Side-Channel Analysis Method
Fujitsu Limited
November 19, 2021
A team of security researchers revealed new vulnerabilities that take advantage of a CPU acceleration technique called speculative execution. These vulnerabilities utilize a new method of side-channel attacks (JVNVU#93823979 (CVE-2017-5715, CVE-2017-5753, CVE-2017-5754), and its variant (JVNVU#97971879 (CVE-2018-3639, CVE-2018-3640), CVE-2018-3693) ).
Below are the procedures to protect PRIMEHPC Servers. For other Fujitsu products, please see the following pages.
- JVNVU#93823979 (CVE-2017-5715, CVE-2017-5753, CVE-2017-5754)
- JVNVU#97971879 (CVE-2018-3639, CVE-2018-3640)
* speculative execution: a technique to speed up CPU
The speculative execution allows instructions to be executed ahead of a branch, while it is unknown that these instructions need to be executed. The technique is commonly used in many modern CPUs.
Overview
The vulnerability makes it possible to access data (*1) and registers (*2) stored in originally protected memory when a malicious program is executed on the attacked server.
- No possibility of data alteration
- It is not possible for the memory data to be read only by remote access from an external network (Internet, etc.), because it is necessary to execute a malicious program on the target device for an attacker to exploit this vulnerability.
(*1) OS kernel memory, memory of each process and memory of each virtual machine
(*2) CPU internal storage
How to protect PRIMEHPC
The following version of firmware must be applied. (as of November 19, 2021)
| CVE-ID | Vulnerability | Product | Firmware with necessary updates |
|---|---|---|---|
| CVE-2017-5715 | Spectre Variant 2 | PRIMEHPC FX700 | HCP2000 or later |
| PRIMEHPC FX1000 | HCP1064 or later | ||
| CVE-2017-5753 | Spectre Variant 1 | PRIMEHPC FX700 PRIMEHPC FX1000 |
Firmware update is not needed |
| CVE-2017-5754 | Meltdown | PRIMEHPC FX700 PRIMEHPC FX1000 |
Firmware update is not needed |
| CVE-2018-3639 | Spectre Variant 4 | PRIMEHPC FX700 | HCP2000 or later |
| PRIMEHPC FX1000 | HCP1064 or later | ||
| CVE-2018-3640 | Spectre Variant 3a | PRIMEHPC FX700 PRIMEHPC FX1000 |
Firmware update is not needed |
| CVE-2018-3693 | Spectre Variant 1.1 | PRIMEHPC FX700 PRIMEHPC FX1000 |
Firmware update is not needed |
- How to update PRIMEHPC FX700 HCP firmware
Download the HCP firmware from (*3). For details on the firmware update, see the manual (*4)
(*3) https://www.fujitsu.com/supercomputer/documents/
(*4) FUJITSU Supercomputer PRIMEHPC FX700 Upgrade & Maintenance Manua - How to update PRIMEHPC FX1000 HCP firmware
Please contact our technical support or sales representative.
Contact
For further information, please contact your authorized service provider.
