerability Information |
|
|
Data |
Definition |
|
Product Category |
High-level product description. |
|
Product Sub-Category |
Medium-level product description. |
|
Product Name |
Detailed product description. |
|
|
|
|
(Impacted) |
Indicates whether the specific product is affected by the cited vulnerability. |
|
|
|
|
If Impacted - Mitigation or |
Information regarding how to address a vulnerability. |
|
Under Investigation |
|
|
Link(s) to security bulletin (Vendor) |
Link to Vendor's Security Bulletin. |
Use the following table to find vulnerability information by entering the name of the product (e.g. ML350) in the search box.
|
Sub Category |
Product Name |
Impacted |
Mitigation and Notes |
Customer Bulletin |
Security Bulletin |
|
|
Servers |
Proliant |
HPE ProLiant DL360 Gen10 |
Yes |
Update to System ROM 2.04
04/19/2019 |
|
|
|
Servers |
Proliant |
HPE ProLiant DL380 Gen10 |
Yes |
Update to System ROM 2.04 04/19/2019 |
|
|
|
Servers |
Proliant |
HPE ProLiant DL160 Gen10 |
Yes |
Update to System ROM 2.04 04/19/2019 |
|
|
|
Servers |
Proliant |
HPE ProLiant DL180 Gen10 |
Yes |
Update to System ROM 2.04 04/19/2019 |
|
|
|
Servers |
Proliant |
HPE ProLiant DL560 Gen10 |
Yes |
Update to System ROM 2.04 04/19/2019 |
|
|
|
Servers |
Proliant |
HPE ProLiant DL580 Gen10 |
Yes |
Update to System ROM 2.04 04/19/2019 |
|
|
|
Servers |
Proliant |
HPE ProLiant ML350 Gen10 |
Yes |
Update to System ROM 2.04 04/19/2019 |
|
|
|
Servers |
Proliant |
HPE ProLiant ML110 Gen10 |
Yes |
Update to System ROM 2.04 04/19/2019 |
|
|
|
Servers |
Proliant |
HPE ProLiant BL460c Gen10 |
Yes |
Update to System ROM 2.04 04/19/2019 |
|
|
|
Servers |
Synergy |
HPE Synergy 480 Gen10 compute
module |
Yes |
Update to System ROM 2.04 04/19/2019 |
|
|
|
Servers |
Synergy |
HPE Synergy 660 Gen10 compute
module |
Yes |
Update to System ROM 2.04 04/19/2019 |
|
|
|
Servers |
Apollo |
HPE ProLiant XL170r Gen10 (aka
A2000) |
Yes |
Update to System ROM 2.04 04/19/2019 |
|
|
|
Servers |
Apollo |
HPE ProLiant XL190r Gen10 (aka
A2000) |
Yes |
Update to System ROM 2.04 04/19/2019 |
|
|
|
Servers |
Apollo |
HPE ProLiant XL230k Gen10 (aka
A6000) |
Yes |
Update to System ROM 2.04 04/19/2019 |
|
|
|
Servers |
Apollo |
HPE ProLiant XL420 Gen10 (aka
A4200) |
Yes |
Update to System ROM 2.04 04/19/2019 |
|
|
|
Servers |
Apollo |
HPE ProLiant XL450 Gen10 (aka A4500
Gen10) |
Yes |
Update to System ROM 2.04 04/19/2019 |
|
|
|
Servers |
Apollo |
HPE ProLiant XL370d Gen10 (aka
A6500 Gen10) |
Yes |
Update to System ROM 2.04 04/19/2019 |
|
|
|
Servers |
Proliant |
HPE ProLiant DL120 Gen10 |
Yes |
Update to System ROM 1.52 4/18/2019 |
|
|
|
Servers |
Proliant |
HPE ProLiant DL20 Gen10 |
Yes |
Update to System ROM 1.22 4/4/19 |
|
|
|
Servers |
Proliant |
HPE ProLiant ML30 Gen10 |
Yes |
Update to System ROM 1.22 4/4/19 |
|
|
|
Servers |
Proliant |
HPE ProLiant DL360 Gen9 |
Yes |
Update to System ROM 2.72 03/25/19 |
|
|
|
