Hewlett Packard Enterprise Product Security Vulnerability Alerts
Speculative Store Bypass (Variant IV) CVE-2018-3639 & Rogue Register Load (Variant 3a) CVE-2018-3640 Vulnerabilities
Version 13.0 : Last Updated: October 8, 2018
This website is updated frequently, as new product information becomes available.
On May 21, 2018, an industry-wide vulnerability was disclosed that involves modern microprocessor architectures. Based on new security research, there are software analysis methods that, when used for malicious purposes, have the potential to improperly gather sensitive data from computing devices that are operating as designed. At this time, this vulnerability is known as Speculative Store Bypass or Variant 4 (CVE-2018-3639). While this vulnerability shares many similarities with the recently disclosed Side-Channel Analysis Method, or Spectre and Meltdown, this is a new vulnerability requiring new and unique mitigations.
The Speculative Store Bypass or Variant 4 vulnerability impacts microprocessor architectures from multiple CPU vendors, including Intel, AMD, and ARM. To address this vulnerability, hardware and software vendors from across the industry, including HPE, have been working together to develop mitigation strategies. Mitigation for Intel-based products requires both OS updates and System ROM updates including a new Intel microcode. Mitigation for AMD-based products only require an OS update.
In addition, on 21 May 2018, another vulnerability was disclosed referred to as Rogue Register Load or Variant 3A (CVE-2018-3640) that allows an attacker to improperly access processor registers. This vulnerability impacts Intel-based products only. Mitigation for this vulnerability requires only a System ROM update including a new Intel microcode. The same microcode required for mitigation of Speculative Store Bypass or Variant 4 will also mitigate Rogue Register Load or Variant 3A.
Intel Itanium and Intel Phi 7200-series Processors are not exposed to either Speculative Store Bypass (CVE-2018-3639) or Rogue Register Load (CVE-2018-3640) vulnerabilities.
Usage Instructions and Definitions for CVE Vulnerability Information |
|
Data |
Definition |
Product Category |
High-level product description. |
Product Sub-Category |
Medium-level product description. |
Product Name |
Detailed product description. |
|
|
(Impacted) |
Indicates whether the specific product is affected by the cited vulnerability. |
|
|
If Impacted - Mitigation or |
Information regarding how to address a vulnerability. |
Under Investigation |
|
Link(s) to security bulletin (Vendor) |
Link to Vendor's Security Bulletin. |
Use the following table to find vulnerability information by entering the name of the product (e.g. ML350) in the search box.
Sub
Category |
Product
Name |
Impacted |
ROM
Family |
Resolved
in ROM Version |
Mitigation
and Notes |
Customer
Bulletin |
Security
Bulletin |
|
Cloudline |
Cloudline |
Cloudline CL3150 Gen10 (AMD) |
Yes |
O51 |
|
System
ROM update not required/OS update only |
|
|
Cloudline |
Cloudline |
Cloudline CL3100 Gen10 |
Yes |
O57 |
1.0.4 |
https://www.hpe.com/global/swpublishing/MTX-1fe968c32faf45eb805891d081 |
|
|
Cloudline |
Cloudline |
Cloudline CL4100 Gen10 |
Yes |
O57 |
1.0.4 |
https://www.hpe.com/global/swpublishing/MTX-1fe968c32faf45eb805891d081 |
|
|
Cloudline |
Cloudline |
Cloudline CL2100 G3 407S/807S (Haswell) |
Yes |
|
DC1F120A |
https://www.hpe.com/global/swpublishing/MTX-0d4d710c56ac4e758ecb71eb5e |
|
|
Cloudline |
Cloudline |
Cloudline CL2100 G3 407S/807S (Broadwell) |
Yes |
|
4D4C2140 |
https://www.hpe.com/global/swpublishing/MTX-49c5bb208a4048d7a6b33f2a03 |
|
|
Cloudline |
Cloudline |
Cloudline CL2200 G3 1211R (Haswell) |
Yes |
|
DC1F110B |
https://www.hpe.com/global/swpublishing/MTX-55ada2cb554243e6820ce9ff12 |
|
|
Cloudline |
Cloudline |
Cloudline CL2200 G3 1211R (Broadwell) |
Yes |
|
4B4C2110 |
https://www.hpe.com/global/swpublishing/MTX-653bdc861cfd4f519a31a08993 |
|
|
Cloudline |
Cloudline |
Cloudline CL5200 G3 |
Yes |
|
4H4C2140 |
https://www.hpe.com/global/swpublishing/MTX-89afbf22faab4475bf77651988 |
|
|
Cloudline |
Cloudline |
Cloudline CL3100 G3 (Windows OS) |
Yes |
|
2F4C2240 |
https://www.hpe.com/global/swpublishing/MTX-ac3ff23e918245caa5ac09880b |
|
|
Cloudline |
Cloudline |
Cloudline CL3100 G3 (Linux OS) |
Yes |
|
2F4C2240 |
https://www.hpe.com/global/swpublishing/MTX-f6b276df2a4b407e9a6514a726 |
|
|
