Hewlett Packard Enterprise Product Security Vulnerability Alerts

Microarchitectural Data Sampling (a.k.a. MDS, ZombieLoad, RIDL & Fallout)

Version 8.0 :  Last Updated: October 15, 2019

This website is updated frequently, as new product information becomes available.

On May 14, 2019, Intel and other industry partners shared details and information about a new group of vulnerabilities collectively called Microarchitectural Data Sampling (MDS). These security vulnerabilities in CPUs may allow information disclosure. Intel is releasing microcode updates (MCU) to support mitigation of these potential vulnerabilities.These are coupled with corresponding updates to operating system and hypervisor software.

More details are available through CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091 and Intel Security Advisory.

Note: Itanium® microarchitecture Processors are not affected by MDS. For Intel back up on this statement, see the link below:

https://software.intel.com/security-software-guidance/insights/deep-dive-intel-analysis-microarchitectural-data-sampling

In the CPUID Enumeration section, a note states:

"Note: Processors that are not explicitly listed in the List of MDS-affected processors by Family/Model table, like processors based on Itanium® microarchitecture, are not affected by MDS."

Usage Instructions and Definitions for CVE Vulnerability Information

Data

Definition

Product Category

High-level product description.

Product Sub-Category

Medium-level product description.

Product Name

Detailed product description.

 

(Impacted)

Indicates whether the specific product is affected by the cited vulnerability.

 

If Impacted - Mitigation or

Information regarding how to address a vulnerability.

Under Investigation

Link(s) to security bulletin (Vendor)

Link to Vendor's Security Bulletin.

 

Use the following table to find vulnerability information by entering the name of the product (e.g. ML350) in the search box.

Product Category

Sub Category

Product Name

Impacted

Mitigation and Notes

Customer Bulletin

Security Bulletin

Servers

Proliant

HPE ProLiant DL360 Gen10

Yes

Update to System ROM 2.04 04/19/2019

 

Security Bulletin hpesbhf03933

Servers

Proliant

HPE ProLiant DL380 Gen10

Yes

Update to System ROM  2.04 04/19/2019

 

Security Bulletin hpesbhf03933

Servers

Proliant

HPE ProLiant DL160 Gen10

Yes

Update to System ROM  2.04 04/19/2019

 

Security Bulletin hpesbhf03933

Servers

Proliant

HPE ProLiant DL180 Gen10

Yes

Update to System ROM  2.04 04/19/2019

 

Security Bulletin hpesbhf03933

Servers

Proliant

HPE ProLiant DL560 Gen10

Yes

Update to System ROM  2.04 04/19/2019

 

Security Bulletin hpesbhf03933

Servers

Proliant

HPE ProLiant DL580 Gen10

Yes

Update to System ROM  2.04 04/19/2019

 

Security Bulletin hpesbhf03933

Servers

Proliant

HPE ProLiant ML350 Gen10

Yes

Update to System ROM  2.04 04/19/2019

 

Security Bulletin hpesbhf03933

Servers

Proliant

HPE ProLiant ML110 Gen10

Yes

Update to System ROM  2.04 04/19/2019

 

Security Bulletin hpesbhf03933

Servers

Proliant

HPE ProLiant BL460c Gen10

Yes

Update to System ROM  2.04 04/19/2019

 

Security Bulletin hpesbhf03933

Servers

Synergy

HPE Synergy 480 Gen10 compute module

Yes

Update to System ROM  2.04 04/19/2019

 

Security Bulletin hpesbhf03933

Servers

Synergy

HPE Synergy 660 Gen10 compute module

Yes

Update to System ROM  2.04 04/19/2019

 

Security Bulletin hpesbhf03933

Servers

Apollo

HPE ProLiant XL170r Gen10 (aka A2000)

Yes

Update to System ROM  2.04 04/19/2019

 

Security Bulletin hpesbhf03933

Servers

Apollo

HPE ProLiant XL190r Gen10 (aka A2000)

Yes

Update to System ROM  2.04 04/19/2019

 

Security Bulletin hpesbhf03933

Servers

Apollo

HPE ProLiant XL230k Gen10 (aka A6000)

Yes

Update to System ROM  2.04 04/19/2019

 

