Security Notice - Statement on the Media Disclosure of the Security Vulnerabilities in the Intel CPU Architecture Design

Initial Release Date: 2018-01-04
Last Release Date: 2018-08-06

Security Notice

Huawei noticed that media had released information about the security vulnerabilities in the Intel CPU architecture on January 2, 2018. These vulnerabilities allow attackers to obtain kernel memory data through side-channel attacks. On January 3, 2018, Google project Zero disclosed the detailed information of "Meltdown" and "Spectre". Huawei immediately started analysis and investigation and communicated with related CPU and operating system suppliers.

The customers can deploy Huawei NGFWs (Next Generation Firewall) or data center firewalls, and upgrade the IPS signature database to the latest version IPS_H20011000_2018010800 released on January 8, 2018 to detect and defend against this vulnerability exploits initiated from the Internet.

Huawei has delivered Security Advisory (SA) for these vulnerabilities. The link of the SA is: http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180106-01-cpu-en. The investigation is still ongoing. Huawei PSIRT will keep updating the SN, Please stay tuned.

Customers should contact Huawei TAC (Huawei Technical Assistance Center) to get necessary support for product security vulnerabilities. For TAC contact information, please refer to Huawei worldwide website at: http://www.huawei.com/en/psirt/report-vulnerabilities.

Carrier customers can log into Huawei Support website to obtain information about the impact: http://support.huawei.com/carrier/docview!docview?nid=NEWS2100007595&path=PBI1-8132379

Affected Products:

1288H V5	CH220	RH1288 V2
2288H V5	CH220 V3	RH1288 V3
2488 V5	CH221	RH1288A V2
2488H V5	CH222	RH2265 V2
5288 V3	CH222 V3	RH2268 V2
AR100	CH225 V3	RH2285 V2
AR100-S	CH226 V3	RH2285H V2
AR110-S	CH240	RH2288 V2
AR120	CH242 V3	RH2288 V3
AR120-S	DH320 V2	RH2288A V2
AR1220C	DH321 V2	RH2288E V2
AR1500	DH626 V2	RH2288H V2
AR151-S2	DH628 V2	RH2288H V3
AR160 (Exclude AR160F)	eAPP610	RH2485 V2
AR160-S (Exclude AR160F-S)	eSpace 8950	RH5885 V2
AR2204-XGE	eSpace ECS	RH5885 V3
AR3600	eSpace UMS	RH5885H V3
AR500	eSpace USM	RH8100 V3
AR510	EulerOS	RSE6500
AR532	FusionCloud	SMC2.0
AR550C	FusionCompute	SRG1320E
AR550E	FusionCube	SRG550C
BH622 V2	FusionSphere	UC Audio Recorder
BH640 V2	iManager NetEco 6000	VP9630
CH121	Kunlun 9008	VP9660
CH121 V3	Kunlun 9016	XH320 V2
CH121 V5	Kunlun 9032	XH321 V2
CH121H V3	MateBook (HZ-W09/ HZ-W19/ HZ-W29)	XH321 V3
CH121L V3	MateBook B200/ MateBook D (PL-W09/ PL-W19/ PL-W29)	XH620 V3
CH121L V5	MateBook D (MRC-W10/ MRC-W50/ MRC-W60)	XH621 V2
CH140	MateBook E (BL-W09/ BL-W19)	XH622 V3
CH140 V3	MateBook X (WT-W09/ WT-W19)	XH628 V3
CH140L V3	NFVI

Products Confirmed Not Vulnerable:

