This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy

Security Advisory - Side-Channel Vulnerability Variants 3a and 4

  • SA No:huawei-sa-20180615-01-cpu
  • Initial Release Date: Jun 15, 2018
  • Last Release Date: Jul 30, 2020

Intel publicly disclosed new variants of the side-channel central processing unit (CPU) hardware vulnerabilities known as Spectre and Meltdown. These variants known as 3A (CVE-2018-3640)and 4 (CVE-2018-3639), local attackers may exploit these vulnerabilities to cause information leak on the affected system. (Vulnerability ID: HWPSIRT-2018-05139 and HWPSIRT-2018-05140)

Huawei has released software updates to fix these vulnerabilities in the following products. 

This advisory will be updated as additional information becomes available, Please stay tuned. This advisory is available at the following link: http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180615-01-cpu-en.

Product Name

Affected Version

Resolved Product and Version

1288H V5

Versions earlier than V100R005C00SPC117 (BIOS V081)

V100R005C00SPC117 (BIOS V081)

2288H V5

Versions earlier than V100R005C00SPC117 (BIOS V081)

V100R005C00SPC117 (BIOS V081)

2488 V5

Versions earlier than V100R005C00SPC500 (BIOS V095)

V100R005C00SPC500 (BIOS V095)

2488H V5

Versions earlier than V100R005C00SPC203 (BIOS V095)

V100R005C00SPC203 (BIOS V095)

5288 V3

Versions earlier than V100R003C00SPC706 (BIOS V399)

V100R003C00SPC706 (BIOS V399)

AR3600

V200R006C10

AR3200 V200R009C00SPC500

BH622 V2

V100R002C00

V100R002C00SPC308

Versions earlier than V100R002C00SPC308 (BIOS V519)

V100R002C00SPC308 (BIOS V519)

BH640 V2

V100R002C00

V100R002C00SPC306

Versions earlier than V100R002C00SPC306 (BIOS V519)

V100R002C00SPC306 (BIOS V519)

CH121

V100R001C00SPC305

CH221 V100R001C00SPC310

CH121 V3

Versions earlier than V100R001C00SPC261 (BIOS V399)

V100R001C00SPC261 (BIOS V399)

CH121 V5

Versions earlier than V100R001C00SPC131 (BIOS V081)

V100R001C00SPC131 (BIOS V081)

CH121H V3

Versions earlier than V100R001C00SPC121 (BIOS V399)

V100R001C00SPC121 (BIOS V399)

CH121L V3

Versions earlier than V100R001C00SPC161 (BIOS V399)

V100R001C00SPC161 (BIOS V399)

CH121L V5

Versions earlier than V100R001C00SPC131 (BIOS V081)

V100R001C00SPC131 (BIOS V081)

CH140

V100R001C00

V100R001C00SPC350

CH140 V3

Versions earlier than V100R001C00SPC181 (BIOS V399)

V100R001C00SPC181 (BIOS V399)

CH140L V3

Versions earlier than V100R001C00SPC161 (BIOS V399)

V100R001C00SPC161 (BIOS V399)

CH220

V100R001C00

V100R001C00SPC310

CH220 V3

Versions earlier than V100R001C00SPC261 (BIOS V399)

V100R001C00SPC261 (BIOS V399)

CH221

V100R001C00

V100R001C00SPC306

CH222

V100R002C00SPC305

V100R002C00SPC310

CH222 V3

Versions earlier than V100R001C00SPC261 (BIOS V399)

V100R001C00SPC261 (BIOS V399)

CH225 V3

Versions earlier than V100R001C00SPC161 (BIOS V399)

V100R001C00SPC161 (BIOS V399)

CH226 V3

Versions earlier than V100R001C00SPC181 (BIOS V399)

V100R001C00SPC181 (BIOS V399)

CH240

V100R001C00

V100R001C00SPC310

CH242

V100R001C00

V100R001C00SPC292

CH242 V3

V100R001C00

V100R001C00SPC331

Versions earlier than V100R001C00SPC331 (BIOS V358)

