Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2019.2581 IBM has released Unified Extensible Firmware Interface (UEFI) fixes in response to Intel Microarchitectural Data Sampling (MDS) Side Channel vulnerabilities. 12 July 2019 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: IBM Unified Extensible Firmware Interface (UEFI) Publisher: IBM Operating System: Firmware Impact/Access: Access Privileged Data -- Existing Account Resolution: Patch/Upgrade CVE Names: CVE-2019-11091 CVE-2018-12130 CVE-2018-12127 CVE-2018-12126 Reference: ASB-2019.0173 ASB-2019.0138 ESB-2019.2233 ESB-2019.2217 ESB-2019.1706 ESB-2019.1705 Original Bulletin: http://www.ibm.com/support/docview.wss?uid=ibm10958779 http://www.ibm.com/support/docview.wss?uid=ibm10958871 Comment: This bulletin contains two (2) IBM security advisories. - --------------------------BEGIN INCLUDED TEXT-------------------- IBM has released Unified Extensible Firmware Interface (UEFI) fixes in response to Intel Microarchitectural Data Sampling (MDS) Side Channel vulnerabilities. Product: Other xSeries Component: UEFI Operating system(s): Firmware Reference #: 0958779 Security Bulletin Summary IBM has released the following Unified Extensible Firmware Interface (UEFI) fixes for System x, Flex and BladeCenter systems in response to Intel Microarchitectural Data Sampling (MDS) Side Channel vulnerabilities. Vulnerability Details CVEID: CVE-2019-11091 DESCRIPTION: Intel Microprocessor could allow a local authenticated attacker to obtain sensitive information, caused by a Microarchitectural Data Sampling Uncacheable Memory (MDSUM) vulnerability that allows uncacheable memory on some microprocessors utilizing speculative execution. An attacker could exploit this vulnerability using a side-channel attack to obtain data that is being processed in the CPU by other apps. Note: This is called the Zombieload attack. CVSS Base Score: 3.8 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 160993 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N) CVEID: CVE-2018-12130 DESCRIPTION: Intel Microprocessor could allow a local authenticated attacker to obtain sensitive information, caused by a Microarchitectural Data Sampling (MDS) vulnerability that fills buffers on some microprocessors utilizing speculative execution. An attacker could exploit this vulnerability using a side-channel attack to obtain data that is being processed in the CPU by other apps. Note: This is called the Zombieload attack. CVSS Base Score: 6.5 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 160992 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N) CVEID: CVE-2018-12127 DESCRIPTION: Intel Microprocessor could allow a local authenticated attacker to obtain sensitive information, caused by a Microarchitectural Data Sampling (MDS) vulnerability that fills buffers on some microprocessors utilizing speculative execution. An attacker could exploit this vulnerability using a side-channel attack to obtain data that is being processed in the CPU by other apps. Note: This is called the Zombieload attack. CVSS Base Score: 6.5 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 160991 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N) CVEID: CVE-2018-12126 DESCRIPTION: Intel Microprocessor could allow a local authenticated attacker to obtain sensitive information, caused by a Microarchitectural Data Sampling (MDS) vulnerability that stores buffers on some microprocessors utilizing speculative execution. An attacker could exploit this vulnerability using a side-channel attack to obtain data that is being processed in the CPU by other apps. Note: This is called the Zombieload attack. CVSS Base Score: 6.5 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 160990 