Cloudline |
Cloudline |
Cloudline CL2100 G3 806R (Broadwell) (Windows
OS) |
Yes |
|
4C4C2110 |
https://www.hpe.com/global/swpublishing/MTX-27f4edeb2ae54e51ad1af2fac5 |
|
|
Cloudline |
Cloudline |
Cloudline CL2100 G3 806R (Broadwell) (Linux
OS) |
Yes |
|
4C4C2110 |
https://www.hpe.com/global/swpublishing/MTX-d4897c3f57d841eb919bb0294d |
|
|
Converged
Systems |
Converged
Systems |
HPE
ConvergedSystem 500 for SAP HANA Scale-up /
Scale-out configurations (Intel Ivy Bridge architecture) |
Yes |
|
TBD |
Under
investigation |
|
|
Converged
Systems |
Converged
Systems |
HPE
ProLiant DL580 Gen8 Scale-up / Scale-out TDI configurations (Intel Ivy Bridge
architecture) |
Yes |
|
TBD |
Under
investigation |
|
|
Converged
Systems |
Converged
Systems |
HPE
ConvergedSystem 900 for SAP HANA Scale-up /
Scale-out configurations (Intel Ivy Bridge architecture) |
Yes |
|
TBD |
Under
investigation |
|
|
Converged
Systems |
Converged
Systems |
HPE
Superdome X Scale-up / Scale-out TDI configurations (Intel Ivy Bridge
architecture) |
Yes |
|
TBD |
Under
investigation |
|
|
Converged
Systems |
Converged
Systems |
HPE
ProLiant DL380 Gen8 Scale-up TDI configurations (Intel Ivy Bridge
architecture) |
Yes |
|
TBD |
Under
investigation |
|
|
Converged
Systems |
Converged
Systems |
HPE
ProLiant BL460c Gen8 Scale-up TDI configurations (Intel Ivy Bridge
architecture) |
Yes |
|
TBD |
Under
investigation |
|
|
Converged
Systems |
Converged
Systems |
HPE
ConvergedSystem 500 for SAP HANA Scale-up /
Scale-out configurations (Intel Haswell architecture) |
Yes |
|
TBD |
Under
investigation |
|
|
Converged
Systems |
Converged
Systems |
HPE
ProLiant DL580 Gen9 Scale-up/Scale-out TDI configurations (Intel Haswell
architecture) |
Yes |
|
TBD |
Under
investigation |
|
|
Converged
Systems |
Converged
Systems |
HPE
ConvergedSystem 900 for SAP HANA Scale-up
configurations (Intel Haswell architecture) |
Yes |
|
TBD |
Under
investigation |
|
|
Converged
Systems |
Converged
Systems |
HPE
Superdome X Scale-up / Scale-out TDI configurations (Intel Haswell
architecture) |
Yes |
|
TBD |
Under
investigation |
|
|
Converged
Systems |
Converged
Systems |
HPE
ConvergedSystem 500 for SAP HANA Scale-up
configurations (Intel Skylake architecture) |
Yes |
|
TBD |
Under
investigation |
|
|
Converged
Systems |
Converged
Systems |
HPE
ProLiant DL560 Gen10 Scale-up TDI configurations (Intel Skylake
architecture) |
Yes |
|
TBD |
Under
investigation |
|
|
Converged
Systems |
Converged
Systems |
HPE
Superdome Flex Scale-up / Scale-out TDI configurations (Intel Skylake architecture) |
Yes |
|
TBD |
Under
investigation |
|
|
Converged
Systems |
Converged
Systems |
HPE
Integrity MC990 X TDI Compute Block with the Intel® Xeon® E7-88XXv4 |
Yes |
|
TBD |
Under
investigation |
|
|
Converged
Systems |
Converged
Systems |
HPE
AppSystem for SAP HANA Scale-up / Scale-out configurations
(IntelWestmere architecture) |
Yes |
|
TBD |
Under
investigation |
|
|
Integrity |
Integrity |
HPE
Superdome Flex Server |
Yes |
|
TBD |
Fix
under investigation |
|
|
Integrity |
Integrity |
HPE
Integrity Superdome X with BL920s Gen9 Server Blade |
Yes |
|
TBD |
Fix
under investigation |
|
|
Integrity |
Integrity |
HPE
Integrity Superdome X with BL920s Gen8 Server Blade |
Yes |
|
TBD |
Fix
Under investigation |
|
|
Integrity |
Integrity |
HPE
Integrity MC990 X Server, SGI UV 300, 300H, 300RL, 30EX |
Yes |
|
2018.06 |
Refer
to the Customer Bulletin |
|
|
Integrity |
Integrity |
HPE
Integrity BL860c,BL870c, BL890c i2 |
No |
|
|
|
|
|
Integrity |
Integrity |
HPE
Integrity BL860c, BL870c, BL890c i6 & i4 |
No |
|
|
|
|
|
Integrity |
Integrity |
HPE
Integrity rx2800 i6 & i4 |
No |
|
|
|
|
|
Integrity |
Integrity |
HPE
Integrity rx2800 i2 |
No |
|
|
|
|
|
Integrity |
Integrity |
HPE
Integrity BL860c |
No |
|
|
|
|
|
Integrity |
Integrity |
HPE
Integrity BL870c |
No |
|
|
|
|
|
Integrity |
Integrity |
HPE
Integrity rx6600, rx3600 |
No |
|
|
|
|
|
Integrity |
Integrity |
HPE
Integrity rx2660 |
No |
|
|
|
|
|
Integrity |
Integrity |
HPE
9000 Superdome sx1000/sx2000 |
No |
|
|
|
|
|
Integrity |
Integrity |
HPE
Integrity Superdome 2 CB900s i6, i4 & i2 Server |
No |
|
|
|
|
|
Integrity |
Integrity |
HPE
Integrity cx2600, cx2620 |
No |
|
|
|
|
|
Nimble |
Nimble |
Nimble
Storage |
Yes |
|
|
Not
Vulnerable - Product doesn't allow arbitrary code execution. |
|
|
NonStop |
NonStop |
HPE
Integrity NonStop i CPUs
(Itanium) |
No |
|
|
|
|
|
NonStop |
