What has Intel done regarding the Intel Security Advisory for Software/Side-Channel Analysis, Kernel Memory Leak?
We have a validated firmware fix and OS patches documented below for server systems equipped with Intel® Visual Compute Accelerators (Intel® VCA) VCA1283LVV or VCA1585LMV.
Intel recommends that you install updated firmware and the following operating system updates on both the server system and on Intel VCA cards:
- For host system’s firmware, contact your server system vendor.
- For Intel® Server Boards and Intel® Server Systems validated for usage with Intel Visual Compute Accelerators:
Impacted Server Product Family BIOS Version Required for Fix Intel® Server Board S2600WF Boards and Systems 00.01.0013 (SUP)
Intel® Server Board S2600WT Boards and Systems 1.01.0024 (SUP)
- You must install CentOS* version 7.4 or Ubuntu* 16.04.3 (Intel VCA Software Version 2.1 only) on the host system in order to conform security requirements against Side-Channel Analysis Method.
- Following Intel VCA BIOS version and OS updates are required for the fix on each of the 3 compute nodes on each Intel VCA card:
Software Version 1.3 Software Version 1.5 Software Version 2.1 Intel® Visual Compute Accelerator (Intel® VCA) VCA1283LVV Patched Intel VCA Software release 1.3 for Intel® Xeon® Processor E3-1283L v4 consisting of BIOS OACGC108, Intel VCA drivers, MSS PV3, CentOS* 7.4 with security kernel patches 3.10.693 Patched Intel VCA Software release 1.5 for Intel Xeon Processor E3-1283L v4 consisting of BIOS OACGC305 Intel VCA drivers, MSS PV3, CentOS 7.4 with security kernel patches 3.10.693 and 4.4.115 Intel VCA Software release 2.1 for Intel Xeon Processor E3-1283L v4 consisting of BIOS OACGC305, Intel VCA drivers, MSS PV3, CentOS 7.4 with security kernel patches 3.10.693 and Ubuntu* 16.04.3 LTS with security kernel patches 4.4.0-112 Intel® Visual Compute Accelerator 2 VCA1585LMV N/A Intel VCA Software release 1.5 for Intel Xeon Processor E3-1585L v5 consisting of BIOS 0ACIE203
MSS PV3 CentOS 7.4 with security kernel patch 3.10.693, and 4.4.115
Intel VCA Software release 2.1 for Intel Xeon Processor E3-1585L v5 consisting of BIOS 0ACIE203
MSS PV3 CentOS 7.4 with security kernel patch 3.10.693, and Ubuntu 16.04.3 with security kernel patches 4.4.0-112 and 4.13.0-32 HWE
For download links for patched software packages, refer to Software Versions 1.3, 1.5, 2.1, or any later version columns in this table.
- For Windows* OS images for Intel VCA compute nodes, the security patches provided by Microsoft are required for the fix.
See the Intel-SA-00088 Security Advisory for more details about the advisory and which products are affected.
See Facts About Side-Channel Analysis for complete information and Frequently Asked Questions.