V100R001C00SPC331 (BIOS V358)

CH242 V3 DDR4

Versions earlier than V100R001C00SPC331 (BIOS V817)

V100R001C00SPC331 (BIOS V817)

CH242 V5

Versions earlier than V100R001C00SPC121 (BIOS V095)

V100R001C00SPC121 (BIOS V095)

FusionCompute

V100R006C00

6.3.RC1

V100R006C10

FusionCube

V100R002C02

FusionCube Tool V100R002C02SPC310

V100R002C30

V100R002C70

FusionSphere OpenStack

V100R005C00

V100R006C30

V100R005C10SPC700

V100R005C10SPC701

V100R006C00

V100R006C10

V1R6C00RC1SPC1B060

HUAWEI MateBook (HZ-W09/ HZ-W19/ HZ-W29)

Versions earlier than BIOS 1.52

1.52

HUAWEI MateBook B200/ MateBook D (PL-W09/ PL-W19/ PL-W29)

Versions earlier than BIOS 1.21

1.21

HUAWEI MateBook D (MRC-W10/ MRC-W50/ MRC-W60)

Versions earlier than BIOS 1.19

1.19

HUAWEI MateBook X Pro (MACH-W19/ MACH-W29)

Versions earlier than BIOS 1.12

1.12

Honor MagicBook (VLT-W50/ VLT-W60)

Versions earlier than BIOS 1.12

1.12

ManageOne

3.0.5

6.3.0

3.0.7

3.0.8

3.0.9

OceanStor 18500

V100R001C30SPC300

RH1288 V3 V100R003C00SPC706

OceanStor 18500 V3

V300R003C00

RH1288 V3 V100R003C00SPC706

V300R006C10SPC100

OceanStor 18500F V3

V300R006C10SPC100

RH1288 V3 V100R003C00SPC706

OceanStor 18800

V100R001C30SPC300

RH1288 V3 V100R003C00SPC706

OceanStor 18800 V3

V300R006C10SPC100

RH1288 V3 V100R003C00SPC706

OceanStor 18800F

V100R001C30SPC300

RH1288 V3 V100R003C00SPC706

OceanStor 18800F V3

V300R006C10SPC100

RH1288 V3 V100R003C00SPC706

OceanStor 5300 V3

V300R006C10SPC100

RH1288 V3 V100R003C00SPC706

OceanStor 5500 V3

V300R006C10SPC100

RH1288 V3 V100R003C00SPC706

OceanStor 5600 V3

V300R006C10SPC100

RH1288 V3 V100R003C00SPC706

OceanStor 5800 V3

V300R006C10SPC100

RH1288 V3 V100R003C00SPC706

OceanStor 6800 V3

V300R006C10SPC100

RH1288 V3 V100R003C00SPC706

OceanStor HVS85T

V100R001C00

RH1288 V3 V100R003C00SPC706

OceanStor HVS88T

V100R001C00

RH1288 V3 V100R003C00SPC706

OceanStor ReplicationDirector

V200R001C00

OceanStor BCManager V200R001C00SPC251

RH1288 V2

V100R002C00

V100R002C00SPC615

Versions earlier than V100R002C00SPC615 (BIOS V519)

V100R002C00SPC615 (BIOS V519)

RH1288 V3

Versions earlier than V100R003C00SPC706 (BIOS V399)

V100R003C00SPC706 (BIOS V399)

RH1288A V2

V100R002C00

V100R002C00SPC708

Versions earlier than V100R002C00SPC708 (BIOS V519)

V100R002C00SPC708 (BIOS V519)

RH2265 V2

V100R002C00

RH2285 V2 V100R002C00SPC510

Versions earlier than V100R002C00SPC510 (BIOS V519)

V100R002C00SPC510 (BIOS V519)

RH2268 V2

V100R002C00

RH2288 V2 V100R002C00SPC609

Versions earlier than V100R002C00SPC609 (BIOS V519)

V100R002C00SPC609 (BIOS V519)

RH2285 V2

V100R002C00

V100R002C00SPC510

Versions earlier than V100R002C00SPC510 (BIOS V519)

