This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy (update in May 2018) >

Security Advisory - Side-Channel Vulnerability Variants 3a and 4

  • SA No:huawei-sa-20180615-01-cpu
  • Initial Release Date: Jun 15, 2018
  • Last Release Date: Aug 16, 2018

Intel publicly disclosed new variants of the side-channel central processing unit (CPU) hardware vulnerabilities known as Spectre and Meltdown. These variants known as 3A (CVE-2018-3640)and 4 (CVE-2018-3639), local attackers may exploit these vulnerabilities to cause information leak on the affected system. (Vulnerability ID: HWPSIRT-2018-05139 and HWPSIRT-2018-05140)

Huawei has released software updates to fix these vulnerabilities in the following products. 

This advisory will be updated as additional information becomes available, Please stay tuned. This advisory is available at the following link: http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180615-01-cpu-en.

Product Name

Affected Version

Resolved Product and Version

1288H V5/ 2288H V5

Versions earlier than V100R005C00SPC117 (BIOS V081)

V100R005C00SPC117 (BIOS V081)

2488 V5

Versions earlier than V100R005C00SPC500 (BIOS V095)

V100R005C00SPC500 (BIOS V095)

2488H V5

Versions earlier than V100R005C00SPC203 (BIOS V095)

V100R005C00SPC203 (BIOS V095)

5288 V3/ RH1288 V3/ RH2288 V3/ RH2288H V3/ XH310 V3/ XH321 V3/ XH620 V3/ XH622 V3/ XH628 V3

Versions earlier than V100R003C00SPC706 (BIOS V399)

V100R003C00SPC706 (BIOS V399)

5288 V5
Versions earlier than 
V100R005C00SPC101 (BIOS V081)
V100R005C00SPC101 (BIOS V081)

AR3600

V200R006C10

V200R009C00SPC500

BH622 V2

Versions earlier than V100R002C00SPC308 (BIOS V519)

V100R002C00SPC308 (BIOS V519)

BH640 V2

Versions earlier than V100R002C00SPC306 (BIOS V519)

V100R002C00SPC306 (BIOS V519)

CH121 V3/ CH220 V3/ CH222 V3

Versions earlier than V100R001C00SPC261 (BIOS V399)

V100R001C00SPC261 (BIOS V399)

CH121 V5/ CH121L V5

Versions earlier than V100R001C00SPC131 (BIOS V081)

V100R001C00SPC131 (BIOS V081)

CH121H V3

Versions earlier than V100R001C00SPC121 (BIOS V399)

V100R001C00SPC121 (BIOS V399)

CH121L V3/ CH140L V3/ CH225 V3

Versions earlier than V100R001C00SPC161 (BIOS V399)

V100R001C00SPC161 (BIOS V399)

CH140 V3/ CH226 V3

Versions earlier than V100R001C00SPC181 (BIOS V399)

V100R001C00SPC181 (BIOS V399)

CH242 V3

Versions earlier than V100R001C00SPC331 (BIOS V358)

V100R001C00SPC331 (BIOS V358)

CH242 V3 DDR4

Versions earlier than V100R001C00SPC331 (BIOS V817)

V100R001C00SPC331 (BIOS V817)

CH242 V5

Versions earlier than V100R001C00SPC121 (BIOS V095)

V100R001C00SPC121 (BIOS V095)

FusionCompute

V100R006C00

6.3.RC1

V100R006C10

V100R006C10U10

Honor MagicBook (VLT-W50/ VLT-W60)

Versions earlier than BIOS 1.12

BIOS 1.12

HUAWEI MateBook (HZ-W09/ HZ-W19/ HZ-W29)

Versions earlier than BIOS 1.52

BIOS 1.52

HUAWEI MateBook B200/ MateBook D (PL-W09/ PL-W19/ PL-W29)

Versions earlier than BIOS 1.21

BIOS 1.21

HUAWEI MateBook D (MRC-W10/ MRC-W50/ MRC-W60)

Versions earlier than BIOS 1.19

BIOS 1.19

HUAWEI MateBook X Pro (MACH-W19/ MACH-W29)

Versions earlier than BIOS 1.12

BIOS 1.12

ManageOne

3.0.5

6.3.0

3.0.7

3.0.8

3.0.9

RH1288 V2

Versions earlier than V100R002C00SPC615 (BIOS V519)

V100R002C00SPC615 (BIOS V519)

RH1288A V2

Versions earlier than V100R002C00SPC708 (BIOS V519)

V100R002C00SPC708 (BIOS V519)

RH2265 V2/ RH2285 V2/ RH2285H V2

Versions earlier than V100R002C00SPC510 (BIOS V519)

