CPU hardware vulnerable to side-channel attacks(CVE-2018-3639, CVE-2018-3640)

Rev. 1.0
August 3, 2018
Fujitsu Limited

The vulnerability Variant 3a and Variant 4 is a derivative of side channel methods previously disclosed in January. Like the other variants, Variant 3a and Variant 4 uses speculative execution, a feature common to most modern processor architectures, to potentially expose certain kinds of data through a side channel.

Below are the procedures to protect ETERNUS Storage. For other Fujitsu products, please see CPU hardware vulnerable to side-channel attacks(CVE-2018-3639, CVE-2018-3640).

Impact on ETERNUS Storage

The ETERNUS Storage shown below are not affected by these security issue.

Product		Status	Necessary updates
All-Flash Array	ETERNUS AF series	Not affected	Firmware update is not needed
Hybrid Storage Systems	ETERNUS DX series	Not affected	Firmware update is not needed
Hyperscale Storage Systems	ETERNUS CD10000	Not affected	Firmware update is not needed
Tape systems	ETERNUS LT series	Not affected	Firmware update is not needed
Data Protection Appliance	ETERNUS CS800	Not affected	Firmware update is not needed
Data Protection Appliance	ETERNUS CS8000	Not affected	Firmware update is not needed
Switches	ETERNUS SN200 series	Not affected	Firmware update is not needed
Switches	Brocade series	Not affected	Firmware update is not needed

Details

For more details, please see the following links.

US-CERT:VU#180049: CPU hardware utilizing speculative execution may be vulnerable to cache side-channel attacks
CVE: CVE-2018-3639
CVE: CVE-2018-3640
Q2 2018 Speculative Execution Side Channel Update(Intel Corporation)
ADV180012 | Microsoft Guidance for Speculative Store Bypass(Microsoft Corporation)
ADV180013 | Microsoft Guidance for Rogue System Register Read(Microsoft Corporation)
Analysis and mitigation of speculative store bypass (CVE-2018-3639)(Microsoft Corporation)

Contact

For further information, please contact your authorized service provider.