V100R002C00SPC510 (BIOS V519)

RH2285H V2

V100R002C00

V100R002C00SPC510

Versions earlier than V100R002C00SPC510 (BIOS V519)

V100R002C00SPC510 (BIOS V519)

RH2288 V2

V100R002C00

V100R002C00SPC609

Versions earlier than V100R002C00SPC609 (BIOS V519)

V100R002C00SPC609 (BIOS V519)

RH2288 V3

Versions earlier than V100R003C00SPC706 (BIOS V399)

V100R003C00SPC706 (BIOS V399)

RH2288A V2

V100R002C00

V100R002C00SPC708

Versions earlier than V100R002C00SPC708 (BIOS V519)

V100R002C00SPC708 (BIOS V519)

RH2288E V2

V100R002C00

V100R002C00SPC302

Versions earlier than V100R002C00SPC302 (BIOS V519)

V100R002C00SPC302 (BIOS V519)

RH2288H V2

V100R002C00

V100R002C00SPC619

Versions earlier than V100R002C00SPC619 (BIOS V519)

V100R002C00SPC619 (BIOS V519)

RH2288H V3

Versions earlier than V100R003C00SPC706 (BIOS V399)

V100R003C00SPC706 (BIOS V399)

RH2485 V2

V100R002C00

V100R002C00SPC712

Versions earlier than V100R002C00SPC712 (BIOS V519)

V100R002C00SPC712 (BIOS V519)

RH5885 V2

V100R001C00

V100R001C02SPC306

RH5885 V2 4S

Versions earlier than V100R001C02SPC306 (BIOS V038)

V100R001C02SPC306 (BIOS V038)

RH5885 V2 8S

Versions earlier than V100R001C02SPC306 (BIOS V062)

V100R001C02SPC306 (BIOS V062)

RH5885 V3

V100R003C00

V100R003C01SPC127

RH5885 V3 (E7V2)

Versions earlier than V100R003C01SPC127 (BIOS V358)

V100R003C01SPC127 (BIOS V358)

RH5885 V3 (E7V3&E7V4)

Versions earlier than V100R003C10SPC121 (BIOS V817)

V100R003C10SPC121 (BIOS V817)

RH5885H V3 (E7V2)

Versions earlier than V100R003C00SPC218 (BIOS V358)

V100R003C00SPC218 (BIOS V358)

RH5885H V3 (E7V3)

Versions earlier than V100R003C00SPC218 (BIOS V660)

V100R003C00SPC218 (BIOS V660)

RH5885H V3 (E7V4)

Versions earlier than V100R003C10SPC120 (BIOS V817)

V100R003C10SPC120 (BIOS V817)

RH8100 V3 (E7V2&E7V3)

Versions earlier than V100R003C00SPC229 (BIOS V698)

V100R003C00SPC229 (BIOS V698)

RH8100 V3 (E7V4)

Versions earlier than V100R003C00SPC229 (BIOS V817)

V100R003C00SPC229 (BIOS V817)

RSE6500

V500R002C00

V500R002C00SPCe00

SMC2.0

V100R003C10

V600R006C10SPC700

V500R002C00

TaiShan200 2180K[1]

Versions earlier than TS200-2180K 1.1.0.SPC133(BIOS V135K)

TS200-2180K 1.1.0.SPC133(BIOS V135K)

TaiShan200 2280[1]

Versions earlier than TS200-2280 1.0.0.SPC133(BIOS V135)

TS200-2280 1.0.0.SPC133(BIOS V135)

TaiShan200 2280K[1]

Versions earlier than TS200-2280K 1.1.0.SPC133(BIOS V135K)

TS200-2280K 1.1.0.SPC133(BIOS V135K)

TaiShan200 5280[1]

Versions earlier than TS200-5280 1.2.0.SPC133(BIOS V135)

TS200-5280 1.2.0.SPC133(BIOS V135)

VP9630

V600R006C10

VP9660 V600R019C00

VP9660

V600R006C10

V600R019C00

XH310 V3

Versions earlier than V100R003C00SPC706 (BIOS V399)

