Side-Channel Analysis Method (Spectre & Meltdown) Security Review

Side-Channel Analysis Method

(Spectre & Meltdown) Security Review

Fujitsu Communication

Latest Update: 25.06.2018

Reference: Intel security vulnerabilities(CVE 2017- 5715, CVE 2017- 5753, CVE 2017- 5754, SA-00088)

Malicious code utilizing a new method of side-channel analysis and running locally on a normally operating platform has the potential to allow the inference of data values from memory. This issue takes advantage of techniques commonly used in many modern processor architectures.

Impact:

Elevation of Privilege / Information Disclosure

The exploits do not have the potential to corrupt, modify or delete data.

Affected Fujitsu products:

A number of Fujitsu products are affected by these vulnerabilities. Fujitsu is working to distribute patches for all affected products that are currently supported. Older systems that are no longer supported will not be patched.

An overview of the affected Client Computing Devices can be found here:

Intel has notified that the microcode updates they have provided with OEMs have a problem which might cause reboot issues and unpredictable system behaviour.

https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00088&languageid=en-fr

Fujitsu is working with Intel on new BIOS. We will issue the updated BIOS as soon as possible once Intel reissues microcode updates.

LIFEBOOK
Model Name
Updated
BIOS Version
BIOS Release Date
OS update necessity
LIFEBOOK A532/AH532
TBD
TBD
Yes
LIFEBOOK AH544
TBD
TBD
Yes
LIFEBOOK AH552
TBD
TBD
Yes
LIFEBOOK AH555
TBD
TBD
Yes
LIFEBOOK AH556
V1.25
already available
Yes
LIFEBOOK AH557
V1.16
already available
Yes
LIFEBOOK CH702
V1.06
already available
Yes
LIFEBOOK E458/E448
V1.10
already available
Yes
LIFEBOOK E554/E544
V1.12
already available
Yes
LIFEBOOK E556/E546(Non-Vpro)
V1.30
already available
Yes
LIFEBOOK E556/E546(Vpro)
V1.21
already available
Yes
LIFEBOOK E557/E547(Non-Vpro)
V1.11
already available
Yes
LIFEBOOK E557/E547(Vpro)
V1.15
already available
Yes
LIFEBOOK E558/E548
V1.09
already available
Yes
LIFEBOOK E733/E743/E753
V1.12
already available
Yes
LIFEBOOK E734/E744/E754(Non-Vpro)
V1.24
already available
Yes
LIFEBOOK E734/E744/E754(Vpro)
V1.33
already available
Yes
LIFEBOOK E736/E746/E756(Non-Vpro)
V1.32
already available
Yes
LIFEBOOK E736/E746/E756(Vpro)
V1.24
already available
Yes
LIFEBOOK E743
V1.12
already available
Yes
LIFEBOOK E752 Win 8 (Vpro)
V2.17
already available
Yes
LIFEBOOK E752  Win 8 ( Non-Vpro )
V2.14
already available
Yes
LIFEBOOK E752 Win 7 ( Vpro )
V1.19
already available
Yes
LIFEBOOK E752 Win 7 ( Non-Vpro )
V1.17
already available
Yes
LIFEBOOK E753  ( Vpro )
V1.12
already available
YES
LIFEBOOK LH532
TBD
TBD
Yes
LIFEBOOK LH532
Discrete Graphics model
TBD
TBD
Yes
LIFEBOOK LH772 ( Win 8 )
V2.06
already available
Yes
LIFEBOOK LH772  ( Win 7 )
V1.08
already available
Yes
LIFEBOOK P702/PH702 Win8 NON-Vpro )
V2.11
already available
Yes
LIFEBOOK P702 / PH702 Win8 ( Vpro )
V2.14
already available
Yes
LIFEBOOK P702/PH702 Win7 NON-Vpro )
V1.19
already available
Yes
LIFEBOOK P702 / PH702 Win 7( Vpro )
V1.15
already available
Yes
LIFEBOOK P727
V1.14
already available
Yes
LIFEBOOK P728
V1.07
already available
Yes
LIFEBOOK P772  ( Vpro)
V1.15
already available
Yes
LIFEBOOK S762/S792(Non-Vpro)
V1.14
already available
Yes
LIFEBOOK S762/S792(Vpro)
V1.15
already available
Yes
LIFEBOOK S762/S792(Non-Vpro) Win8
V2.13
already available
Yes
LIFEBOOK S762/S792(Vpro) Win8
V2.15
already available
Yes
LIFEBOOK S762/S792/SH762/SH792
Discrete Graphics model
V2.13
already available
Yes
LIFEBOOK S762/S792/SH762/SH792
Discrete Graphics model Win8
V1.11
already available
Yes
LIFEBOOK S782/S752
V2.17
already available
Yes
LIFEBOOK S904
V1.26
already available
Yes
LIFEBOOK S935
V1.18
already available
Yes
LIFEBOOK S936
V1.20
already available
Yes
LIFEBOOK S937
V1.09
already available
Yes
LIFEBOOK S938
V1.08
already available
Yes
LIFEBOOK SH572/SH772
V1.12
already available
Yes
LIFEBOOK SH782
v1.12
already available
Yes
LIFEBOOK T725
V1.20
already available
Yes
LIFEBOOK T726
V1.17
already available
Yes
LIFEBOOK T732
V1.12
already available
Yes
LIFEBOOK T734(Non-Vpro)
V1.13
already available
Yes
LIFEBOOK T734(Vpro)
V1.15
already available
Yes
LIFEBOOK T902
V2.14
already available
Yes
LIFEBOOK T904
V1.18
already available
Yes
LIFEBOOK T935
V1.20
already available
Yes
LIFEBOOK T936
V1.17
already available
Yes
LIFEBOOK T937
V1.15
already available
Yes
LIFEBOOK T938
V1.05
already available
Yes
LIFEBOOK U536
V1.18
already available
Yes
LIFEBOOK U537
V1.13
already available
Yes
LIFEBOOK U727/U747/U757
V1.21
already available
Yes
LIFEBOOK U727/U747/U757(6th gen.)
V1.08
already available
Yes
LIFEBOOK U728/U748/U758
V1.09
already available
Yes
LIFEBOOK U745
V.1.22
already available
Yes
LIFEBOOK U772  Win7 (Vpro)
V1.12
already available
Yes
LIFEBOOK U772  Win7 (Non-Vpro)
V1.13
already available
Yes
LIFEBOOK U772  Win8 (Vpro)
V2.13
already available
Yes
LIFEBOOK U772  Win 8 (Non-Vpro)
V2.10
already available
Yes
LIFEBOOK U937
V1.12
already available
Yes
LIFEBOOK U938
V1.10
already available
Yes
LIFEBOOK UH554/UH574
V1.32
already available
Yes
LIFEBOOK UH572
V1.10
already available
Yes
LIFEBOOK UH572 Win8
V2.19
already available
Yes
STYLISTIC
Model Name
Updated
BIOS Version
BIOS Release Date
OS update necessity
STYLISTIC Q335
V1.12
already available
Yes
STYLISTIC Q506
V2.34
already available
Yes
STYLISTIC Q507
V2.16
already available
Yes
STYLISTIC Q555
V2.23
already available
Yes
STYLISTIC Q584
V1.33
already available
Yes
STYLISTIC Q616
V1.14
already available
Yes
STYLISTIC Q665
V1.16
already available
Yes
STYLISTIC Q702 ( VPro )
V2.23
already available
Yes
STYLISTIC Q702 ( Non- Vpro )
V2.21
already available
Yes
STYLISTIC Q704 ( Non-Vpro)
V1.34
already available
Yes
STYLISTIC Q704 ( Vpro)
V1.39
already available
Yes
STYLISTIC Q736
V1.17
already available
Yes
STYLISTIC Q737
V1.13
already available
Yes
STYLISTIC Q775
V1.21
already available
Yes
STYLISTIC R726 ( Non-Vpro)
V1.20
already available
Yes
STYLISTIC R726 ( Vpro)
V1.20
already available
Yes
CELSIUS (Mobile)
Model Name
Updated
BIOS Version
BIOS Release Date
OS update necessity
CELSIUS H730
V1.19
already available
Yes
CELSIUS H760
V1.25
already available
Yes
CELSIUS H770
V1.12
already available
Yes
CELSIUS H970
V1.13
already available
Yes