Security Bulletin hpesbhf03933

Servers

Apollo

HPE ProLiant XL420 Gen10 (aka A4200)

Yes

Update to System ROM  2.04 04/19/2019

 

Security Bulletin hpesbhf03933

Servers

Apollo

HPE ProLiant XL450 Gen10 (aka A4500 Gen10)

Yes

Update to System ROM  2.04 04/19/2019

 

Security Bulletin hpesbhf03933

Servers

Apollo

HPE ProLiant XL370d Gen10 (aka A6500 Gen10)

Yes

Update to System ROM  2.04 04/19/2019

 

Security Bulletin hpesbhf03933

Servers

Proliant

HPE ProLiant DL120 Gen10

Yes

Update to System ROM 1.52 4/18/2019

 

Security Bulletin hpesbhf03933

Servers

Proliant

HPE ProLiant DL20 Gen10

Yes

Update to System ROM 1.22 4/4/19

 

Security Bulletin hpesbhf03933

Servers

Proliant

HPE ProLiant ML30 Gen10

Yes

Update to System ROM 1.22 4/4/19

 

Security Bulletin hpesbhf03933

Servers

Proliant

HPE ProLiant DL360 Gen9

Yes

Update to System ROM 2.72 03/25/19

 

Security Bulletin hpesbhf03933

Servers

Proliant

HPE ProLiant DL380 Gen9

Yes

Update to System ROM 2.72 03/25/19

 

Security Bulletin hpesbhf03933

Servers

Proliant

HPE ProLiant DL560 Gen9

Yes

Update to System ROM 2.72 03/25/19

 

Security Bulletin hpesbhf03933

Servers

Proliant

HPE ProLiant DL160 Gen9

Yes

Update to System ROM 2.72 03/25/19

 

Security Bulletin hpesbhf03933

Servers

Proliant

HPE ProLiant DL180 Gen9

Yes

Update to System ROM 2.72 03/25/19

 

Security Bulletin hpesbhf03933

Servers

Proliant

HPE ProLiant DL120 Gen9

Yes

Update to System ROM 2.72 03/25/19

 

Security Bulletin hpesbhf03933

Servers

Proliant

HPE ProLiant DL60 Gen9

Yes

Update to System ROM 2.72 03/25/19

 

Security Bulletin hpesbhf03933

Servers

Proliant

HPE ProLiantDL80 Gen9

Yes

Update to System ROM 2.72 03/25/19

 

Security Bulletin hpesbhf03933

Servers

Proliant

HPE ProLiant ML110 Gen9

Yes

Update to System ROM 2.72 03/25/19

 

Security Bulletin hpesbhf03933

Servers

Proliant

HPE ProLiant ML150 Gen9

Yes

Update to System ROM 2.72 03/25/19

 

Security Bulletin hpesbhf03933

Servers

Proliant

HPE ProLiant ML350 Gen9

Yes

Update to System ROM 2.72 03/25/19

 

Security Bulletin hpesbhf03933

Servers

Proliant

HPE ProLiant XL230a/XL250a Gen9

Yes

Update to System ROM 2.72 03/25/19

 

Security Bulletin hpesbhf03933

Servers

Proliant

HPE ProLiant XL230b Gen9

Yes

Update to System ROM 2.72 03/25/19

 

Security Bulletin hpesbhf03933

Servers

Proliant

HPE ProLiant XL170r Gen9

Yes

Update to System ROM 2.72 03/25/19

 

Security Bulletin hpesbhf03933

Servers

Proliant

HPE ProLiant XL190r Gen9

Yes

Update to System ROM 2.72 03/25/19

 

Security Bulletin hpesbhf03933

Servers

Proliant

HPE ProLiant XL730f Gen9

Yes

Update to System ROM 2.72 03/25/19

 

Security Bulletin hpesbhf03933

Servers

Proliant

HPE ProLiant XL420 Gen9 (HPE Apollo 4200 Gen9 Server)

Yes

Update to System ROM 2.72 03/25/19

 

Security Bulletin hpesbhf03933

Servers

Proliant

HPE ProLiant XL450 Gen9

Yes

Update to System ROM 2.72 03/25/19

 

