- 3,714,736 Users
- 2,242,615 Discussions
- 7,845,036 Comments
Forum Stats
Discussions
Categories
- Industry Applications
- 3.2K Intelligent Advisor
- Insurance
- 1K On-Premises Infrastructure
- 362 Analytics Software
- 32 Application Development Software
- 1.7K Cloud Platform
- 700.5K Database Software
- 17.4K Enterprise Manager
- 7 Hardware
- 166 Infrastructure Software
- 89 Integration
- 52 Security Software
About x86 firmware patches (January's Critical Patch) and CVE-2017-5715

Hi everyone,
January's Critical Patch Update (link below) includes the following note regarding the X86 servers and vulnerability CVE-2017-5715
"Note 1: These firmware patches include Intel microcode that enable OS and VM level mitigations for CVE-2017-5715. Application of firmware patches to pick up the Intel microcode is required only for Oracle x86 servers using non Oracle OS and Virtualization software. Oracle OS and Oracle VM patches for CVE-2017-5715 include updated Intel microcode."
http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
When they say "Application of firmware patches to pick up the Intel microcode is required only for Oracle x86 servers using non Oracle OS and Virtualization software", Do they refer to the patches (firmware) they are releasing for these servers with the January's Patch Update or they are referring to other firmware patches for intel microcode?
Regarding this statement "Oracle OS and Oracle VM patches for CVE-2017-5715 include updated Intel microcode". If we install these OS or VM patches we should still install the firmware patches released with January's Critical Patch right?
Thanks in advance.
Al
Answers
-
Its one year old query - not sure if it still stands validity.
CVE-2018-3640 (Spectre v3a), CVE-2018-3639 (Spectre v4) Vulnerabilities : Intel Processor Microcode Availability (Doc ID 2406316.1)