V100R002C00SPC510 (BIOS V519)

RH2288 V2/ RH2268 V2

Versions earlier than V100R002C00SPC609 (BIOS V519)

V100R002C00SPC609 (BIOS V519)

RH2288A V2

Versions earlier than V100R002C00SPC708 (BIOS V519)

V100R002C00SPC708 (BIOS V519)

RH2288E V2

Versions earlier than V100R002C00SPC302 (BIOS V519)

V100R002C00SPC302 (BIOS V519)

RH2288H V2

Versions earlier than V100R002C00SPC619 (BIOS V519)

V100R002C00SPC619 (BIOS V519)

RH2485 V2

Versions earlier than V100R002C00SPC712 (BIOS V519)

V100R002C00SPC712 (BIOS V519)

RH5885 V2 4S

Versions earlier than V100R001C02SPC306 (BIOS V038)

V100R001C02SPC306 (BIOS V038)

RH5885 V2 8S

Versions earlier than V100R001C02SPC306 (BIOS V062)

V100R001C02SPC306 (BIOS V062)

RH5885 V3 (E7V2)

Versions earlier than V100R003C01SPC127 (BIOS V358)

V100R003C01SPC127 (BIOS V358)

RH5885 V3 (E7V3&E7V4)

Versions earlier than V100R003C10SPC121 (BIOS V817)

V100R003C10SPC121 (BIOS V817)

RH5885H V3 (E7V2)

Versions earlier than V100R003C00SPC218 (BIOS V358)

V100R003C00SPC218 (BIOS V358)

RH5885H V3 (E7V3)

Versions earlier than V100R003C00SPC218 (BIOS V660)

V100R003C00SPC218 (BIOS V660)

RH5885H V3 (E7V4)

Versions earlier than V100R003C10SPC120 (BIOS V817)

V100R003C10SPC120 (BIOS V817)

RH8100 V3 (E7V2&E7V3)

Versions earlier than V100R003C00SPC229 (BIOS V698)

V100R003C00SPC229 (BIOS V698)

RH8100 V3 (E7V4)

Versions earlier than V100R003C00SPC229 (BIOS V817)

V100R003C00SPC229 (BIOS V817)

SMC2.0

V100R003C10

Upgrade to V600R006C10SPC700

V500R002C00

Local attackers may exploit these vulnerabilities to cause information leak on the affected system.

The vulnerability classification has been performed by using the CVSSv3 scoring system (http://www.first.org/cvss/specification-document).

Base Score: 4.3 (AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N)

Temporal Score: 4.0 (E:F/RL:O/RC:C)


This vulnerability can be exploited only when the following conditions are present:

An attacker must be able to run crafted or script code on an affected device.

Vulnerability details:

In some circumstances, a local attacker could exploit these vulnerabilities to read memory information belonging to other processes or other operating system kernel.


Customers should contact Huawei TAC (Huawei Technical Assistance Center) to request the upgrades. For TAC contact information, please refer to Huawei worldwide website at http://www.huawei.com/en/psirt/report-vulnerabilities.

These vulnerabilities were publicly disclosed.

2018-08-16 V1.8 UPDATED Updated the affected version and fix version information
2018-08-07 V1.7 UPDATED Updated the affected version and fix version information
2018-07-20 V1.6 UPDATED Updated the affected version and fix version information
2018-07-17 V1.5 UPDATED Updated the affected version and fix version information
2018-07-05 V1.4 UPDATED Updated the affected version and fix version information
2018-07-04 V1.3 UPDATED Updated the affected version and fix version information
2018-07-03 V1.2 UPDATED Updated the affected version and fix version information
2018-06-26 V1.1 UPDATED Updated the affected version and fix version information
2018-06-15 V1.0 INITIAL

Huawei adheres to protecting the ultimate interests of users with best efforts and the principle of responsible disclosure and deal with product security issues through our response mechanism.

To enjoy Huawei PSIRT services and obtain Huawei product vulnerability information, please visit http://www.huawei.com/en/psirt.

To report a security vulnerability in Huawei products and solutions, please send it to PSIRT@huawei.com. For details, please visit http://www.huawei.com/en/psirt/report-vulnerabilities.

This document is provided on an "AS IS" basis and does not imply any kind of guarantee or warranty, either express or implied, including the warranties of merchantability or fitness for a particular purpose. In no event shall Huawei or any of its directly or indirectly controlled subsidiaries or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages. Your use of the document, by whatsoever means, will be totally at your own risk. Huawei is entitled to amend or update this document from time to time.