NonStop |
HPE
Integrity NonStop X CPUs (x86) |
Yes |
|
|
Under
investigation |
|
|
NonStop |
NonStop |
HPE
NonStop System Consoles |
Yes |
|
|
Under
investigation |
|
|
NonStop |
NonStop |
HPE
NonStop Cluster I/O Modules (CLIMs) |
Yes |
|
|
Under
investigation |
|
|
NonStop |
NonStop |
HPE
NonStop Virtual Tape Products |
Yes |
|
|
Under
investigation |
|
|
Servers |
Apollo
2000 |
ProLiant
XL170r Gen10 |
Yes |
U38 |
v1.42 |
Refer
to the Customer Bulletin |
|
|
Servers |
Apollo
2000 |
ProLiant
XL190r Gen10 |
Yes |
U38 |
v1.42 |
Refer
to the Customer Bulletin |
|
|
Servers |
Apollo
2000 |
ProLiant
XL170r Gen9 |
Yes |
U14 |
v2.60 |
Refer
to the Customer Bulletin |
||
Servers |
Apollo
2000 |
ProLiant
XL190r Gen9 |
Yes |
U14 |
v2.60 |
Refer
to the Customer Bulletin |
||
Servers |
Apollo
4200 |
Apollo
4200 Gen9 |
Yes |
U19 |
v2.60 |
Refer
to the Customer Bulletin |
||
Servers |
Apollo
4500 |
ProLiant
XL450 Gen10 |
Yes |
U40 |
v1.42 |
Refer
to the Customer Bulletin |
|
|
Servers |
Apollo
4500 |
ProLiant
XL450 Gen9 |
Yes |
U21 |
v2.60 |
Refer
to the Customer Bulletin |
||
Servers |
Apollo
6000 |
ProLiant
XL230k Gen10 |
Yes |
U37 |
v1.42 |
Refer
to the Customer Bulletin |
|
|
Servers |
Apollo
6000 |
ProLiant
XL230a Gen9 |
Yes |
U13 |
v2.60 |
Refer
to the Customer Bulletin |
||
Servers |
Apollo
6000 |
ProLiant
XL250a Gen9 |
Yes |
U13 |
v2.60 |
Refer
to the Customer Bulletin |
||
Servers |
Apollo
6500 |
ProLiant
XL270d Accelerator Tray Gen9 |
Yes |
U25 |
v2.60 |
Refer
to the Customer Bulletin |
||
Servers |
Apollo
8000 |
ProLiant
XL730f Gen9 |
Yes |
U18 |
v2.60 |
Refer
to the Customer Bulletin |
||
Servers |
Apollo
8000 |
ProLiant
XL740f Gen9 |
Yes |
U18 |
v2.60 |
Refer
to the Customer Bulletin |
||
Servers |
Apollo
8000 |
ProLiant
XL750f Gen9 |
Yes |
U18 |
v2.60 |
Refer
to the Customer Bulletin |
||
Servers |
Moonshot |
Moonshot m710 Server Cartridge |
Yes |
H03 |
2018.05.21 |
Refer
to the Customer Bulletin |
|
|
Servers |
Moonshot |
Moonshot m510 Server Cartridge |
Yes |
H05 |
v1.68 |
Refer
to the Customer Bulletin |
|
|
Servers |
Moonshot |
Moonshot m710p Server Cartridge |
Yes |
H06 |
2018.05.21 |
Refer
to the Customer Bulletin |
|
|
Servers |
Moonshot |
Moonshot m710x Server Cartridge |
Yes |
H07 |
v2.60 |
Refer
to the Customer Bulletin |
||
Servers |
ProLiant |
ProLiant
BL420c Gen8 |
Yes |
I30 |
2018.05.21 |
Refer
to the Customer Bulletin |
|
|
Servers |
ProLiant |
ProLiant
BL460c Gen8 |
Yes |
I31 |
2018.05.21 |
Refer
to the Customer Bulletin |
|
|
Servers |
ProLiant |
ProLiant
BL660c Gen8 |
Yes |
I32 |
2018.05.21 |
Refer
to the Customer Bulletin |
|
|
Servers |
ProLiant |
ProLiant
ML350e Gen8 |
Yes |
J02 |
2018.05.21 |
Refer
to the Customer Bulletin |
|
|
Servers |
ProLiant |
ProLiant
ML350e Gen8 v2 |
Yes |
J02 |
2018.05.21 |
Refer
to the Customer Bulletin |
|
|
Servers |
ProLiant |
ProLiant
DL160 Gen8 |
Yes |
J03 |
2018.05.21 |
Refer
to the Customer Bulletin |
|
|
Servers |
ProLiant |
ProLiant
ML310e Gen8 |
Yes |
J04 |
2018.05.21 |
Refer
to the Customer Bulletin |
|
|
Servers |
ProLiant |
ProLiant
DL320e Gen8 |
Yes |
J05 |
2018.05.21 |
Refer
to the Customer Bulletin |
|
|
Servers |
ProLiant |
ProLiant
ML10 v2 |
Yes |
J10 |
2018.05.21 |
Refer
to the Customer Bulletin |
|
|
Servers |
ProLiant |
ProLiant
DL380p Gen8 |
Yes |
P70 |
2018.05.21 |
Refer
to the Customer Bulletin |
|
|
Servers |
ProLiant |
ProLiant
DL360p Gen8 |
Yes |
P71 |
2018.05.21 |
Refer
to the Customer Bulletin |
|
|
Servers |
ProLiant |
ProLiant
ML350p Gen8 |
Yes |
P72 |
2018.05.21 |
Refer
to the Customer Bulletin |
|
|
Servers |
ProLiant |
ProLiant
DL360e Gen8 |
Yes |
P73 |
2018.05.21 |
Refer
to the Customer Bulletin |
|
|
Servers |
ProLiant |
ProLiant
DL380e Gen8 |
Yes |
P73 |
2018.05.21 |
Refer
to the Customer Bulletin |
|
|
Servers |
ProLiant |
ProLiant
DL560 Gen8 |
Yes |
P77 |
2018.05.21 |
Refer
to the Customer Bulletin |
|
|
Servers |
ProLiant |
ProLiant
ML310e Gen8 v2 |
Yes |
P78 |
2018.05.21 |
Refer
to the Customer Bulletin |
|
|
Servers |
ProLiant |
ProLiant
XL220a Gen8 v2 |
Yes |
|
2018.05.21 |
Refer
to the Customer Bulletin |
|
|
Servers |
ProLiant |
ProLiant
DL320e Gen8 v2 |
Yes |
P80 |
2018.05.21 |
Refer
to the Customer Bulletin |
|
|
Servers |
ProLiant |
ProLiant
ML10 |
Yes |
P88 |
2018.05.21 |
Refer
to the Customer Bulletin |
|
|
Servers |
ProLiant |
ProLiant
DL580 Gen9 |
Yes |
U17 |
v2.60 |
Refer
to the Customer Bulletin |
||
Servers |
ProLiant |
ProLiant
