Cisco Bug: CSCvh68612 - Side Channel Analysis vulnerability - Hyperflex Controller VM software
Aug 13, 2019
- Cisco HyperFlex HX-Series
Known Affected Releases
Symptom: The HyperFlex product is based on a hardware platform that is affected by the vulnerabilities identified by the following Common Vulnerability and Exposures (CVE) IDs: CVE-2017-5715 - Branch Target Injection Side-Channel Information Disclosure Vulnerability (aka Spectre (Variant 2)) CVE-2017-5753 - Bounds Check Bypass Side-Channel Information Disclosure Vulnerability (aka Spectre (Variant 1)) CVE-2017-5754 - Rogue Data Cache Load Side-Channel Information Disclosure Vulnerability (aka Meltdown (Variant 3)) A HyperFlex solution on VMware ESXi Hypervisor consists of four components: 1) ESXi Hypervisor 2) HyperFlex Controller VM 3) HyperFlex hardware platform for hyper-converged and compute only nodes (UCS microcode) 4) Guest VM OS updates Conditions: Exposure is not configuration dependent.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.
Bug Details Include
- Full Description (including symptoms, conditions and workarounds)
- Known Fixed Releases
- Related Community Discussions
- Number of Related Support Cases