Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2019.2581
IBM has released Unified Extensible Firmware Interface (UEFI) fixes in
response to Intel Microarchitectural Data Sampling (MDS)
Side Channel vulnerabilities.
12 July 2019
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: IBM Unified Extensible Firmware Interface (UEFI)
Publisher: IBM
Operating System: Firmware
Impact/Access: Access Privileged Data -- Existing Account
Resolution: Patch/Upgrade
CVE Names: CVE-2019-11091 CVE-2018-12130 CVE-2018-12127
CVE-2018-12126
Reference: ASB-2019.0173
ASB-2019.0138
ESB-2019.2233
ESB-2019.2217
ESB-2019.1706
ESB-2019.1705
Original Bulletin:
http://www.ibm.com/support/docview.wss?uid=ibm10958779
http://www.ibm.com/support/docview.wss?uid=ibm10958871
Comment: This bulletin contains two (2) IBM security advisories.
- --------------------------BEGIN INCLUDED TEXT--------------------
IBM has released Unified Extensible Firmware Interface (UEFI) fixes in response
to Intel Microarchitectural Data Sampling (MDS) Side Channel vulnerabilities.
Product: Other xSeries
Component: UEFI
Operating system(s): Firmware
Reference #: 0958779
Security Bulletin
Summary
IBM has released the following Unified Extensible Firmware Interface (UEFI)
fixes for System x, Flex and BladeCenter systems in response to Intel
Microarchitectural Data Sampling (MDS) Side Channel vulnerabilities.
Vulnerability Details
CVEID: CVE-2019-11091
DESCRIPTION: Intel Microprocessor could allow a local authenticated attacker to
obtain sensitive information, caused by a Microarchitectural Data Sampling
Uncacheable Memory (MDSUM) vulnerability that allows uncacheable memory on some
microprocessors utilizing speculative execution. An attacker could exploit this
vulnerability using a side-channel attack to obtain data that is being
processed in the CPU by other apps. Note: This is called the Zombieload attack.
CVSS Base Score: 3.8
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
160993 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N)
CVEID: CVE-2018-12130
DESCRIPTION: Intel Microprocessor could allow a local authenticated attacker to
obtain sensitive information, caused by a Microarchitectural Data Sampling
(MDS) vulnerability that fills buffers on some microprocessors utilizing
speculative execution. An attacker could exploit this vulnerability using a
side-channel attack to obtain data that is being processed in the CPU by other
apps. Note: This is called the Zombieload attack.
CVSS Base Score: 6.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
160992 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N)
CVEID: CVE-2018-12127
DESCRIPTION: Intel Microprocessor could allow a local authenticated attacker to
obtain sensitive information, caused by a Microarchitectural Data Sampling
(MDS) vulnerability that fills buffers on some microprocessors utilizing
speculative execution. An attacker could exploit this vulnerability using a
side-channel attack to obtain data that is being processed in the CPU by other
apps. Note: This is called the Zombieload attack.
CVSS Base Score: 6.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
160991 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N)
CVEID: CVE-2018-12126
DESCRIPTION: Intel Microprocessor could allow a local authenticated attacker to
obtain sensitive information, caused by a Microarchitectural Data Sampling
(MDS) vulnerability that stores buffers on some microprocessors utilizing
speculative execution. An attacker could exploit this vulnerability using a
side-channel attack to obtain data that is being processed in the CPU by other
apps. Note: This is called the Zombieload attack.
CVSS Base Score: 6.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
160990 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N)
Affected Products and Versions