Thin Micro TM200 |
Yes |
U26 |
v2.60 |
Refer
to the Customer Bulletin |
|
|
Servers |
ProLiant |
ProLiant
DL980 G7 |
Yes |
P66 |
2018.05.21 |
Refer
to the Customer Bulletin |
|
|
Servers |
ProLiant |
ProLiant
BL460c Gen10 |
Yes |
I41 |
v1.42 |
Refer
to the Customer Bulletin |
|
|
Servers |
ProLiant |
ProLiant
DL380 Gen10 |
Yes |
U30 |
v1.42 |
Refer
to the Customer Bulletin |
|
|
Servers |
ProLiant |
ProLiant
DL180 Gen10 |
Yes |
U31 |
v1.42 |
Refer
to the Customer Bulletin |
|
|
Servers |
ProLiant |
ProLiant
DL360 Gen10 |
Yes |
U32 |
v1.42 |
Refer
to the Customer Bulletin |
|
|
Servers |
ProLiant |
ProLiant
ML110 Gen10 |
Yes |
U33 |
v1.42 |
Refer
to the Customer Bulletin |
|
|
Servers |
ProLiant |
ProLiant
DL560 Gen10 |
Yes |
U34 |
v1.42 |
Refer
to the Customer Bulletin |
|
|
Servers |
ProLiant |
ProLiant
DL580 Gen10 |
Yes |
U34 |
v1.42 |
Refer
to the Customer Bulletin |
|
|
Servers |
ProLiant |
ProLiant
DL120 Gen10 |
Yes |
U36 |
v1.42 |
Refer
to the Customer Bulletin |
|
|
Servers |
ProLiant |
ProLiant
ML350 Gen10 |
Yes |
U41 |
v1.42 |
Refer
to the Customer Bulletin |
|
|
Servers |
ProLiant |
ProLiant
DL580 Gen8 |
Yes |
P79 |
v2.20 |
Refer
to the Customer Bulletin |
||
Servers |
ProLiant |
ProLiant
DL20 Gen9 |
Yes |
U22 |
v2.60 |
Refer
to the Customer Bulletin |
||
Servers |
ProLiant |
ProLiant
ML30 Gen9 |
Yes |
U23 |
v2.60 |
Refer
to the Customer Bulletin |
||
Servers |
ProLiant |
ProLiant
BL460c Gen9 |
Yes |
I36 |
v2.60 |
Refer
to the Customer Bulletin |
||
Servers |
ProLiant |
ProLiant
WS460c Gen9 |
Yes |
I36 |
v2.60 |
Refer
to the Customer Bulletin |
||
Servers |
ProLiant |
ProLiant
BL660c Gen9 |
Yes |
I38 |
v2.60 |
Refer
to the Customer Bulletin |
||
Servers |
ProLiant |
ProLiant
DL560 Gen9 |
Yes |
P85 |
v2.60 |
Refer
to the Customer Bulletin |
||
Servers |
ProLiant |
ProLiant
DL120 Gen9 |
Yes |
P86 |
v2.60 |
Refer
to the Customer Bulletin |
||
Servers |
ProLiant |
ProLiant
DL380 Gen9 |
Yes |
P89 |
v2.60 |
Refer
to the Customer Bulletin |
||
Servers |
ProLiant |
ProLiant
DL360 Gen9 |
Yes |
P89 |
v2.60 |
Refer
to the Customer Bulletin |
||
Servers |
ProLiant |
ProLiant
ML350 Gen9 |
Yes |
P92 |
v2.60 |
Refer
to the Customer Bulletin |
||
Servers |
ProLiant |
ProLiant
ML150 Gen9 |
Yes |
P95 |
v2.60 |
Refer
to the Customer Bulletin |
||
Servers |
ProLiant |
ProLiant
ML110 Gen9 |
Yes |
P99 |
v2.60 |
Refer
to the Customer Bulletin |
||
Servers |
ProLiant |
ProLiant
DL60 Gen9 |
Yes |
U15 |
v2.60 |
Refer
to the Customer Bulletin |
||
Servers |
ProLiant |
ProLiant
DL80 Gen9 |
Yes |
U15 |
v2.60 |
Refer
to the Customer Bulletin |
||
Servers |
ProLiant |
ProLiant
DL160 Gen9 |
Yes |
U20 |
v2.60 |
Refer
to the Customer Bulletin |
||
Servers |
ProLiant |
ProLiant
DL180 Gen9 |
Yes |
U20 |
v2.60 |
Refer
to the Customer Bulletin |
||
Servers |
ProLiant |
ProLiant
XL260a Gen9 |
No |
U24 |
|
Not
Vulnerable - Product doesn't allow arbitrary code execution. |
|
|
Servers |
ProLiant |
ProLiant
Microserver Gen8 |
Yes |
J06 |
2018.05.21 |
Refer
to the Customer Bulletin |
|
|
Servers |
ProLiant |
ProLiant
SL4540 Gen8 |
Yes |
P74 |
2018.05.21 |
Refer
to the Customer Bulletin |
|
|
Servers |
ProLiant |
ProLiant
SL230s Gen8 |
Yes |
P75 |
2018.05.21 |
Refer
to the Customer Bulletin |
|
|
Servers |
ProLiant |
ProLiant
SL250s Gen8 |
Yes |
P75 |
2018.05.21 |
Refer
to the Customer Bulletin |
|
|
Servers |
ProLiant |
ProLiant
SL270s Gen8 |
Yes |
P75 |
2018.05.21 |
Refer
to the Customer Bulletin |
|
|
Servers |
ProLiant |
ProLiant
SL210t Gen8 |
Yes |
P83 |
2018.05.21 |
Refer
to the Customer Bulletin |
|
|
Servers |
ProLiant |
ProLiant
DL160 Gen10 |
Yes |
U31 |
v1.42 |
Refer
to the Customer Bulletin |
|
|
Servers |
Synergy |
Synergy
620 Gen9 Compute Module |
Yes |
I40 |
v2.60 |
Refer
to the Customer Bulletin |
||
Servers |
Synergy |
Synergy
680 Gen9 Compute Module |
Yes |
I40 |
v2.60 |
Refer
to the Customer Bulletin |
||
Servers |
Synergy |
Synergy
480 Gen10 Compute Module |
Yes |
I42 |
v1.42 |
Refer
to the Customer Bulletin |
|
|
Servers |
Synergy |
Synergy
660 Gen10 Compute Module |
Yes |
I43 |
v1.42 |
Refer
to the Customer Bulletin |
|
|
Servers |
Synergy |
Synergy
480 Gen9 Compute Module |
Yes |
I37 |
v2.60 |
Refer
to the Customer Bulletin |
||
Servers |
Synergy |
Synergy
660 Gen9 Compute Module |
Yes |
I39 |
v2.60 |
Refer
to the Customer Bulletin |
||
Servers |
HPE
OneView |
HPE
OneView |
Yes |
|
|
Not
Vulnerable - Product doesn't allow arbitrary code execution. |