V100R003C00SPC706 (BIOS V399)

XH321 V3

Versions earlier than V100R003C00SPC706 (BIOS V399)

V100R003C00SPC706 (BIOS V399)

XH620 V3

Versions earlier than V100R003C00SPC706 (BIOS V399)

V100R003C00SPC706 (BIOS V399)

XH622 V3

Versions earlier than V100R003C00SPC706 (BIOS V399)

V100R003C00SPC706 (BIOS V399)

XH628 V3

Versions earlier than V100R003C00SPC706 (BIOS V399)

V100R003C00SPC706 (BIOS V399)

iManager NetEco

V600R007C00

iManager NetEco 6000-TOOL_Linux_AutoInstall V600R007C00SPC260

V600R007C10

V600R007C11

V600R007C12

V600R007C20

V600R007C40

V600R008C00

V600R008C10

V600R008C20

V600R008C30

iManager NetEco 6000

V600R007C40

iManager NetEco 6000-TOOL_Linux_AutoInstall V600R007C00SPC260

V600R007C60

V600R007C80

V600R007C90

V600R008C00


[1] Affected by CVE-2018-3639,not affected by CVE-2018-3640.



Local attackers may exploit these vulnerabilities to cause information leak on the affected system.

The vulnerability classification has been performed by using the CVSSv3 scoring system (http://www.first.org/cvss/specification-document).

Base Score: 4.3 (AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N)

Temporal Score: 4.0 (E:F/RL:O/RC:C)


This vulnerability can be exploited only when the following conditions are present:

An attacker must be able to run crafted or script code on an affected device.

Vulnerability details:

In some circumstances, a local attacker could exploit these vulnerabilities to read memory information belonging to other processes or other operating system kernel.


Customers should contact Huawei TAC (Huawei Technical Assistance Center) to request the upgrades. For TAC contact information, please refer to Huawei worldwide website at http://www.huawei.com/en/psirt/report-vulnerabilities.

These vulnerabilities were publicly disclosed.

2020-07-30 V2.3 UPDATED Updated the "Software Versions and Fixes" section;
2020-07-22 V2.2 UPDATED Updated the "Software Versions and Fixes" section;

2020-07-22 V2.1 UPDATED Updated the "Software Versions and Fixes" section;

2020-04-08 V2.0 UPDATED Updated the "Software Versions and Fixes" section;

2019-09-10 V1.9 UPDATED Updated the "Software Versions and Fixes" section;

2019-03-05 V1.8 UPDATED Updated the "Software Versions and Fixes" section;

2018-08-08 V1.7 UPDATED Updated the "Software Versions and Fixes" section;

2018-07-20 V1.6 UPDATED Updated the "Software Versions and Fixes" section;

2018-07-17 V1.5 UPDATED Updated the "Software Versions and Fixes" section;

2018-07-05 V1.4 UPDATED Updated the "Software Versions and Fixes" section;

2018-07-04 V1.3 UPDATED Updated the "Software Versions and Fixes" section;

2018-07-04 V1.2 UPDATED Updated the "Software Versions and Fixes" section;

2018-06-26 V1.1 UPDATED Updated the "Software Versions and Fixes" section;

2018-06-15 V1.0 INITIAL

Huawei adheres to protecting the ultimate interests of users with best efforts and the principle of responsible disclosure and deal with product security issues through our response mechanism.

To enjoy Huawei PSIRT services and obtain Huawei product vulnerability information, please visit http://www.huawei.com/en/psirt.

To report a security vulnerability in Huawei products and solutions, please send it to PSIRT@huawei.com. For details, please visit http://www.huawei.com/en/psirt/report-vulnerabilities.

This document is provided on an "AS IS" basis and does not imply any kind of guarantee or warranty, either express or implied, including the warranties of merchantability or fitness for a particular purpose. In no event shall Huawei or any of its directly or indirectly controlled subsidiaries or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages. Your use of the document, by whatsoever means, will be totally at your own risk. Huawei is entitled to amend or update this document from time to time.