Security Bulletin hpesbhf03933

Servers

Proliant

HPE ProLiant XL720d Gen9

Yes

Update to System ROM 2.72 03/25/19

 

Security Bulletin hpesbhf03933

Servers

Proliant

HPE ProLiant BL460c Gen9

Yes

Update to System ROM 2.72 03/25/19

 

Security Bulletin hpesbhf03933

Servers

Proliant

HPE ProLiant WS460c Gen9

Yes

Update to System ROM 2.72 03/25/19

 

Security Bulletin hpesbhf03933

Servers

Synergy

HPE Synergy 480 Gen9 compute module

Yes

Update to System ROM 2.72 03/25/19

 

Security Bulletin hpesbhf03933

Servers

Synergy

HPE Synergy 660 Gen9 compute module

Yes

Update to System ROM 2.72 03/25/19

 

Security Bulletin hpesbhf03933

Servers

Proliant

HPE ProLiant DL580 Gen9

Yes

Update to System ROM 2.72 03/25/19

 

Security Bulletin hpesbhf03933

Servers

Synergy

HPE Synergy 620 Gen9 compute module

Yes

Update to System ROM 2.72 03/25/19

 

Security Bulletin hpesbhf03933

Servers

Synergy

HPE Synergy 680 Gen9 compute module

Yes

Update to System ROM 2.72 03/25/19

 

Security Bulletin hpesbhf03933

Servers

Proliant

HPE ProLiant  DL20 Gen9

Yes

Update to System ROM 2.82 4/4/19

 

Security Bulletin hpesbhf03933

Servers

Proliant

HPE ProLiant  ML30 Gen9

Yes

Update to System ROM 2.82 4/4/19

 

Security Bulletin hpesbhf03933

Servers

Proliant

HPE ProLiant BL420c Gen8

Yes

Update to System ROM  2019.05.24

 

Security Bulletin hpesbhf03933

Servers

Proliant

HPE ProLiant BL460c Gen8

Yes

Update to System ROM  2019.05.24

 

Security Bulletin hpesbhf03933

Servers

Proliant

HPE ProLiant BL660c Gen8

Yes

Update to System ROM  2019.05.24

 

Security Bulletin hpesbhf03933

Servers

Proliant

HPE ProLiant ML350e Gen8

Yes

Update to System ROM  2019.05.24

 

Security Bulletin hpesbhf03933

Servers

Proliant

HPE ProLiant ML350e Gen8 v2

Yes

Update to System ROM  2019.05.24

 

Security Bulletin hpesbhf03933

Servers

Proliant

HPE ProLiant DL160 Gen8

Yes

Update to System ROM  2019.05.24

 

Security Bulletin hpesbhf03933

Servers

Proliant

HPE ProLiant DL380p Gen8

Yes

Update to System ROM  2019.05.24

 

Security Bulletin hpesbhf03933

Servers

Proliant

HPE ProLiant DL360p Gen8

Yes

Update to System ROM  2019.05.24

 

Security Bulletin hpesbhf03933

Servers

Proliant

HPE ProLiant ML350p Gen8

Yes

Update to System ROM  2019.05.24

 

Security Bulletin hpesbhf03933

Servers

Proliant

HPE ProLiant DL360e Gen8

Yes

Update to System ROM  2019.05.24

 

Security Bulletin hpesbhf03933

Servers

Proliant

HPE ProLiant DL380e Gen8

Yes

Update to System ROM  2019.05.24

 

Security Bulletin hpesbhf03933

Servers

Proliant

HPE ProLiant SL4540 Gen8

Yes

Update to System ROM  2019.05.24

 

Security Bulletin hpesbhf03933

Servers

Proliant

HPE ProLiant SL140s Gen8

Yes

Update to System ROM  2019.05.24

 

Security Bulletin hpesbhf03933

Servers

Proliant

HPE ProLiant SL230s Gen 8

Yes

Update to System ROM  2019.05.24

 

Security Bulletin hpesbhf03933

Servers

Proliant

HPE ProLiant SL250s Gen 8

Yes

Update to System ROM  2019.05.24

 