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N) Affected Products and Versions Product Affected Version BladeCenter HS23 7875/1929 tke1 BladeCenter HS23E 8038/8039 ahe1 Flex System x220 2585/7906 kse1 Flex System x222 7916 cce1 Flex System x240 7863/8737/8738/8956 b2e1 Flex System x280, x480, x880 7903 n2e1 Flex System x440 7917 cne1 System x iDataPlex dx360 M4 7912/7913 tde1 System x NeXtScale nx360 M4 5455 fhe1 System x3100 M4 2582 jqe1 System x3250 M4 2583 System x3100 M5 5457 j9e1 System x3250 M5 5458 jue1 System x3300 M4 7382 yae1 System x3500 M4 7383 y5e1 System x3550 M4 7914 d7e1 System x3630 M4 7158 bee1 System x3530 M4 7160 System x3650 M4 7915 vve1 System x3650 M4 HD 5460 System x3650 M4 BD 5466 yoe1 System x3750 M4 8718/8722/8733/8752 koe1 System x3850 x6 3837/3839 a8e1 System x3950 x6 3839 Remediation/Fixes Firmware fix versions are available on Fix Central: http://www.ibm.com/support/ fixcentral/ Product Fixed Version BladeCenter HS23 7875/1929 tke166c-2.70 (ibm_fw_uefi_tke166c-2.70_anyos_32-64) BladeCenter HS23E 8038/8039 ahe166c-3.10 (ibm_fw_uefi_ahe166c-3.10_anyos_32-64) Flex System x220 2585/7906 kse164c-2.50 (ibm_fw_uefi_kse164c-2.50_anyos_32-64) Flex System x222 7916 cce166c-2.30 (ibm_fw_uefi_cce166c-2.30_anyos_32-64) Flex System x240 7863/8737/8738/8956 b2e168c-2.50 (ibm_fw_uefi_b2e168c-2.50_anyos_32-64) Flex System x280, x480, x880 7903 n2e134d-2.10 (ibm_fw_uefi_n2e134d-2.10_anyos_32-64) Flex System x440 7917 cne168c-2.40 (ibm_fw_uefi_cne168c-2.40_anyos_32-64) System x iDataPlex dx360 M4 7912/7913 tde162c-2.40 (ibm_fw_uefi_tde162c-2.40_anyos_32-64) System x NeXtScale nx360 M4 5455 fhe126c-2.20 (ibm_fw_uefi_fhe126c-2.20_anyos_32-64) System x3100 M4 2582 jqe186b-2.10 System x3250 M4 2583 (ibm_fw_uefi_jqe186b-2.10_anyos_32-64) System x3100 M5 5457 j9e138d-2.00 (ibm_fw_uefi_j9e138d-2.00_anyos_32-64) System x3250 M5 5458 jue138d-2.00 (ibm_fw_uefi_jue138d-2.00_anyos_32-64) System x3300 M4 7382 yae162c-2.40 (ibm_fw_uefi_yae162c-2.40_anyos_32-64) System x3500 M4 7383 y5e164c-2.90 (ibm_fw_uefi_y5e164c-2.90_anyos_32-64) System x3550 M4 7914 d7e170c-3.00 (ibm_fw_uefi_d7e170c-3.00_anyos_32-64) System x3630 M4 7158 bee170c-3.30 System x3530 M4 7160 (ibm_fw_uefi_bee170c-3.30_anyos_32-64) System x3650 M4 7915 vve166c-3.00 System x3650 M4 HD 5460 (ibm_fw_uefi_vve166c-3.00_anyos_32-64) System x3650 M4 BD 5466 yoe132c-2.50 (ibm_fw_uefi_yoe132c-2.50_anyos_32-64) System x3750 M4 8718/8722/8733/8752 koe166d-2.50 (ibm_fw_uefi_koe166d-2.50_anyos_32-64) System x3850 x6 3837/3839 a8e132d-1.90 System x3950 x6 3839 (ibm_fw_uefi_a8e132d-1.90_anyos_32-64) Workarounds and Mitigations None Microarchitectural Data Sampling (MDS) Side Channel Vulnerabilities Change History 09 July 2019: Original version published Cross reference information Product Component Platform Version Edition System x Blades UEFI Firmware All Versions PureFlex System & Flex System UEFI Firmware All Versions - --- IBM has released Unified Extensible Firmware Interface (UEFI) fixes in response to OpenSSL vulnerability CVE-2018-5407 Product: Other xSeries Component: UEFI Operating system(s): Firmware Reference #: 0958871 Security Bulletin Summary IBM has released the following Unified Extensible Firmware Interface (UEFI) fixes for System x, Flex and BladeCenter systems in response to OpenSSL vulnerability CVE-2018-5407. Vulnerability Details CVEID: CVE-2018-5407 DESCRIPTION: Multiple SMT/Hyper-Threading architectures and processors could allow a local attacker to obtain sensitive information, caused by execution engine sharing on Simultaneous Multithreading (SMT) architecture. By using the PortSmash new side-channel attack, an attacker could run a malicious process next to legitimate processes using the architectures