Forum Stats

  • 3,727,839 Users
  • 2,245,474 Discussions
  • 7,853,061 Comments

Discussions

About x86 firmware patches (January's Critical Patch) and CVE-2017-5715

User12674443-Oracle
User12674443-Oracle Member Posts: 5
edited January 2019 in Oracle x86 Servers

Hi everyone,

January's Critical Patch Update (link below)  includes the following note regarding the X86 servers and vulnerability CVE-2017-5715

"Note 1: These firmware patches include Intel microcode that enable OS and VM level mitigations for CVE-2017-5715. Application of firmware patches to pick up the Intel microcode is required only for Oracle x86 servers using non Oracle OS and Virtualization software. Oracle OS and Oracle VM patches for CVE-2017-5715 include updated Intel microcode."

http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html

When they say "Application of firmware patches to pick up the Intel microcode is required only for Oracle x86 servers using non Oracle OS and Virtualization software",  Do they refer to the patches (firmware) they are releasing for these servers with the January's Patch Update or they are referring to other firmware patches for intel microcode?

Regarding this statement "Oracle OS and Oracle VM patches for CVE-2017-5715 include updated Intel microcode".  If we install these OS or VM patches we should still install the firmware patches released with January's Critical Patch right?

Thanks in advance.

Al

Answers

  • Sreek-Oracle
    Sreek-Oracle Member Posts: 71 Employee
    edited January 2019

    Its one year old query - not sure if it still stands validity.

    CVE-2018-3640 (Spectre v3a), CVE-2018-3639 (Spectre v4) Vulnerabilities : Intel Processor Microcode Availability (Doc ID 2406316.1)

Sign In or Register to comment.