Security Bulletin hpesbhf03933

Servers

Proliant

HPE ProLiant SL270s Gen8

Yes

Update to System ROM  2019.05.24

 

Security Bulletin hpesbhf03933

Servers

Proliant

HPE ProLiant DL560 Gen8

Yes

Update to System ROM  2019.05.24

 

Security Bulletin hpesbhf03933

Servers

Proliant

HPE ProLiant SL210t Gen8

Yes

Update to System ROM  2019.05.24

 

Security Bulletin hpesbhf03933

Servers

Proliant

HPE ProLiant DL580 Gen8

Yes

Update to System ROM 2.22_06-03-2019

 

Security Bulletin hpesbhf03933

Servers

Proliant

HPE ProLiant ML110 G7

Yes

Update to System ROM  2019.04.04

 

Security Bulletin hpesbhf03933

Servers

Proliant

HPE ProLiant DL120 G7

Yes

Update to System ROM  2019.04.04

 

Security Bulletin hpesbhf03933

Servers

Proliant

HPE ProLiant DL320e Gen8

Yes

Update to System ROM  2019.04.04

 

Security Bulletin hpesbhf03933

Servers

Proliant

HPE ProLiant Microserver Gen8

Yes

Update to System ROM  2019.04.04

 

Security Bulletin hpesbhf03933

Servers

Proliant

HPE ProLiant ML310e Gen8 V2

Yes

Update to System ROM  2019.04.04

 

Security Bulletin hpesbhf03933

Servers

Proliant

HPE ProLiant DL320e Gen8 V2

Yes

Update to System ROM  2019.04.04

 

Security Bulletin hpesbhf03933

Servers

Proliant

HPE ProLiant XL220a Gen8 V2

Yes

Update to System ROM  2019.04.04

 

Security Bulletin hpesbhf03933

Servers

Synergy

Synergy Composer (HPE OneView)

No

Not Vulnerable – Product doesn’t allow arbitrary code execution.

 

 

Servers

Synergy

HPE OneView (Virtual appliance)

No

Not Vulnerable – Product doesn’t allow arbitrary code execution. Appropriate hypervisor vendor patches must be applied.

 

 

Servers

Synergy

HPE OneView Global Dashboard (Virtual appliance)

No

Not Vulnerable – Product doesn’t allow arbitrary code execution. Appropriate hypervisor vendor patches must be applied.

 

 

Servers

Synergy

HPE Image Streamer

Yes

Fix Under investigation. May be mitigated by only allowing trusted software admin users to access Image Streamer.

 

 

Servers

Integrity

Superdome Flex Server

Yes

Update to System Firmware 3.10.174

 

Security Bulletin hpesbhf03933

Servers

Integrity

Superdome X

Yes

Update to System Firmware 8.8.26

 

Security Bulletin hpesbhf03933

Servers

Integrity

MC990 X Server

Yes

Update to System ROM 2019.08

 

Security Bulletin hpesbhf03933

Servers

SGI

UV 300, 300H, 300RL, 30EX

Yes

Update to System ROM 2019.08

 

Security Bulletin hpesbhf03933

Servers

SGI

UV 3000 Server

Yes

Update to System ROM 2019.08

 

Security Bulletin hpesbhf03933

Servers

SGI

UV 2000 Server

Yes

Update to System ROM 2019.08

 

Security Bulletin hpesbhf03933

Servers

Cloudline

CL2100 G3 806R (Broadwell)

Yes

Update to System ROM 4C4C2140, 6/12/2019

 

 

Servers

Cloudline

CL2100 G3 407S/807S (Broadwell)

Yes

Update to System ROM 4D4C2170, 6/15/2019

 

 

Servers

Cloudline

CL2100 G3 407S/807S (Haswell)

Yes

Update to System ROM DC1F123A, 7/13/2019

 

 

Servers

Cloudline

CL2200 G3 1211R (Broadwell)

Yes

Update to System ROM 4B4C2140, 6/22/2019

 

 

Servers

Cloudline

CL2200 G3 1211R (Haswell)

Yes

Update to System ROM DC1F113B, 6/29/2019

 

 

Servers

Cloudline

CL3100 G3

Yes

Update to System ROM 2F4C2270, 6/12/2019

 