Servers |
Proliant |
HPE ProLiant DL380 Gen9 |
Yes |
Update to System ROM 2.72 03/25/19 |
|
|
|
Servers |
Proliant |
HPE ProLiant DL560 Gen9 |
Yes |
Update to System ROM 2.72 03/25/19 |
|
|
|
Servers |
Proliant |
HPE ProLiant DL160 Gen9 |
Yes |
Update to System ROM 2.72 03/25/19 |
|
|
|
Servers |
Proliant |
HPE ProLiant DL180 Gen9 |
Yes |
Update to System ROM 2.72 03/25/19 |
|
|
|
Servers |
Proliant |
HPE ProLiant DL120 Gen9 |
Yes |
Update to System ROM 2.72 03/25/19 |
|
|
|
Servers |
Proliant |
HPE ProLiant DL60 Gen9 |
Yes |
Update to System ROM 2.72 03/25/19 |
|
|
|
Servers |
Proliant |
HPE ProLiantDL80 Gen9 |
Yes |
Update to System ROM 2.72 03/25/19 |
|
|
|
Servers |
Proliant |
HPE ProLiant ML110 Gen9 |
Yes |
Update to System ROM 2.72 03/25/19 |
|
|
|
Servers |
Proliant |
HPE ProLiant ML150 Gen9 |
Yes |
Update to System ROM 2.72 03/25/19 |
|
|
|
Servers |
Proliant |
HPE ProLiant ML350 Gen9 |
Yes |
Update to System ROM 2.72 03/25/19 |
|
|
|
Servers |
Proliant |
HPE ProLiant XL230a/XL250a Gen9 |
Yes |
Update to System ROM 2.72 03/25/19 |
|
|
|
Servers |
Proliant |
HPE ProLiant XL230b Gen9 |
Yes |
Update to System ROM 2.72 03/25/19 |
|
|
|
Servers |
Proliant |
HPE ProLiant XL170r Gen9 |
Yes |
Update to System ROM 2.72 03/25/19 |
|
|
|
Servers |
Proliant |
HPE ProLiant XL190r Gen9 |
Yes |
Update to System ROM 2.72 03/25/19 |
|
|
|
Servers |
Proliant |
HPE ProLiant XL730f Gen9 |
Yes |
Update to System ROM 2.72 03/25/19 |
|
|
|
Servers |
Proliant |
HPE ProLiant XL420 Gen9 (HPE Apollo
4200 Gen9 Server) |
Yes |
Update to System ROM 2.72 03/25/19 |
|
|
|
Servers |
Proliant |
HPE ProLiant XL450 Gen9 |
Yes |
Update to System ROM 2.72 03/25/19 |
|
|
|
Servers |
Proliant |
HPE ProLiant XL720d Gen9 |
Yes |
Update to System ROM 2.72 03/25/19 |
|
|
|
Servers |
Proliant |
HPE ProLiant BL460c Gen9 |
Yes |
Update to System ROM 2.72 03/25/19 |
|
|
|
Servers |
Proliant |
HPE ProLiant WS460c Gen9 |
Yes |
Update to System ROM 2.72 03/25/19 |
|
|
|
Servers |
Synergy |
HPE Synergy 480 Gen9 compute module |
Yes |
Update to System ROM 2.72 03/25/19 |
|
|
|
Servers |
Synergy |
HPE Synergy 660 Gen9 compute module |
Yes |
Update to System ROM 2.72 03/25/19 |
|
|
|
Servers |
Proliant |
HPE ProLiant DL580 Gen9 |
Yes |
Update to System ROM 2.72 03/25/19 |
|
|
|
Servers |
Synergy |
HPE Synergy 620 Gen9 compute module |
Yes |
Update to System ROM 2.72 03/25/19 |
|
|
|
Servers |
Synergy |
HPE Synergy 680 Gen9 compute module |
Yes |
Update to System ROM 2.72 03/25/19 |
|
|
|
Servers |
Proliant |
HPE ProLiant DL20 Gen9 |
Yes |
Update to System ROM 2.82 4/4/19 |
|
|
|
Servers |
Proliant |
HPE ProLiant ML30 Gen9 |
Yes |
Update to System ROM 2.82 4/4/19 |
|
|
|
Servers |
Proliant |
HPE ProLiant BL420c Gen8 |
Yes |
Update to System ROM 2019.05.24 |
|
Security Bulletin hpesbhf03933 |
|
Servers |
Proliant |
HPE ProLiant BL460c Gen8 |
Yes |
Update to System ROM 2019.05.24 |
|
Security Bulletin hpesbhf03933 |
|
