NEC Storage Products:
Processor Vulnerability (Side-channel Attack) Information

Thank you for your continued patronage for NEC Storage products.

New vulnerabilities (CVE-2018-3615, CVE-2018-3620 and CVE-2018-3646) have been recently found in processors supporting speculative execution and out-of-order execution features. Previously, this page addressed processors targeted with similar feature functions (referenced below).

January 2018 (CVE-2017-5715, CVE-2017-5753, CVE-2017-5754)
May 2018 (CVE-2018-3639, CVE-2018-3640)

NEC Storage products are not affected by those three new vulnerabilities and the five existing ones. In order to exploit the vulnerabilities, it is necessary to execute the malicious code on the targeted system(s) but NEC Storage products do not allow the execution of external code. As a result, these products are protected from exploitation of the security vulnerabilities.

Information on the Vulnerability

Vulnerabilities Reported in August 2018 (CVE-2018-3615, CVE-2018-3620, CVE-2018-3646)

Relevant information:

CERT/CC Vulnerability Note VU# 982149
  Intel processors are vulnerable to a speculative execution side-channel attack called L1 Terminal Fault (L1TF)
https://www.kb.cert.org/vuls/id/982149

Press release published by Intel Corporation
     (Aug. 14, 2018: Protecting Our Customers through the Lifecycle of Security Threats)

Vulnerabilities reported in May 2018 (CVE-2018-3639, CVE-2018-3640)

Relevant information: 

CERT/CC Vulnerability Note VU# 180049
  CPU hardware utilizing speculative execution may be vulnerable to cache side-channel attacks
https://www.kb.cert.org/vuls/id/180049

Press release published by Intel Corporation
     (May 21, 2018: Addressing New Research for Side-Channel Analysis)

Vulnerabilities reported in January 2018 (CVE-2017-5715, CVE-2017-5753, CVE-2017-5754)

Confirmed Products of NEC Storage