 

Servers

Cloudline

CL3100 Gen10

Yes

Update to System ROM 1.15.0, 7/9/2019

 

 

Servers

Cloudline

CL4100 Gen10

Yes

Update to System ROM 1.15.0, 7/9/2019

 

 

Servers

Cloudline

CL5200 G3

Yes

Update to System ROM 1.14.0, 5/26/2019

 

 

Servers

Cloudline

CL5200 Gen9

Yes

Update to System ROM 1.14.0, 5/26/2019

 

 

Servers

Cloudline

CL5800 Gen9

Yes

Update to System ROM 1.08.0, 5/26/2019

 

 

Servers

Cloudline

CL2100 Gen10

Yes

Update to System ROM 1.16.0.0(12 jun 2019)

 

 

Servers

Cloudline

CL2200 Gen10

Yes

Update to System ROM 1.16.0.0(12 jun 2019)

 

 

Servers

Cloudline

CL2600 Gen10

Yes

Update to System ROM 2.0.6 06/03/2019

 

 

Servers

Cloudline

CL2800 Gen10

Yes

Update to System ROM 2.0.6 06/03/2019

 

 

Storage

MSA

1040/2040/2042

Yes

Not Vulnerable – Product does not allow arbitrary code execution.

 

 

Storage

MSA

1050/2050/2052

Yes

Not Vulnerable – Product does not allow arbitrary code execution.

 

 

Storage

3PAR

StoreServ 8xxx

Yes

Not Vulnerable – Product does not allow arbitrary code execution.

 

 

Storage

3PAR

StoreServ 9xxx

Yes

Not Vulnerable – Product does not allow arbitrary code execution.

 

 

Storage

3PAR

StoreServ 20xxx

Yes

Not Vulnerable – Product does not allow arbitrary code execution.

 

 

Storage

StoreEasy

HPE StoreEasy 1460 Storage, HPE Storage File Controller, HPE Storage Performance File Controller

Yes

Refer to mitigation for the HPE ProLiant DL360 Gen10

 

 

Storage

StoreEasy

HPE StoreEasy 1660 Storage, HPE StoreEasy 1860 Storage

Yes

Refer to mitigation for the HPE ProLiant DL380 Gen10

 

 

Storage

StoreEasy

HPE StoreEasy 1560 Storage

Yes

Refer to mitigation for the HPE ProLiant ML110 Gen10

 

 

Storage

StoreEasy

HPE StoreEasy 1650 Expanded Storage

Yes

Refer to mitigation for the HPE Apollo 4200 Gen9

 

 

Storage

StoreEasy

HPE StoreEasy 1650 Storage, HPE StoreEasy 1850 Storage

Yes

Refer to mitigation for the HPE ProLiant DL380 Gen9

 

 

Storage

StoreEasy

HPE StoreEasy 1450 Storage

Yes

Refer to mitigation for the HPE ProLiant DL160 Gen9

 

 

Storage

StoreEasy

HPE StoreEasy 1550 Storage

Yes

Refer to mitigation for the HPE ProLiant ML110 Gen9

 

 

Storage

StoreEasy

HPE 3PAR StoreServ File Controller v3, HPE StoreEasy 3850 Gateway

Yes

Refer to mitigation for the HPE ProLiant XL190r Gen9

 

 

Servers

Moonshot/Edgeline

HPE ProLiant m510 Server Blade

Yes

Under investigation

 

Security Bulletin hpesbhf03933

Servers

Moonshot/Edgeline

HPE ProLiant m710 Server

Yes

Update to System ROM 2019.04.26

 

Security Bulletin hpesbhf03933

Servers

Moonshot/Edgeline

HPE ProLiant m710p Server Cartridge

Yes

Update to System ROM 2019.04.26

 

Security Bulletin hpesbhf03933

Servers

Moonshot/Edgeline

HPE ProLiant m710x Server Blade

Yes

Update to System ROM 1.78_04-09-2019

 

Security Bulletin hpesbhf03933

Servers

Moonshot/Edgeline

HPE ProLiant m710x-L Server Blade

Yes

Update to System ROM 1.78_04-09-2019

 

Security Bulletin hpesbhf03933