AC6605	eSpace U1980	OceanStor S5600T
AD9430DN-12-FAT	eSpace U1981	OceanStor S5800T
AD9430DN-24-FAT	FusionAccess	OceanStor S5900
AP2050DN	FusionManager	OceanStor S6800T
AP2050DN-E	iManager U2100	OceanStor S6900
AP2050DN-S	IPC6112-D	OceanStor SNS2120
AP4030TN	IPC6122-D	OceanStor SNS2124
AP4050DN-E	IPC6122-P	OceanStor SNS2224
AP4050DN-HD	IPC6232-IR	OceanStor SNS2248
AP430-E	IPC6611-Z30-I	OceanStor SNS2624
AP5030DN-C	IPC6621-Z30-I	OceanStor SNS3096
AP6010DN-AGN	IPE	OceanStor SNS3664
AP6050DN	MicroDC	OceanStor SNS5120
AP6150DN	NetCOL	OceanStor SNS5192
AP7050DE	NetEngine16EX	OceanStor SNS5384
AP7050DN-E	NIP5000I	OceanStor SNS5604
AP8130DN-W	OceanStor 18500	OceanStor SNS5608
AP9131DN	OceanStor 18500 V5	OceanStor Toolkit
AR1200	OceanStor 18500F V3	OceanStor UltraPath
AR1200-S	OceanStor 18500F V5	OceanStor VIS6300
AR150	OceanStor 18800	OceanStor VIS6600
AR150-S	OceanStor 18800 V3	OceanStor VIS6600T
AR160F	OceanStor 18800 V5	OceanStor VTL Solution
AR160F-S	OceanStor 18800F	OceanStor VTL6900
AR200	OceanStor 18800F V3	OptiX RTN 620
AR200-S	OceanStor 18800F V5	R250D-E
AR2200	OceanStor 2200 V3	RP200
AR2200-S	OceanStor 2600 V3	S12700
AR2500	OceanStor 2600F V3	S5700
AR28-11	OceanStor 2800 V3	S7700
AR29-21	OceanStor 2800 V5	S9700
AR3200	OceanStor 5100 V3	Seco VSM
AR3200-S	OceanStor 5300 V3	Secospace AntiDDoS1500-D
AR46-40	OceanStor 5300 V5	Secospace AntiDDoS1520
AR46-80	OceanStor 5300F V5	Secospace AntiDDoS1550
AR49-45	OceanStor 5500 V3	Secospace AntiDDoS8000
AR530	OceanStor 5500 V5	Secospace AntiDDoS8030
AR550	OceanStor 5500F V3	Secospace AntiDDoS8080
AR-DCP	OceanStor 5500F V5	Secospace AntiDDoS8160
ASG2050	OceanStor 5600 V3	Secospace USG6600
ASG2100	OceanStor 5600 V5	SeMG9811
ASG2150	OceanStor 5600F V3	SMSC
ASG2200	OceanStor 5600F V5	SMSGW
ASG2600	OceanStor 5800 V3	SoftCo
ASG2800	OceanStor 5800 V5	SRG2300
CloudEngine 12800	OceanStor 5800F V3	SRG3300
CloudEngine 5800	OceanStor 5800F V5	TE Desktop
CloudEngine 6800	OceanStor 6800 V3	TE Mobile
CSB	OceanStor 6800 V5	TE30
DP300	OceanStor 6800F V3	TE30-V
DSM	OceanStor 6800F V5	TE40
E6000	OceanStor 6900 V3	TE50
E6000 Chassis	OceanStor 9000	TE60
EG860-D61	OceanStor 9000S	TP3106
ES3000	OceanStor Backup Software	UAP3300
eSpace 7800 Series	OceanStor BCManager	UMA
eSpace 7910	OceanStor DJ	UPS2000
eSpace 7950	OceanStor Dorado2100 G2	USG9500
eSpace IAD	OceanStor Dorado5000 V3	USG9520
eSpace Mobile	OceanStor Dorado5100	USG9560
eSpace NVR6008	OceanStor Dorado6000 V3	USG9580
eSpace NVR6008-1U	OceanStor HDP3500E	VC Integration Module
eSpace NVR6016	OceanStor N8500	ViewPoint 8660
eSpace NVR6032	OceanStor Onebox	ViewPoint GK
eSpace POM	OceanStor ReplicationDirector	ViewPoint MM
eSpace SBC	OceanStor S2200T	ViewPoint RM
eSpace U1910	OceanStor S2600T	VPC620
eSpace U1911	OceanStor S2900	VPC800
eSpace U1930	OceanStor S3900	X6000
eSpace U1960	OceanStor S5500T	X8000

Revision History

2018-08-06 V2.2 Updated Update the list of the affected and not affected products
2018-04-09 V2.1 Updated Update the list of the affected and not affected products
2018-02-27 V2.0 Updated Update the security notice description information
2018-02-24 V1.9 Updated Update the list of the affected and not affected products
2018-02-11 V1.8 Updated Update the list of the affected and not affected products
2018-01-26 V1.7 Updated Update the list of the affected and not affected products
2018-01-25 V1.6 Updated Update the list of the not affected products
2018-01-18 V1.5 Updated Added the list of the affected products
2018-01-12 V1.4 Updated Added the list of the affected products
2018-01-11 V1.3 Updated Added the list of the affected products
2018-01-09 V1.2 Updated Added the list of the affected products
2018-01-06 V1.1 Updated Added the list of the affected products and SA link
2018-01-04 V1.0 INITIAL

Huawei Security Procedures

Huawei adheres to protecting the ultimate interests of users with best efforts and the principle of responsible disclosure and deal with product security issues through our response mechanism.

To enjoy Huawei PSIRT services and obtain Huawei product vulnerability information, please visit http://www.huawei.com/en/psirt.
To report a security vulnerability in Huawei products and solutions, please send it to PSIRT@huawei.com. For details, please visit http://www.huawei.com/en/psirt/report-vulnerabilities.

Reference links

Intel: https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00088&languageid=en-fr

https://newsroom.intel.com/news/intel-responds-to-security-research-findings/

ARM：https://developer.arm.com/support/security-update

Microsoft：https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180002

Red Hat：https://access.redhat.com/security/vulnerabilities/speculativeexecution

SUSE: https://www.suse.com/support/kb/doc/?id=7022512