Intel Security Advisory (Intel-SA-00088) Against Side-Channel Analysis Vulnerability for Intel® Visual Compute Accelerators VCA1283LVV and VCA1585LMV

Documentation

Troubleshooting

000028163

12/27/2018

What has Intel done regarding the Intel Security Advisory for Software/Side-Channel Analysis, Kernel Memory Leak?

We have a validated firmware fix and OS patches documented below for server systems equipped with Intel® Visual Compute Accelerators (Intel® VCA) VCA1283LVV or VCA1585LMV.

Intel recommends that you install updated firmware and the following operating system updates on both the server system and on Intel VCA cards:

  • For host system’s firmware, contact your server system vendor. ​​
     
  • For Intel® Server Boards and Intel® Server Systems validated for usage with Intel Visual Compute Accelerators:
    Impacted Server Product Family BIOS Version Required for Fix
    Intel® Server Board S2600WF Boards and Systems 00.01.0013 (SUP)
    00.01.0013 (SFUP)
    Intel® Server Board S2600WT Boards and Systems 1.01.0024 (SUP)
    1.01.0024 (FSUP)
  • You must install CentOS* version 7.4 or Ubuntu* 16.04.3 (Intel VCA Software Version 2.1 only) on the host system in order to conform security requirements against Side-Channel Analysis Method.
     
  • Following Intel VCA BIOS version and OS updates are required for the fix on each of the 3 compute nodes on each Intel VCA card:
      Software Version 1.3 Software Version 1.5 Software Version 2.1
    Intel® Visual Compute Accelerator (Intel® VCA) VCA1283LVV Patched Intel VCA Software release 1.3 for Intel® Xeon® Processor E3-1283L v4 consisting of BIOS OACGC108, Intel VCA drivers, MSS PV3, CentOS* 7.4 with security kernel patches 3.10.693 Patched Intel VCA Software release 1.5 for Intel Xeon Processor E3-1283L v4 consisting of BIOS OACGC305 Intel VCA drivers, MSS PV3, CentOS 7.4 with security kernel patches 3.10.693 and 4.4.115 Intel VCA Software release 2.1 for Intel Xeon Processor E3-1283L v4 consisting of BIOS OACGC305, Intel VCA drivers, MSS PV3, CentOS 7.4 with security kernel patches 3.10.693 and Ubuntu* 16.04.3 LTS with security kernel patches 4.4.0-112
    Intel® Visual Compute Accelerator 2 VCA1585LMV N/A Intel VCA Software release 1.5 for Intel Xeon Processor E3-1585L v5 consisting of BIOS 0ACIE203
    MSS PV3 CentOS 7.4 with security kernel patch 3.10.693, and 4.4.115    		 Intel VCA Software release 2.1 for Intel Xeon Processor E3-1585L v5 consisting of BIOS 0ACIE203
    MSS PV3 CentOS 7.4 with security kernel patch 3.10.693, and Ubuntu 16.04.3 with security kernel patches 4.4.0-112 and 4.13.0-32 HWE

    For download links for patched software packages, refer to Software Versions 1.3, 1.5, 2.1, or any later version columns in this table.

  • For Windows* OS images for Intel VCA compute nodes, the security patches provided by Microsoft are required for the fix.
     

See the Intel-SA-00088 Security Advisory for more details about the advisory and which products are affected.

See Facts About Side-Channel Analysis for complete information and Frequently Asked Questions.