Servers |
Proliant |
HPE ProLiant BL660c Gen8 |
Yes |
Update to System ROM 2019.05.24 |
|
Security Bulletin hpesbhf03933 |
|
Servers |
Proliant |
HPE ProLiant ML350e Gen8 |
Yes |
Update to System ROM 2019.05.24 |
|
Security Bulletin hpesbhf03933 |
|
Servers |
Proliant |
HPE ProLiant ML350e Gen8 v2 |
Yes |
Update to System ROM 2019.05.24 |
|
Security Bulletin hpesbhf03933 |
|
Servers |
Proliant |
HPE ProLiant DL160 Gen8 |
Yes |
Update to System ROM 2019.05.24 |
|
Security Bulletin hpesbhf03933 |
|
Servers |
Proliant |
HPE ProLiant DL380p Gen8 |
Yes |
Update to System ROM 2019.05.24 |
|
Security Bulletin hpesbhf03933 |
|
Servers |
Proliant |
HPE ProLiant DL360p Gen8 |
Yes |
Update to System ROM 2019.05.24 |
|
Security Bulletin hpesbhf03933 |
|
Servers |
Proliant |
HPE ProLiant ML350p Gen8 |
Yes |
Update to System ROM 2019.05.24 |
|
Security Bulletin hpesbhf03933 |
|
Servers |
Proliant |
HPE ProLiant DL360e Gen8 |
Yes |
Update to System ROM 2019.05.24 |
|
Security Bulletin hpesbhf03933 |
|
Servers |
Proliant |
HPE ProLiant DL380e Gen8 |
Yes |
Update to System ROM 2019.05.24 |
|
Security Bulletin hpesbhf03933 |
|
Servers |
Proliant |
HPE ProLiant SL4540 Gen8 |
Yes |
Update to System ROM 2019.05.24 |
|
Security Bulletin hpesbhf03933 |
|
Servers |
Proliant |
HPE ProLiant SL140s Gen8 |
Yes |
Update to System ROM 2019.05.24 |
|
Security Bulletin hpesbhf03933 |
|
Servers |
Proliant |
HPE ProLiant SL230s Gen 8 |
Yes |
Update to System ROM 2019.05.24 |
|
Security Bulletin hpesbhf03933 |
|
Servers |
Proliant |
HPE ProLiant SL250s Gen 8 |
Yes |
Update to System ROM 2019.05.24 |
|
Security Bulletin hpesbhf03933 |
|
Servers |
Proliant |
HPE ProLiant SL270s Gen8 |
Yes |
Update to System ROM 2019.05.24 |
|
Security Bulletin hpesbhf03933 |
|
Servers |
Proliant |
HPE ProLiant DL560 Gen8 |
Yes |
Update to System ROM 2019.05.24 |
|
Security Bulletin hpesbhf03933 |
|
Servers |
Proliant |
HPE ProLiant SL210t Gen8 |
Yes |
Update to System ROM 2019.05.24 |
|
Security Bulletin hpesbhf03933 |
|
Servers |
Proliant |
HPE ProLiant DL580 Gen8 |
Yes |
Update to System ROM 2.22_06-03-2019 |
|
Security Bulletin hpesbhf03933 |
|
Servers |
Proliant |
HPE ProLiant ML110 G7 |
Yes |
Update to System ROM 2019.04.04 |
|
|
|
Servers |
Proliant |
HPE ProLiant DL120 G7 |
Yes |
Update to System ROM 2019.04.04 |
|
|
|
Servers |
Proliant |
HPE ProLiant DL320e Gen8 |
Yes |
Update to System ROM 2019.04.04 |
|
|
|
Servers |
Proliant |
HPE ProLiant Microserver
Gen8 |
Yes |
Update to System ROM 2019.04.04 |
|
|
|
Servers |
Proliant |
HPE ProLiant ML310e Gen8 V2 |
Yes |
Update to System ROM 2019.04.04 |
|
|
|
Servers |
Proliant |
HPE ProLiant DL320e Gen8 V2 |
Yes |
Update to System ROM 2019.04.04 |
|
|
|
Servers |
Proliant |
HPE ProLiant XL220a Gen8 V2 |
Yes |
Update to System ROM 2019.04.04 |
|
|
|
Servers |
Synergy |
Synergy Composer (HPE OneView) |
No |
Not Vulnerable – Product doesn’t
allow arbitrary code execution. |