|
|
Servers |
HPE OneView |
HPE
OneView Global Dashboard |
Yes |
|
|
Not
Vulnerable - Product doesn't allow arbitrary code execution. |
|
|
Servers |
Synergy |
Image
Streamer |
Yes |
|
|
Under
investigation |
|
|
Servers |
ProLiant |
ProLiant
BL620c G7 |
Yes |
I25 |
2018.05.21 |
Refer
to the Customer Bulletin |
|
|
Servers |
ProLiant |
ProLiant
BL680c G7 |
Yes |
I25 |
2018.05.21 |
Refer
to the Customer Bulletin |
|
|
Servers |
ProLiant |
ProLiant
DL580 G7 |
Yes |
P65 |
2018.05.21 |
Refer
to the Customer Bulletin |
|
|
Servers |
ProLiant |
ProLiant
BL460c G7 |
Yes |
I27 |
2018.05.21 |
Refer
to the Customer Bulletin |
|
|
Servers |
ProLiant |
ProLiant
BL490c G7 |
Yes |
I28 |
2018.05.21 |
Refer
to the Customer Bulletin |
|
|
Servers |
ProLiant |
ProLiant
BL2x220c G7 |
Yes |
I29 |
2018.05.21 |
Refer
to the Customer Bulletin |
|
|
Servers |
ProLiant |
ProLiant
DL380 G7 |
Yes |
P67 |
2018.05.21 |
Refer
to the Customer Bulletin |
|
|
Servers |
ProLiant |
ProLiant
DL360 G7 |
Yes |
P68 |
2018.05.21 |
Refer
to the Customer Bulletin |
|
|
Servers |
ProLiant |
ProLiant
SL390s G7 |
Yes |
P69 |
2018.05.21 |
Refer
to the Customer Bulletin |
|
|
Servers |
ProLiant |
ProLiant
DL380 G7 SE |
Yes |
V67 |
2018.05.21 |
Refer
to the Customer Bulletin |
|
|
Servers |
ProLiant |
ProLiant
ML110 G7 |
Yes |
J01 |
2018.05.21 |
Refer
to the Customer Bulletin |
|
|
Servers |
ProLiant |
ProLiant
DL120 G7 |
Yes |
J01 |
2018.05.21 |
Refer
to the Customer Bulletin |
|
|
Servers |
ProLiant |
ProLiant
ML350 G6 |
Yes |
D22 |
2018.05.21 |
Refer
to the Customer Bulletin |
|
|
Servers |
ProLiant |
ProLiant
BL490c G6 |
Yes |
I21 |
2018.05.21 |
Refer
to the Customer Bulletin |
|
|
Servers |
ProLiant |
ProLiant
BL280c G6 |
Yes |
I22 |
2018.05.21 |
Refer
to the Customer Bulletin |
|
|
Servers |
ProLiant |
ProLiant
BL460c G6 |
Yes |
I24 |
2018.05.21 |
Refer
to the Customer Bulletin |
|
|
Servers |
ProLiant |
ProLiant
BL2x220c G6 |
Yes |
I26 |
2018.05.21 |
Refer
to the Customer Bulletin |
|
|
Servers |
ProLiant |
ProLiant
DL380 G6 |
Yes |
P62 |
2018.05.21 |
Refer
to the Customer Bulletin |
|
|
Servers |
ProLiant |
ProLiant
ML370 G6 |
Yes |
P63 |
2018.05.21 |
Refer
to the Customer Bulletin |
|
|
Servers |
ProLiant |
ProLiant
DL370 G6 |
Yes |
P63 |
2018.05.21 |
Refer
to the Customer Bulletin |
|
|
Servers |
ProLiant |
ProLiant
DL360 G6 |
Yes |
P64 |
2018.05.21 |
Refer
to the Customer Bulletin |
|
|
Servers |
ProLiant |
ProLiant
ML330 G6 |
Yes |
W07 |
2018.05.21 |
Refer
to the Customer Bulletin |
|
|
Servers |
ProLiant |
ProLiant
DL320 G6 |
Yes |
W07 |
2018.05.21 |
Refer
to the Customer Bulletin |
|
|
Servers |
ProLiant |
ProLiant
DL385 Gen10 (AMD System) |
Yes |
A40 |
|
System
ROM update not required / OS update only |
|
|
Servers |
Moonshot |
ProLiant
m700 server cartridge (AMD System) |
Yes |
A34 |
|
System
ROM update not required / OS update only |
|
|
Servers |
Moonshot |
ProLiant
m700p server cartridge (AMD System) |
Yes |
A35 |
|
System
ROM update not required / OS update only |
|
|
Servers |
ProLiant |
ProLiant
BL465c Gen8 (AMD System) |
Yes |
A26 |
|
System
ROM update not required / OS update only |
|
|
Servers |
ProLiant |
ProLiant
DL585 G7 (AMD System) |
Yes |
A16 |
|
System
ROM update not required / OS update only |
|
|
Servers |
ProLiant |
ProLiant
DL385 G7 (AMD System) |
Yes |
A18 |
|
System
ROM update not required / OS update only |
|
|
Servers |
ProLiant |
ProLiant
BL465c G7 (AMD System) |
Yes |
A19 |
|
System
ROM update not required / OS update only |
|
|
Servers |
ProLiant |
ProLiant
BL685c G7 (AMD System) |
Yes |
A20 |
|
System
ROM update not required / OS update only |
|
|
Servers |
ProLiant |
ProLiant
SL4545 G7 (AMD System) |
Yes |
A31 |
|
System
ROM update not required / OS update only |
|
|
Servers |
ProLiant |
ProLiant
DL385p Gen8 (AMD System) |
Yes |
A28 |
|
System
ROM update not required / OS update only |
|
|
Servers |
ProLiant |
ProLiant
DL160 G6 |
Yes |
|
|
HPE
will not provide patched microcode: HPE recommends customers mitigate the
vulnerability by applying OS patches |
|
|
Servers |
ProLiant |
ProLiant
SL160z G6 |
Yes |
|
|
HPE
will not provide patched microcode: HPE recommends customers mitigate the vulnerability
by applying OS patches |
|
|
Servers |
ProLiant |
ProLiant
SL160s G6 |
Yes |
|
|
HPE
will not provide patched microcode: HPE recommends customers mitigate the
vulnerability by applying OS patches |
|
|
Servers |
ProLiant |
ProLiant
