For a PGP signed version of this security bulletin please write to: hp-security-alert@hp.com

CVSS 3.0 Base Metrics

Reference Base Vector Base Score CVE-2017-5715 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N 5.6 CVE-2017-5753 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N 5.6 CVE-2017-5754 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N 5.6

Google Project Zero and other researchers discovered the initial three vulnerabilities. There are three variants of the vulnerability, which have been grouped by the researchers into two code names as shown in the table below. There are additional side-channel vulnerabilities added for reference that are addressed either in this bulletin or a separate bulletin.

Vulnerability Patched through Variant 1 Spectre Bounds check bypass (CVE-2017-5753) Requires OS update Variant 2 Branch target injection (CVE-2017-5715) Requires OS update MCU Update (BIOS) Variant 3 Meltdown Rogue data cache load (CVE-2017-5754) Requires OS update Variant 4 SSB Speculative Store Bypass (CVE-2018-3639) HPSBHF03584 - Derivative Side-Channel Analysis Method Meltdown Meltdown-PK Protection key bypass Requires OS update Meltdown Meltdown-BR Bounds check bypass Requires OS update Variant 1 Spectre-PHT Bounds check bypass - pattern history table Requires OS update Variant 1.1 Spectre-PHT Bounds check bypass - pattern history table Requires OS update Variant 2 Spectre-BTB Branch target injection Requires OS update MCU Update (BIOS) Variant 4 Spectre-STL Speculative Store Bypass HPSBHF03584 - Derivative Side-Channel Analysis Method Net2spec Spectre-RSB Return stack buffer Requires OS update Variant 1 SplitSpectre Similar to Spectre variant 1 with attacker gadget Requires OS update note: Variants 1 and 2 may require additional application software and/or driver updates.

Variant 3 may require third party driver updates.

HP has been working closely with Intel, AMD, and Microsoft to patch these vulnerabilities. Refer to this Security Bulletin for updates.

In January 2018, Intel provided guidance to stop deployment of the CPU Microcode updates. Intel has since provided new CPU Microcode updates and Intel is recommending that these new updates be deployed (see table below for Softpaqs).

On May 21, 2018, two additional analysis methods were disclosed, similar to the original Spectre and Meltdown vulnerabilities. These were named Variant 3a and Variant 4. HP published a new Security Bulletin to deliver Softpaq mitigations, HPSBHF03584 - Derivative Side-Channel Analysis Method

On November 13, 2018 researchers disclosed an additional seven variants of Spectre/Meltdown which are also covered by the original Spectre/Meltdown mitigations listed in the Resolution section.

On December 4, 2018, news media reported on an additional research paper from Northeastern University and IBM describing a simpler attack method for Spectre Variant 1, called “SplitSpectre”. This vulnerability is also covered by the original Spectre/Meltdown mitigations listed in the Resolutions section.

At HP we take security very seriously - it is a top issue for our customers and the foundation of trust in our products. We are focused on addressing security issues and providing the required updates to protect our customers.