Meltdown and Spectre are critical vulnerabilities existing in several modern CPU: these hardware bugs allow programs to steal data which is currently processed on the computer. Meltdown and Spectre can affect personal computers, mobile devices, server and several cloud services.
Actually, the only way to minimize those security risks is to apply different type of patches at different levels, including operating systems, the hypervisor , the hardware level, …
Dell has released some bulletins about its products and if and how they are affected.
Client
Of course, the entire client family (laptop and desktop) has those issues and can be patched with new BIOS (if available) and at the operating system level. Not all Dell’s laptop and desktop have already a BIOS update, becase some has been retired, and others are not yet available.
For all the thin clients (from the Wyse acquisition) actually there aren’t yet BIOS or new OS version, so you have to wait… but considering the nature of a thin client maybe the risk is minimal.
Server
The servers (and Dell storage) line status for the updates and patches are all document in the enterprise products.
The new PowerEdge 14G series (the first with the brand Dell-EMC) there was already a new BIOS versions, but note that 1.2.71 version has been retired. The new AMD servers have also specific patches.
| Generation | Models | BIOS version |
| 14G | R740, R740XD, R640 | 1.2.71 |
| R540, R440, T440 | 1.2.71 | |
| T640 | 1.2.71 | |
| C6420 | 1.2.71 | |
| FC640, M640, M640P | 1.2.71 | |
| C4140 | 1.0.2 | |
| R940 | 1.2.81 | |
| R6415, R7415, R7425 | 1.0.9 |
For the 13G series the new BIOS has been released on January 12th, but note that in some cases there where the same BIOS version (like for the 2.7.0) released some days ago and then retired and then replaced by a new one with the SAME version (and also SAME size). On early February those BIOS are simply not available.
| Generation | Models | BIOS version |
| 13G | R830 | 1.7.0 *** |
| T130, R230, T330, R330 | 2.4.1 | |
| R930 | 2.5.0 *** | |
| R730, R730XD, R630 | 2.7.0 *** | |
| C4130 | 2.7.0 *** | |
| M630, M630P, FC630 | 2.7.0 *** | |
| FC430 | 2.7.0 *** | |
| M830, M830P, FC830 | 2.7.0 *** | |
| T630 | 2.7.0 *** | |
| R530, R430, T430 | 2.7.0 *** | |
| C6320, XC6320 | 2.7.0 *** | |
| T30 | 1.0.12 |
*** Intel has communicated a potential issue with the microcode included in these BIOS updates for Intel Xeon Haswell and Broadwell processors listed below. This issue is currently under investigation by Intel and we will provide further updates as available (for VMware this is related to the KB 52345). See Intel’s statement for more details.
- Intel® Xeon® Processor E3-1200 v4 Product Family
- Intel® Xeon® Processor E5v4 Product Family
- Intel® Xeon® Processor E7v3 Product Family
- Intel® Xeon® Processor E5v3 Product Family
- Intel® Xeon® Processor E3-1200 v3 Product Family
For the 12G series, the new BIOS are expected on February 2018 (actually they are still missing). For the 11G there is no information available yet. The previous generations are simply not supported anymore.
On Feb, 11th 2018 the new BIOS version are not available or have been retired… Intel will be providing new microcode updates to Dell and we will be releasing BIOS updates as they are available… but still no news.
Then you have to patch your hypervisor (for VMware see this post) and your operating systems (for Microsoft see this post).
|
Component
|
Assessment
|
|
iDRAC: 14G, 13G, 12G, 11G
|
Not impacted.
iDRAC is a closed system that does not allow external 3rd party code to be executed. |
|
Chassis Management Controller (CMC): 14G, 13G, 12G, 11G
|
Not impacted.
CMC is a closed system that does not allow external 3rd party code to be executed. |
Storage
For Dell storage family, Dell just notifies that those products do not require (yet) any patches or fixes for those vulnerabilities:
- EqualLogic PS Series is not affected, because the CPU used in this product does not implement speculative execution, therefore the vulnerabilities do not apply to this hardware.
- Dell EMC SC Series (Compellent) is affected (bacause based on Xeon CPU), but Dell guaratee that the access to the platform OS to load external code is restricted; for this reason malicious code cannot be run.
- Dell Storage FluidFS Series (includes: FS8600, FS7600, FS7610, FS7500, NX3600, NX3610, NX3500)
- Dell Storage MD3 Series
- Dell Storage Windows NAS Appliances (NX3330, NX3230, NX430)
- Dell PowerVault Tape Drives & Libraries
- Dell Storage Manager Virtual Appliance (DSM VA – Compellent)
- Dell Storage Integration tools for VMWare (Compellent)
- Dell EqualLogic Virtual Storage Manager (VSM – EqualLogic)
For other Dell-EMC storage, there is a specific KB article: https://support.emc.com/kb/516117
For all the storage maybe it’s still to early to know if the storage need to be patched.
Related Posts
Andrea Mauro
Virtualization, Cloud and Storage Architect. Tech Field delegate. VMUG IT Co-Founder and board member. VMware VMTN Moderator and vExpert 2010-24. Dell TechCenter Rockstar 2014-15. Microsoft MVP 2014-16. Veeam Vanguard 2015-23. Nutanix NTC 2014-20. Several certifications including: VCDX-DCV, VCP-DCV/DT/Cloud, VCAP-DCA/DCD/CIA/CID/DTA/DTD, MCSA, MCSE, MCITP, CCA, NPP.