parallel thread running capabilities to leak encrypted data from the CPU''s internal processes. Note: This vulnerability is known as PortSmash. CVSS Base Score: 5.1 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 152484 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N) Affected Products and Versions Product Affected Version BladeCenter HS23 7875/1929 tke1 BladeCenter HS23E 8038/8039 ahe1 Flex System x220 2585/7906 kse1 Flex System x222 7916 cce1 Flex System x240 7863/8737/8738/8956 b2e1 Flex System x280, x480, x880 7903 n2e1 Flex System x440 7917 cne1 System x iDataPlex dx360 M4 7912/7913 tde1 System x NeXtScale nx360 M4 5455 fhe1 System x3100 M5 5457 j9e1 System x3250 M5 5458 jue1 System x3300 M4 7382 yae1 System x3500 M4 7383 y5e1 System x3550 M4 7914 d7e1 System x3630 M4 7158 bee1 System x3530 M4 7160 System x3650 M4 7915 vve1 System x3650 M4 HD 5460 System x3650 M4 BD 5466 yoe1 System x3750 M4 8718/8722/8733/8752 koe1 System x3850 x6 3837/3839 a8e1 System x3950 x6 3839 Remediation/Fixes Firmware fix versions are available on Fix Central: http://www.ibm.com/support/ fixcentral/ Product Fixed Version BladeCenter HS23 7875/1929 tke166c-2.70 (ibm_fw_uefi_tke166c-2.70_anyos_32-64) BladeCenter HS23E 8038/8039 ahe166c-3.10 (ibm_fw_uefi_ahe166c-3.10_anyos_32-64) Flex System x220 2585/7906 kse164c-2.50 (ibm_fw_uefi_kse164c-2.50_anyos_32-64) Flex System x222 7916 cce166c-2.30 (ibm_fw_uefi_cce166c-2.30_anyos_32-64) Flex System x240 7863/8737/8738/8956 b2e168c-2.50 (ibm_fw_uefi_b2e168c-2.50_anyos_32-64) Flex System x280, x480, x880 7903 n2e134d-2.10 (ibm_fw_uefi_n2e134d-2.10_anyos_32-64) Flex System x440 7917 cne168c-2.40 (ibm_fw_uefi_cne168c-2.40_anyos_32-64) System x iDataPlex dx360 M4 7912/7913 tde162c-2.40 (ibm_fw_uefi_tde162c-2.40_anyos_32-64) System x NeXtScale nx360 M4 5455 fhe126c-2.20 (ibm_fw_uefi_fhe126c-2.20_anyos_32-64) System x3100 M5 5457 j9e138d-2.00 (ibm_fw_uefi_j9e138d-2.00_anyos_32-64) System x3250 M5 5458 jue138d-2.00 (ibm_fw_uefi_jue138d-2.00_anyos_32-64) System x3300 M4 7382 yae162c-2.40 (ibm_fw_uefi_yae162c-2.40_anyos_32-64) System x3500 M4 7383 y5e164c-2.90 (ibm_fw_uefi_y5e164c-2.90_anyos_32-64) System x3550 M4 7914 d7e170c-3.00 (ibm_fw_uefi_d7e170c-3.00_anyos_32-64) System x3630 M4 7158 bee170c-3.30 System x3530 M4 7160 (ibm_fw_uefi_bee170c-3.30_anyos_32-64) System x3650 M4 7915 vve166c-3.00 System x3650 M4 HD 5460 (ibm_fw_uefi_vve166c-3.00_anyos_32-64) System x3650 M4 BD 5466 yoe132c-2.50 (ibm_fw_uefi_yoe132c-2.50_anyos_32-64) System x3750 M4 8718/8722/8733/8752 koe166d-2.50 (ibm_fw_uefi_koe166d-2.50_anyos_32-64) System x3850 x6 3837/3839 a8e132d-1.90 System x3950 x6 3839 (ibm_fw_uefi_a8e132d-1.90_anyos_32-64) Workarounds and Mitigations None Change History 10 July 2019: Original version published Cross reference information Product Component Platform Version Edition System x Blades UEFI Firmware All Versions PureFlex System & Flex System UEFI Firmware All Versions - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBXSgZC2aOgq3Tt24GAQiHkg/+MuLqtmEouD/itSdm67O33LE2Dy+ORPBZ IMFB8yBRYWgTqowKUSsuZ4yfTEK6Yk98CCW6CVgFWsJruiuShmGJz7wJGx4ylPPW Qx7Ey7sRs8f3J23VKogcqnPC9EsGra8qRuzLrre+FgABBUtSgiJQGzRGG5EG0SZN BcStbnYEfL1c5YQLnknlXXpCxNnWHhx2BgjhIs8f0u7lHfsWrsxp662je0uRkaVV u7FBRfT0G5Eyrv+B0bbQlyPBGbsVDEY8GZ04GGZNi2v3367nDOzOHlDYjOo4fNkA 5FsODwW6dn9EWli900Qg51raJfJOQZU9eKzn/4syxpktqF+T1MyAGjfqEKSOBlNt RkUx3O6MNQ/6vw8D5NcH+gF3/FLfMUSeRl6/H7F0WEOpfaYFVC8xLUq1GPSClE1K 1JPn4Qo1oc9Ot6udwCv0SWi5qjJxjR9qcnMo7RNpjLlVzJFfYSBAvch/T9kDoxur cbP0QaikpE+oMgBozagJALLeWmCRRwiChKS2FSTQdjZZ+UuGpi/4rbtdCU+akAqu AiyN/wE0SY1cQdhrZnClvx7gA8C3gXHed7lxfloRU+1F6ft9su4JAwE1nMgiazgC zPzFYF3vFWZjUnuGpxHXOWg9EeoHc8s5FC7OmYpJzqUF0r84yGK8C15yghi6PEmW 7JozsjNFtSA= =003D -----END PGP SIGNATURE-----