|
|
|
Servers |
Synergy |
HPE OneView
(Virtual appliance) |
No |
Not Vulnerable – Product doesn’t
allow arbitrary code execution. Appropriate hypervisor vendor patches must be
applied. |
|
|
|
Servers |
Synergy |
HPE OneView
Global Dashboard (Virtual appliance) |
No |
Not Vulnerable – Product doesn’t
allow arbitrary code execution. Appropriate hypervisor vendor patches must be
applied. |
|
|
|
Servers |
Synergy |
HPE Image Streamer |
Yes |
Fix Under investigation. May be
mitigated by only allowing trusted software admin users to access Image
Streamer. |
|
|
|
Servers |
Integrity |
Superdome Flex Server |
Yes |
Update to System Firmware 3.10.174 |
|
|
|
Servers |
Integrity |
Superdome X |
Yes |
Update to System Firmware 8.8.26 |
|
|
|
Servers |
Integrity |
MC990 X Server |
Yes |
Update to System ROM 2019.08 |
|
|
|
Servers |
SGI |
UV 300, 300H, 300RL, 30EX |
Yes |
Update to System ROM 2019.08 |
|
|
|
Servers |
SGI |
UV 3000 Server |
Yes |
Update to System ROM 2019.08 |
|
|
|
Servers |
SGI |
UV 2000 Server |
Yes |
Update to System ROM 2019.08 |
|
|
|
Servers |
Cloudline |
CL2100 G3 806R (Broadwell) |
Yes |
Update to System ROM 4C4C2140,
6/12/2019 |
|
|
|
Servers |
Cloudline |
CL2100 G3 407S/807S (Broadwell) |
Yes |
Update to System ROM 4D4C2170,
6/15/2019 |
|
|
|
Servers |
Cloudline |
CL2100 G3 407S/807S (Haswell) |
Yes |
Update to System ROM DC1F123A,
7/13/2019 |
|
|
|
Servers |
Cloudline |
CL2200 G3 1211R (Broadwell) |
Yes |
Update to System ROM 4B4C2140,
6/22/2019 |
|
|
|
Servers |
Cloudline |
CL2200 G3 1211R (Haswell) |
Yes |
Update to System ROM DC1F113B,
6/29/2019 |
|
|
|
Servers |
Cloudline |
CL3100 G3 |
Yes |
Update to System ROM 2F4C2270,
6/12/2019 |
|
|
|
Servers |
Cloudline |
CL3100 Gen10 |
Yes |
Update to System ROM 1.15.0,
7/9/2019 |
|
|
|
Servers |
Cloudline |
CL4100 Gen10 |
Yes |
Update to System ROM 1.15.0,
7/9/2019 |
|
|
|
Servers |
Cloudline |
CL5200 G3 |
Yes |
Update to System ROM 1.14.0,
5/26/2019 |
|
|
|
Servers |
Cloudline |
CL5200 Gen9 |
Yes |
Update to System ROM 1.14.0,
5/26/2019 |
|
|
|
Servers |
Cloudline |
CL5800 Gen9 |
Yes |
Update to System ROM 1.08.0,
5/26/2019 |
|
|
|
Servers |
Cloudline |
CL2100 Gen10 |
Yes |
Update to System ROM 1.16.0.0(12 jun 2019) |
|
|
|
Servers |
Cloudline |
CL2200 Gen10 |
Yes |
Update to System ROM 1.16.0.0(12 jun 2019) |
|
|
|
Servers |
Cloudline |
CL2600 Gen10 |
Yes |
Update to System ROM 2.0.6
06/03/2019 |
|
|
|
Servers |
Cloudline |
CL2800 Gen10 |
Yes |
Update to System ROM 2.0.6
06/03/2019 |
|
|
|
Storage |
MSA |
1040/2040/2042 |
Yes |
Not Vulnerable – Product does not
allow arbitrary code execution. |
|
|
|
Storage |
MSA |
1050/2050/2052 |
Yes |
Not Vulnerable – Product does not
allow arbitrary code execution. |
|
|
|
Storage |
3PAR |
StoreServ 8xxx |
Yes |
Not Vulnerable – Product does not
allow arbitrary code execution. |
|
|
|
Storage |
3PAR |
StoreServ 9xxx |
Yes |
Not Vulnerable – Product does not