DL180 G6 |
Yes |
|
|
HPE
will not provide patched microcode: HPE recommends customers mitigate the
vulnerability by applying OS patches |
|
|
Servers |
ProLiant |
ProLiant
ML150 G6 |
Yes |
|
|
HPE
will not provide patched microcode: HPE recommends customers mitigate the
vulnerability by applying OS patches |
|
|
Servers |
ProLiant |
ProLiant
DL120 G6 |
Yes |
|
|
HPE
will not provide patched microcode: HPE recommends customers mitigate the
vulnerability by applying OS patches |
|
|
Servers |
ProLiant |
ProLiant
ML110 G6 |
Yes |
|
|
HPE
will not provide patched microcode: HPE recommends customers mitigate the
vulnerability by applying OS patches |
|
|
Servers |
ProLiant |
ProLiant
SL170s G6 |
Yes |
|
|
HPE
will not provide patched microcode: HPE recommends customers mitigate the
vulnerability by applying OS patches |
|
|
Servers |
ProLiant |
ProLiant
DL170h G6 |
Yes |
|
|
HPE
will not provide patched microcode: HPE recommends customers mitigate the
vulnerability by applying OS patches |
|
|
Servers |
ProLiant |
ProLiant
DL170e G6 |
Yes |
|
|
HPE
will not provide patched microcode: HPE recommends customers mitigate the
vulnerability by applying OS patches |
|
|
Servers |
ProLiant |
ProLiant
SL170z G6 |
Yes |
|
|
HPE
will not provide patched microcode: HPE recommends customers mitigate the
vulnerability by applying OS patches |
|
|
Servers |
ProLiant |
ProLiant
SL2x170z G6 |
Yes |
|
|
HPE
will not provide patched microcode: HPE recommends customers mitigate the
vulnerability by applying OS patches |
|
|
SGI |
SGI |
SGI
UV 30 |
Yes |
|
|
Under
investigation |
|
|
SGI |
SGI |
SGI
UV 3000 |
Yes |
|
2018.06 |
Refer
to the Customer Bulletin |
|
|
SGI |
SGI |
SGI
UV 2000 |
Yes |
|
2018.07 |
Refer
to the Customer Bulletin |
|
|
SGI |
SGI |
SGI
UV 20 |
Yes |
|
|
Under
investigation |
|
|
SGI |
SGI |
SGI
UV 10 |
Yes |
|
|
Under
investigation |
|
|
SGI |
SGI |
SGI
UV 100 |
Yes |
|
2018.07 |
Refer
to the Customer Bulletin |
|
|
SGI |
SGI |
SGI
UV 1000 |
Yes |
|
2018.07 |
Refer
to the Customer Bulletin |
|
|
SGI |
SGI |
SGI
Rackable |
Yes |
|
|
Under
investigation |
|
|
SGI |
SGI |
SGI
ICE |
Yes |
|
|
Under
investigation |
|
|
SGI |
SGI |
SGI
MIS |
Yes |
|
|
Under
investigation |
|
|
Simplivity |
Simplivity |
HPE
SimpliVity 380 Gen9 Nodes |
Yes |
|
3.7.6 |
https://www.hpe.com/global/swpublishing/MTX-cf09d56a64b44b85b9a1cc5bdd |
|
|
Simplivity |
Simplivity |
HPE
SimpliVity 380 Gen10 Nodes |
Yes |
|
3.7.6 |
https://www.hpe.com/global/swpublishing/MTX-cf09d56a64b44b85b9a1cc5bdd |
|
|
Simplivity |
Simplivity |
SimpliVity OmniCube |
Yes |
|
3.7.6 |
https://www.hpe.com/global/swpublishing/MTX-cf09d56a64b44b85b9a1cc5bdd |
|
|
Simplivity |
Simplivity |
SimpliVity OmniStack
for Cisco |
Yes |
|
3.7.6 |
https://www.hpe.com/global/swpublishing/MTX-cf09d56a64b44b85b9a1cc5bdd |
|
|
Simplivity |
Simplivity |
SimpliVity OmniStack
for DELL |
Yes |
|
3.7.6 |
https://www.hpe.com/global/swpublishing/MTX-cf09d56a64b44b85b9a1cc5bdd |
|
|
Simplivity |
Simplivity |
SimpliVity OmniStack
for Lenovo |
Yes |
|
3.7.6 |
https://www.hpe.com/global/swpublishing/MTX-cf09d56a64b44b85b9a1cc5bdd |
|
|
Storage |
3PAR |
3PAR
StoreServ 7xxx |
Yes |
|
|
Not
Vulnerable - Product doesn't allow arbitrary code execution. |
|
|
Storage |
3PAR |
3PAR
StoreServ 8xxx |
Yes |
|
|
Not
Vulnerable - Product doesn't allow arbitrary code execution. |
|
|
Storage |
3PAR |
3PAR
StoreServ 9xxx |
Yes |
|
|
Not
Vulnerable - Product doesn't allow arbitrary code execution. |
|
|
Storage |
3PAR |
3PAR
StoreServ 10xxx |
No |
|
|
Not
Vulnerable. |
|
|
Storage |
3PAR |
3PAR
StoreServ 20xxx |
Yes |
|
|
Not
Vulnerable - Product doesn't allow arbitrary code execution. |
|
|
Storage |
3PAR |
3PAR
StoreServ Service Processor DL120 G8 |
Yes |
|
|
Not
Vulnerable - Product doesn't allow arbitrary code execution. |
|
|
Storage |
3PAR |
3PAR
StoreServ Service Processor DL320e G8 |
Yes |
|
|
Not
Vulnerable - Product doesn't allow arbitrary code execution. |
|
|
Storage |
3PAR |
3PAR
StoreServ Service Processor DL120 G9 v3 |
Yes |
|
|
Not
Vulnerable - Product doesn't allow arbitrary code execution. |
|
|
Storage |
3PAR |
3PAR
StoreServ Service Processor DL120 G9 v4 |
Yes |
|
|
Not
Vulnerable - Product doesn't allow arbitrary code execution. |
|
|
Storage |
3PAR |
3PAR
StoreServ Service Processor DL360e G8 |
Yes |
|
|
Not
Vulnerable - Product doesn't allow arbitrary code execution. |
|
|
Storage |
3PAR |
3PAR
StoreServ File Controller v3 |