*1: Dates are subject to change
*2: Please apply mentioned version or newer version.

CELSIUS (WorkStation)Please refer to the following site.
http://support.ts.fujitsu.com/content/SideChannelAnalysisMethod.asp
ESPRIMO (Desktop)
FUTRO (Thin-Client)

CVE Reference:

Side-Channel Analysis Method

CVE NumberName
CVE 2017- 5715Spectre, (branch target injection), mitigated by microcode update
CVE 2017- 5753Spectre, (bounds check bypass), mitigated by OS level fix
CVE 2017- 5754Meltdown, (rogue data cache load), mitigated by OS level fix

Technical Details:
Technical details of the exploits are documented online:

Mitigation:

Fujitsu strongly advises all customers to update affected products. Updates are provided through an updated version of the BIOS and the necessary patches for the dedicated operating system.

Update via BIOS:

Step 1:
Determine whether you have an affected system.
Refer to the list of affected Fujitsu systems. This list is updated regularly.
Before proceeding, please check the expected availability of the relevant BIOS update package.

Step 2:
Download and install the BIOS update package.
To install and download the BIOS update package, please go to the Fujitsu support page and follow these steps:

1. Select “Product Type”.
2. Select “Series”.
3. Select “Model”.
4. Select “OS”.
5. Download the latest BIOS update package from the “BIOS” section and install it.

Selected links for operating system patches:

Note:

This is a non-binding communication that is not intended to create, and shall not be construed as creating, a legal obligation or commitment of Fujitsu or its suppliers. All details of this communication have been prepared with care, based on the information available to Fujitsu at the time of publication. However, all details of this communication are subject to error or change, depending on further findings. Websites of other companies referred to in this communication are the sole responsibility of such other companies. Fujitsu assumes no liability with respect to the information provided on such websites. Designations may be trademarks and/or copyrights of Fujitsu or the respective companies, the use of which by third parties for their own purposes may infringe the rights of such owners.