Professional Documents
Culture Documents
Problem Description
A major security flaw related to the microarchitectural implementation on many microprocessors has been
found. All CPUs using out of order execution model and specially speculative execution and branch prediction
are possibly concerned.
https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00088&languageid=en-fr
This flaw is divided into 3 variants, each described in a specific CVE publicly available:
- Variant 1: CVE-2017-5753, [1]
- Variant 2: CVE-2017-5715, [2]
These 2 variants are known as "Spectre" flaw and affect CPUs from different vendors: Intel,
ARM and AMD. Spectre can be used to grant access to sensitive information in other
applications memory region.
- Variant 3: CVE-2017-5754, [3]
This variant is known as "Meltdown" flaw and affects only Intel CPUs. Meltdown allows access to
privileged memory region (kernel) from user space.
Proposed Solution
❶ CPU microcode update:
- New firmware providing patched microcode for Broadwell and Haswell CPU’s is released and can be
downloaded on SOL Web site: https://support.bull.com/ols/product/platforms/bullion
- New firmware for Ivybridge CPU’s is under development by Intel and will be released as they become
available to us on SOL Website.
Red Hat:
RedHat Security/Vulnerability Responses CVE-2017-5754 CVE-2017-5753 CVE-2017-5715:
https://access.redhat.com/security/vulnerabilities/speculativeexecution
VMware:
VMware has published VMware Security Advisory VMSA-2018-0002 :
https://www.vmware.com/security/advisories/VMSA-2018-0002.html
Bull Customized ESXi image for Bullion will be updated and published on SOL Web site:
https://support.bull.com/ols/product/platforms/bullion/bullion-S/dl/pkgf/esxi
SUSE:
SUSE Linux security updates CVE-2017-5715/ CVE-2017-5753/ CVE-2017-5754/
https://www.suse.com/security/cve/CVE-2017-5715/
https://www.suse.com/security/cve/CVE-2017-5753/
https://www.suse.com/security/cve/CVE-2017-5754/
Microsoft:
Security Advisory 180002: Guidance to mitigate speculative execution side-channel vulnerabilities:
https://portal.msrc.microsoft.com/en-US/security-guidance
https://support.microsoft.com/en-us/help/4072698/windows-server-guidance-to-protect-against-the-
speculative-execution
https://support.microsoft.com/en-us/help/4072699/january-3-2018-windows-security-updates-and-
antivirus-software
Bull Atos Engineering and Support is working with Intel and OS software developers to evaluate the impact on
systems performance and the way to monitor it on Bullion solutions.
If you have any questions or would like information on our current offerings or upgrade products, please contact
your local Atos/Bull sales or customer service representative.
Sincerely,