Product Affected Version
BladeCenter HS23 7875/1929 tke1
BladeCenter HS23E 8038/8039 ahe1
Flex System x220 2585/7906 kse1
Flex System x222 7916 cce1
Flex System x240 7863/8737/8738/8956 b2e1
Flex System x280, x480, x880 7903 n2e1
Flex System x440 7917 cne1
System x iDataPlex dx360 M4 7912/7913 tde1
System x NeXtScale nx360 M4 5455 fhe1
System x3100 M4 2582 jqe1
System x3250 M4 2583
System x3100 M5 5457 j9e1
System x3250 M5 5458 jue1
System x3300 M4 7382 yae1
System x3500 M4 7383 y5e1
System x3550 M4 7914 d7e1
System x3630 M4 7158 bee1
System x3530 M4 7160
System x3650 M4 7915 vve1
System x3650 M4 HD 5460
System x3650 M4 BD 5466 yoe1
System x3750 M4 8718/8722/8733/8752 koe1
System x3850 x6 3837/3839 a8e1
System x3950 x6 3839
Remediation/Fixes
Firmware fix versions are available on Fix Central: http://www.ibm.com/support/
fixcentral/
Product Fixed Version
BladeCenter HS23 7875/1929 tke166c-2.70
(ibm_fw_uefi_tke166c-2.70_anyos_32-64)
BladeCenter HS23E 8038/8039 ahe166c-3.10
(ibm_fw_uefi_ahe166c-3.10_anyos_32-64)
Flex System x220 2585/7906 kse164c-2.50
(ibm_fw_uefi_kse164c-2.50_anyos_32-64)
Flex System x222 7916 cce166c-2.30
(ibm_fw_uefi_cce166c-2.30_anyos_32-64)
Flex System x240 7863/8737/8738/8956 b2e168c-2.50
(ibm_fw_uefi_b2e168c-2.50_anyos_32-64)
Flex System x280, x480, x880 7903 n2e134d-2.10
(ibm_fw_uefi_n2e134d-2.10_anyos_32-64)
Flex System x440 7917 cne168c-2.40
(ibm_fw_uefi_cne168c-2.40_anyos_32-64)
System x iDataPlex dx360 M4 7912/7913 tde162c-2.40
(ibm_fw_uefi_tde162c-2.40_anyos_32-64)
System x NeXtScale nx360 M4 5455 fhe126c-2.20
(ibm_fw_uefi_fhe126c-2.20_anyos_32-64)
System x3100 M4 2582 jqe186b-2.10
System x3250 M4 2583
(ibm_fw_uefi_jqe186b-2.10_anyos_32-64)
System x3100 M5 5457 j9e138d-2.00
(ibm_fw_uefi_j9e138d-2.00_anyos_32-64)
System x3250 M5 5458 jue138d-2.00
(ibm_fw_uefi_jue138d-2.00_anyos_32-64)
System x3300 M4 7382 yae162c-2.40
(ibm_fw_uefi_yae162c-2.40_anyos_32-64)
System x3500 M4 7383 y5e164c-2.90
(ibm_fw_uefi_y5e164c-2.90_anyos_32-64)
System x3550 M4 7914 d7e170c-3.00
(ibm_fw_uefi_d7e170c-3.00_anyos_32-64)
System x3630 M4 7158 bee170c-3.30
System x3530 M4 7160
(ibm_fw_uefi_bee170c-3.30_anyos_32-64)
System x3650 M4 7915 vve166c-3.00
System x3650 M4 HD 5460
(ibm_fw_uefi_vve166c-3.00_anyos_32-64)
System x3650 M4 BD 5466 yoe132c-2.50
(ibm_fw_uefi_yoe132c-2.50_anyos_32-64)
System x3750 M4 8718/8722/8733/8752 koe166d-2.50
(ibm_fw_uefi_koe166d-2.50_anyos_32-64)
System x3850 x6 3837/3839 a8e132d-1.90
System x3950 x6 3839
(ibm_fw_uefi_a8e132d-1.90_anyos_32-64)
Workarounds and Mitigations
None
Microarchitectural Data Sampling (MDS) Side Channel Vulnerabilities
Change History
09 July 2019: Original version published
Cross reference information
Product Component Platform Version Edition
System x Blades UEFI Firmware All Versions
PureFlex System & Flex System UEFI Firmware All Versions
- ---
IBM has released Unified Extensible Firmware Interface (UEFI) fixes in response
to OpenSSL vulnerability CVE-2018-5407
Product: Other xSeries
Component: UEFI
Operating system(s): Firmware
Reference #: 0958871
Security Bulletin
Summary
IBM has released the following Unified Extensible Firmware Interface (UEFI)
fixes for System x, Flex and BladeCenter systems in response to OpenSSL
vulnerability CVE-2018-5407.
Vulnerability Details
CVEID: CVE-2018-5407
DESCRIPTION: Multiple SMT/Hyper-Threading architectures and processors could
allow a local attacker to obtain sensitive information, caused by execution
engine sharing on Simultaneous Multithreading (SMT) architecture. By using the
PortSmash new side-channel attack, an attacker could run a malicious process
next to legitimate processes using the architectures parallel thread running
capabilities to leak encrypted data from the CPU''s internal processes. Note:
This vulnerability is known as PortSmash.