Yes |
|
|
Under
Investigation |
|
|
Storage |
3PAR |
StoreVirtual 3000 File Controller |
Yes |
|
|
Under
Investigation |
|
|
Storage |
XP |
XP7
Gen1 and Gen2 SVP & MP |
Yes |
|
|
Not
Vulnerable - Product doesn't allow arbitrary code execution. |
|
|
Storage |
StoreEasy |
StoreEasy 1450 |
Yes |
|
|
Under
Investigation |
|
|
Storage |
StoreEasy |
StoreEasy 1550 |
Yes |
|
|
Under
Investigation |
|
|
Storage |
StoreEasy |
StoreEasy 1650 |
Yes |
|
|
Under
Investigation |
|
|
Storage |
StoreEasy |
StoreEasy 1650E |
Yes |
|
|
Under
Investigation |
|
|
Storage |
StoreEasy |
StoreEasy 1850 |
Yes |
|
|
Under
Investigation |
|
|
Storage |
StoreEasy |
StoreEasy 3850 |
Yes |
|
|
Under
Investigation |
|
|
Storage |
StoreOnce |
StoreOnce
3100 |
Yes |
|
|
Not
Vulnerable - Product doesn't allow arbitrary code execution. |
|
|
Storage |
StoreOnce |
StoreOnce
3520 |
Yes |
|
|
Not
Vulnerable - Product doesn't allow arbitrary code execution. |
|
|
Storage |
StoreOnce |
StoreOnce
3540 |
Yes |
|
|
Not
Vulnerable - Product doesn't allow arbitrary code execution. |
|
|
Storage |
StoreOnce |
StoreOnce
5100 |
Yes |
|
|
Not
Vulnerable - Product doesn't allow arbitrary code execution. |
|
|
Storage |
StoreOnce |
StoreOnce
5500 |
Yes |
|
|
Not
Vulnerable - Product doesn't allow arbitrary code execution. |
|
|
Storage |
StoreOnce |
StoreOnce
6600 |
Yes |
|
|
Not
Vulnerable - Product doesn't allow arbitrary code execution. |
|
|
Storage |
StoreOnce |
StoreOnce
2700 capacity upgrades only |
Yes |
|
|
Not
Vulnerable - Product doesn't allow arbitrary code execution. |
|
|
Storage |
StoreOnce |
StoreOnce
2900 capacity upgrades only |
Yes |
|
|
Not
Vulnerable - Product doesn't allow arbitrary code execution. |
|
|
Storage |
StoreOnce |
StoreOnce
4500 capacity upgrades only |
Yes |
|
|
Not
Vulnerable - Product doesn't allow arbitrary code execution. |
|
|
Storage |
StoreOnce |
StoreOnce
4700 capacity upgrades only |
Yes |
|
|
Not
Vulnerable - Product doesn't allow arbitrary code execution. |
|
|
Storage |
StoreOnce |
StoreOnce
4900 capacity upgrades only |
Yes |
|
|
Not
Vulnerable - Product doesn't allow arbitrary code execution. |
|
|
Storage |
StoreOnce |
StoreOnce
6500 capacity upgrades only |
Yes |
|
|
Not
Vulnerable - Product doesn't allow arbitrary code execution. |
|
|
Storage |
StoreOnce |
StoreOnce
D2D2502i |
Yes |
|
|
Not
Vulnerable - Product doesn't allow arbitrary code execution. |
|
|
Storage |
StoreOnce |
StoreOnce
D2D2504i |
Yes |
|
|
Not
Vulnerable - Product doesn't allow arbitrary code execution. |
|
|
Storage |
StoreOnce |
StoreOnce
D2D4106i |
Yes |
|
|
Not
Vulnerable - Product doesn't allow arbitrary code execution. |
|
|
Storage |
StoreOnce |
StoreOnce
D2D4106fc |
Yes |
|
|
Not
Vulnerable - Product doesn't allow arbitrary code execution. |
|
|
Storage |
StoreOnce |
StoreOnce
D2D4112 |
Yes |
|
|
Not
Vulnerable - Product doesn't allow arbitrary code execution. |
|
|
Storage |
StoreOnce |
StoreOnce
D2D4312 |
Yes |
|
|
Not
Vulnerable - Product doesn't allow arbitrary code execution. |
|
|
Storage |
StoreOnce |
StoreOnce
D2D4324 |
Yes |
|
|
Not
Vulnerable - Product doesn't allow arbitrary code execution. |
|
|
Storage |
StoreOnce |
StoreOnce
2620 iSCSI |
Yes |
|
|
Not
Vulnerable - Product doesn't allow arbitrary code execution. |
|
|
Storage |
StoreOnce |
StoreOnce
4210 iSCSI |
Yes |
|
|
Not
Vulnerable - Product doesn't allow arbitrary code execution. |
|
|
Storage |
StoreOnce |
StoreOnce
4220 |
Yes |
|
|
Not
Vulnerable - Product doesn't allow arbitrary code execution. |
|
|
Storage |
StoreOnce |
StoreOnce
4420 |
Yes |
|
|
Not
Vulnerable - Product doesn't allow arbitrary code execution. |
|
|
Storage |
StoreOnce |
StoreOnce
4430 |
Yes |
|
|
Not
Vulnerable - Product doesn't allow arbitrary code execution. |
|
|
Storage |
StoreOnce |
StoreOnce
B6200 |
Yes |
|
|
Not
Vulnerable - Product doesn't allow arbitrary code execution. |
|
|
Storage |
MSA |
MSA
1040 |
Yes |
|
|
Not
Vulnerable - Product doesn't allow arbitrary code execution. |
|
|
Storage |
MSA |
MSA
2040 |
Yes |
|
|
Not
Vulnerable - Product doesn't allow arbitrary code execution. |
|
|
Storage |
MSA |
MSA
2042 |
Yes |
|
|
Not
Vulnerable - Product doesn't allow arbitrary code execution. |
|
|
Storage |
MSA |
MSA
1050 |
Yes |
|
|
Not
Vulnerable - Product doesn't allow arbitrary code execution. |
|
|
Storage |
MSA |
MSA
2050 |
Yes |
|
|
Not
Vulnerable - Product doesn't allow arbitrary code execution. |