allow arbitrary code execution. |
|
|
|
Storage |
3PAR |
StoreServ 20xxx |
Yes |
Not Vulnerable – Product does not
allow arbitrary code execution. |
|
|
|
Storage |
StoreEasy |
HPE StoreEasy
1460 Storage, HPE Storage File Controller, HPE Storage Performance File
Controller |
Yes |
Refer to mitigation for the HPE
ProLiant DL360 Gen10 |
|
|
|
Storage |
StoreEasy |
HPE StoreEasy
1660 Storage, HPE StoreEasy 1860 Storage |
Yes |
Refer to mitigation for the HPE
ProLiant DL380 Gen10 |
|
|
|
Storage |
StoreEasy |
HPE StoreEasy
1560 Storage |
Yes |
Refer to mitigation for the HPE
ProLiant ML110 Gen10 |
|
|
|
Storage |
StoreEasy |
HPE StoreEasy
1650 Expanded Storage |
Yes |
Refer to mitigation for the HPE
Apollo 4200 Gen9 |
|
|
|
Storage |
StoreEasy |
HPE StoreEasy
1650 Storage, HPE StoreEasy 1850 Storage |
Yes |
Refer to mitigation for the HPE
ProLiant DL380 Gen9 |
|
|
|
Storage |
StoreEasy |
HPE StoreEasy
1450 Storage |
Yes |
Refer to mitigation for the HPE
ProLiant DL160 Gen9 |
|
|
|
Storage |
StoreEasy |
HPE StoreEasy
1550 Storage |
Yes |
Refer to mitigation for the HPE
ProLiant ML110 Gen9 |
|
|
|
Storage |
StoreEasy |
HPE 3PAR StoreServ
File Controller v3, HPE StoreEasy 3850 Gateway |
Yes |
Refer to mitigation for the HPE
ProLiant XL190r Gen9 |
|
|
|
Servers |
Moonshot/Edgeline |
HPE ProLiant m510 Server Blade |
Yes |
Under investigation |
|
Security Bulletin hpesbhf03933 |
|
Servers |
Moonshot/Edgeline |
HPE ProLiant m710 Server |
Yes |
Update to System ROM 2019.04.26 |
|
Security Bulletin hpesbhf03933 |
|
Servers |
Moonshot/Edgeline |
HPE ProLiant m710p Server Cartridge
|
Yes |
Update to System ROM 2019.04.26 |
|
Security Bulletin hpesbhf03933 |
|
Servers |
Moonshot/Edgeline |
HPE ProLiant m710x Server Blade |
Yes |
Update to System ROM
1.78_04-09-2019 |
|
Security Bulletin hpesbhf03933 |
|
Servers |
Moonshot/Edgeline |
HPE ProLiant m710x-L Server Blade |
Yes |
Update to System ROM
1.78_04-09-2019 |
|
|
|
Storage |
SimpliVity |
HPE SimpliVity 380 Gen9 Family |
Yes |
Resolved in OmniStack 4.0.0. Reference Customer Notice. |
|
|
|
Storage |
SimpliVity |
HPE SimpliVity 380 Gen10 Family |
Yes |
Resolved in OmniStack 4.0.0. Reference Customer Notice. |
|
|
|
Storage |
SimpliVity |
HPE SimpliVity 2600 (190 & 170) |
Yes |
Resolved in OmniStack 4.0.0. Reference Customer Notice. |
|
|
|
Storage |
SimpliVity |
SimpliVity OmniCube |
Yes |
Under investigation |
|
|
|
Storage |
SimpliVity |
SimpliVity OmniStack for Cisco |
Yes |
Under investigation |
|
|
|
Storage |
SimpliVity |
SimpliVity OmniStack for Cisco |
Yes |
Under investigation |
|
|
|
Storage |
SimpliVity |
SimpliVity OmniStack for Dell |
Yes |
Under investigation |
|
|
|
Storage |
SimpliVity |
HPE SimpliVity 380 Gen10 G Family
|
Yes |
Resolved in OmniStack 4.0.0. Reference Customer Notice. |
|
|
|
Storage |
SimpliVity |
HPE SimpliVity 380 Gen10 G Family |
Yes |
Resolved in OmniStack 4.0.0. Reference Customer Notice. |
|