CVSS Base Score: 5.1
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
152484 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)
Affected Products and Versions
Product Affected Version
BladeCenter HS23 7875/1929 tke1
BladeCenter HS23E 8038/8039 ahe1
Flex System x220 2585/7906 kse1
Flex System x222 7916 cce1
Flex System x240 7863/8737/8738/8956 b2e1
Flex System x280, x480, x880 7903 n2e1
Flex System x440 7917 cne1
System x iDataPlex dx360 M4 7912/7913 tde1
System x NeXtScale nx360 M4 5455 fhe1
System x3100 M5 5457 j9e1
System x3250 M5 5458 jue1
System x3300 M4 7382 yae1
System x3500 M4 7383 y5e1
System x3550 M4 7914 d7e1
System x3630 M4 7158 bee1
System x3530 M4 7160
System x3650 M4 7915 vve1
System x3650 M4 HD 5460
System x3650 M4 BD 5466 yoe1
System x3750 M4 8718/8722/8733/8752 koe1
System x3850 x6 3837/3839 a8e1
System x3950 x6 3839
Remediation/Fixes
Firmware fix versions are available on Fix Central: http://www.ibm.com/support/
fixcentral/
Product Fixed Version
BladeCenter HS23 7875/1929 tke166c-2.70
(ibm_fw_uefi_tke166c-2.70_anyos_32-64)
BladeCenter HS23E 8038/8039 ahe166c-3.10
(ibm_fw_uefi_ahe166c-3.10_anyos_32-64)
Flex System x220 2585/7906 kse164c-2.50
(ibm_fw_uefi_kse164c-2.50_anyos_32-64)
Flex System x222 7916 cce166c-2.30
(ibm_fw_uefi_cce166c-2.30_anyos_32-64)
Flex System x240 7863/8737/8738/8956 b2e168c-2.50
(ibm_fw_uefi_b2e168c-2.50_anyos_32-64)
Flex System x280, x480, x880 7903 n2e134d-2.10
(ibm_fw_uefi_n2e134d-2.10_anyos_32-64)
Flex System x440 7917 cne168c-2.40
(ibm_fw_uefi_cne168c-2.40_anyos_32-64)
System x iDataPlex dx360 M4 7912/7913 tde162c-2.40
(ibm_fw_uefi_tde162c-2.40_anyos_32-64)
System x NeXtScale nx360 M4 5455 fhe126c-2.20
(ibm_fw_uefi_fhe126c-2.20_anyos_32-64)
System x3100 M5 5457 j9e138d-2.00
(ibm_fw_uefi_j9e138d-2.00_anyos_32-64)
System x3250 M5 5458 jue138d-2.00
(ibm_fw_uefi_jue138d-2.00_anyos_32-64)
System x3300 M4 7382 yae162c-2.40
(ibm_fw_uefi_yae162c-2.40_anyos_32-64)
System x3500 M4 7383 y5e164c-2.90
(ibm_fw_uefi_y5e164c-2.90_anyos_32-64)
System x3550 M4 7914 d7e170c-3.00
(ibm_fw_uefi_d7e170c-3.00_anyos_32-64)
System x3630 M4 7158 bee170c-3.30
System x3530 M4 7160
(ibm_fw_uefi_bee170c-3.30_anyos_32-64)
System x3650 M4 7915 vve166c-3.00
System x3650 M4 HD 5460
(ibm_fw_uefi_vve166c-3.00_anyos_32-64)
System x3650 M4 BD 5466 yoe132c-2.50
(ibm_fw_uefi_yoe132c-2.50_anyos_32-64)
System x3750 M4 8718/8722/8733/8752 koe166d-2.50
(ibm_fw_uefi_koe166d-2.50_anyos_32-64)
System x3850 x6 3837/3839 a8e132d-1.90
System x3950 x6 3839
(ibm_fw_uefi_a8e132d-1.90_anyos_32-64)
Workarounds and Mitigations
None
Change History
10 July 2019: Original version published
Cross reference information
Product Component Platform Version Edition
System x Blades UEFI Firmware All Versions
PureFlex System & Flex System UEFI Firmware All Versions
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBXSgZC2aOgq3Tt24GAQiHkg/+MuLqtmEouD/itSdm67O33LE2Dy+ORPBZ
IMFB8yBRYWgTqowKUSsuZ4yfTEK6Yk98CCW6CVgFWsJruiuShmGJz7wJGx4ylPPW
Qx7Ey7sRs8f3J23VKogcqnPC9EsGra8qRuzLrre+FgABBUtSgiJQGzRGG5EG0SZN
BcStbnYEfL1c5YQLnknlXXpCxNnWHhx2BgjhIs8f0u7lHfsWrsxp662je0uRkaVV
u7FBRfT0G5Eyrv+B0bbQlyPBGbsVDEY8GZ04GGZNi2v3367nDOzOHlDYjOo4fNkA
5FsODwW6dn9EWli900Qg51raJfJOQZU9eKzn/4syxpktqF+T1MyAGjfqEKSOBlNt
RkUx3O6MNQ/6vw8D5NcH+gF3/FLfMUSeRl6/H7F0WEOpfaYFVC8xLUq1GPSClE1K
1JPn4Qo1oc9Ot6udwCv0SWi5qjJxjR9qcnMo7RNpjLlVzJFfYSBAvch/T9kDoxur
cbP0QaikpE+oMgBozagJALLeWmCRRwiChKS2FSTQdjZZ+UuGpi/4rbtdCU+akAqu
AiyN/wE0SY1cQdhrZnClvx7gA8C3gXHed7lxfloRU+1F6ft9su4JAwE1nMgiazgC
zPzFYF3vFWZjUnuGpxHXOWg9EeoHc8s5FC7OmYpJzqUF0r84yGK8C15yghi6PEmW
7JozsjNFtSA=
=003D
-----END PGP SIGNATURE-----