Security Notice – Statement on the Side Channel Vulnerabilities “MDS” of Chips
- Initial Release Date: 2019-05-30 11:18:30
- last Release Date: 2019-06-11 15:36:32
Vulnerability Summary
On May 14, 2019, Intel disclosed four new side channel vulnerabilities (CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, and CVE-2019-11091), Intel unified this series of vulnerabilities into Microarchitectural Data Sampling vulnerabilities. The exploitation of these vulnerabilities requires an attacker to embed malicious code in the target device, mainly for local use. In some cases, it may also be remotely exploited through JS code and malicious websites. These attack methods can be effective in both PC and cloud environments. They can cause applications, operating system virtual machines, and trusted execution environments to disclose sensitive information, including passwords, website content, disk encryption keys, and browser history.
Inspur provides product vulnerability solutions through SA. Inspur has issued Security Advisory (SA) for these vulnerabilities.
Product Impact
| NF5888M5 | NF5466M5 | NS5484M5 | NF5170M4 |
| TS860M5 | NF8260M5 | NS5482M5 | NF8480M4 |
| NF5468M5 | NS5162M5 | NX5460M5 | NF5270M4 |
| NF5180M5 | NF5266M5 | NF5288M5 | NF8460M4 |
| NF5280M5 | SN5161M5 | SA5212M4 | NF5460M4 |
| NF8380M5 | NF8480M5 | NF5180M4 | NX8X80M4 |
| NF5270M5 | NS5488M5 | NF5280M4 | TS860G3 |
Resource
[1]Intel: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00233.html
[2]Red Hat: https://access.redhat.com/security/vulnerabilities/mds
[3]Microsoft: https://support.microsoft.com/en-us/help/4457951/windows-guidance-to-protect-against-speculative-execution-side-channel
Revision History
2019-06-11 V1.1 UPDATED Increase the link of SA
2019-06-08 V1.1 UPDATED Increase the list of affected products
2019-05-30 V1.0 INITIAL
Declaration
Inspur shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided “as is” without warranty of any kind. To the extent permitted by law, Inspur disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement. In no event shall Inspur or any of its directly or indirectly controlled subsidiaries or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages. Your use of the document, by whatsoever means, will be totally at your own risk. Inspur is entitled to amend or update this document from time to time.