|
|
Storage |
MSA |
MSA
2052 |
Yes |
|
|
Not
Vulnerable - Product doesn't allow arbitrary code execution. |
|
|
Storage |
MSA |
MSA P2000 G3 |
Yes |
|
|
Not
Vulnerable - Product doesn't allow arbitrary code execution. |
|
|
Storage |
StoreVirtual |
StoreVirtual 3200 |
No |
|
|
Not
Vulnerable. |
|
|
Storage |
StoreVirtual |
StoreVirtual 4130 |
Yes |
|
|
Not
Vulnerable - Product doesn't allow arbitrary code execution. |
|
|
Storage |
StoreVirtual |
StoreVirtual 4330 |
Yes |
|
|
Not
Vulnerable - Product doesn't allow arbitrary code execution. |
|
|
Storage |
StoreVirtual |
StoreVirtual 4330 FC |
Yes |
|
|
Not
Vulnerable - Product doesn't allow arbitrary code execution. |
|
|
Storage |
StoreVirtual |
StoreVirtual 4335 |
Yes |
|
|
Not
Vulnerable - Product doesn't allow arbitrary code execution. |
|
|
Storage |
StoreVirtual |
StoreVirtual 4530 |
Yes |
|
|
Not
Vulnerable - Product doesn't allow arbitrary code execution. |
|
|
Storage |
StoreVirtual |
StoreVirtual 4730 |
Yes |
|
|
Not
Vulnerable - Product doesn't allow arbitrary code execution. |
|
|
Storage |
StoreVirtual |
StoreVirtual 4730 FC |
Yes |
|
|
Not
Vulnerable - Product doesn't allow arbitrary code execution. |
|
|
Storage |
StoreVirtual |
StoreVirtual 4630 |
Yes |
|
|
Not
Vulnerable - Product doesn't allow arbitrary code execution. |
|
|
Storage |
Storage |
XP
P9500 SVP & MP |
Yes |
|
|
Not
Vulnerable - Product doesn't allow arbitrary code execution. Note: SVP is not
Impacted. |
|
|
Storage |
Storage |
XP24000/20000
SVP & MP |
No |
|
|
Not
Vulnerable. |
|
|
Storage |
Storage |
HPE
P4300 G2 Storage System |
Yes |
|
|
Not
Vulnerable - Product doesn't allow arbitrary code execution. |
|
|
Storage |
Storage |
HPE
P4500 G2 Storage System |
Yes |
|
|
Not
Vulnerable - Product doesn't allow arbitrary code execution. |
|
|
Storage |
Storage |
HPE
P4800 G2 SAS SAN BladeSystem |
Yes |
|
|
Not
Vulnerable - Product doesn't allow arbitrary code execution. |
|
|
Storage |
Storage |
HPE
P4900 G2 SSD Storage System |
Yes |
|
|
Not
Vulnerable - Product doesn't allow arbitrary code execution. |
|
|
Storage |
Storage |
StoreFabric B-Series FC Switches |
Yes |
|
|
Not
Vulnerable - Product doesn't allow arbitrary code execution. |
|
|
Storage |
EVA |
HP
EVA Storage |
No |
|
|
Not
Vulnerable. |
|
|
Storage |
Storage |
StoreFabric C-Series FC Switches |
Yes |
|
|
Not
Vulnerable - Product doesn't allow arbitrary code execution. |
|
|
Storage |
3PAR |
3PAR
StoreServ Service Processor Supermicro
II |
No |
|
|
Not
Vulnerable. |
|
|
Storage |
Storage |
StoreFabric M-Series Ethernet Switch Family |
Yes |
|
|
Not
Vulnerable - Product doesn't allow arbitrary code execution. |
|
|
Storage |
StoreEasy |
StoreEasy 1660 |
Yes |
|
|
Under
investigation |
|
|
Storage |
StoreEasy |
StoreEasy 1860 |
Yes |
|
|
Under
investigation |
|
|
Storage |
StoreEasy |
StoreEasy 3850sb |
Yes |
|
|
Under
investigation |
|
|
Storage |
StoreEasy |
StoreEasy 1440 |
Yes |
|
|
Under
investigation |
|
|
Storage |
StoreEasy |
StoreEasy 1540 |
Yes |
|
|
Under
investigation |
|
|
Storage |
StoreEasy |
StoreEasy 1640 |
Yes |
|
|
Under
investigation |
|
|
Storage |
StoreEasy |
StoreEasy 1840 |
Yes |
|
|
Under
investigation |
|
|
Storage |
StoreEasy |
StoreEasy 3840 |
Yes |
|
|
Under
investigation |
|
|
Storage |
StoreEasy |
StoreEasy 3840sb |
Yes |
|
|
Under
investigation |
|
|
Storage |
StoreEasy |
StoreEasy 1430 |
Yes |
|
|
Under
investigation |
|
|
Storage |
StoreEasy |
StoreEasy 1530 |
Yes |
|
|
Under
investigation |
|
|
Storage |
StoreEasy |
StoreEasy 1630 |
Yes |
|
|
Under
investigation |
|
|
Storage |
StoreEasy |
StoreEasy 1830 |
Yes |
|
|
Under
investigation |
|
|
Storage |
StoreEasy |
StoreEasy 3830 |
Yes |
|
|
Under
investigation |
|
|
Storage |
StoreEasy |
StoreEasy 3830sb |
Yes |
|
|
Under
investigation |
|
|
Storage |
StoreEasy |
StoreEasy 5530 |
Yes |
|
|
Under
investigation |
|
|
Storage |
StoreEasy |
X5000
G2 |
Yes |
|
|
Under
investigation |
|
|
Storage |
StoreEasy |
StoreEasy X1400 G2 |
Yes |
|
|
Under
investigation |
|
|
Storage |
StoreEasy |
StoreEasy X1500 G2 |
Yes |
|
|
Under
investigation |
|
|
Storage |
StoreEasy |
StoreEasy X1600 G2 |
Yes |
|
|
Under
investigation |
|
|
Storage |
StoreEasy |
StoreEasy X1800 G2 |
Yes |
|
|
Under
investigation |
|
|
Storage |
StoreEasy |
StoreEasy X3800 G2 |
Yes |
|
|
Under
investigation |
|
|
Storage |
StoreEasy |
StoreEasy X3800sb G2 |
Yes |
|
|
Under
investigation |
|
|