Huawei Cloud Services discovered information leak vulnerabilities

Huawei Cloud Services discovered information leak vulnerabilities

2020-12-25 0 By Huawei

discovered information leak in Services and other related products. On December 23, Huawei released a security update to address vulnerabilities in cloud services and other related products. The products on the list should be upgraded as soon as possible.

Intel and security researchers previously disclosed three new processor-side channel vulnerabilities (CVE-2018-3615, CVE-2018-3620 and CVE-2018-3646). Successful exploitation of these vulnerabilities could allow local attackers to read the memory of other processes under certain conditions. The researchers called these vulnerabilities “Foresight” and “Prediction-NG”. They are also called L1 terminal faults (L1TF) in the industry.

Customers should contact the Huawei Technical Support Center (Huawei TAC) to request an upgrade.

For TAC contact information, please visit Huawei’s global website http://www.huawei.com/en/psirt/report-vulnerabilities.

Click on the source link for more detailed information. Source: Huawei

Vulnerability detail:
CVE-2018-3615, CVE-2018-3620, CVE-2018-36464 Vulnerability level: important

A system with a microprocessor that uses speculative execution and address translation can allow unauthorized disclosure of information in the L1 data cache to an attacker through local user access through terminal page errors and secondary channel analysis.

Product nameAffected versionRepaired version
1288H V5Versions earlier than V100R005C00SPC117 (BIOS V081)V100R005C00SPC117 (BIOS V081)
2288H V5Versions earlier than V100R005C00SPC117 (BIOS V081)V100R005C00SPC117 (BIOS V081)
Agile Controller-CampusV100R001C00V100R003C30SPC100
Agile Controller-CampusV100R002C00V100R003C30SPC100
Agile Controller-CampusV100R002C10V100R003C30SPC100
BH620 V2Versions earlier than V100R002C00SPC302 (BIOS V370)V100R002C00SPC302 (BIOS V370)
BH621 V2Versions earlier than V100R002C00SPC301 (BIOS V370)V100R002C00SPC301 (BIOS V370)
BH622 V2Versions earlier than V100R002C00SPC309 (BIOS V521)V100R002C00SPC309 (BIOS V521)
BH640 V2Versions earlier than V100R002C00SPC307 (BIOS V521)V100R002C00SPC307 (BIOS V521)
CH242 V3Versions earlier than V100R001C00SPC331 (BIOS V358)V100R001C00SPC331 (BIOS V358)
EulerOSV200R007C00V200R007C00SPC200
FusionCubeV100R002C023.01.2001
FusionCubeV100R002C303.01.2001
FusionCubeV100R002C703.01.2001
FusionSphere OpenStackV100R006C00RC3B036V100R006C30SPC100
V100R006C10SPC112UVP KVM 2.5.RC9
GTSOFTX3000V200R002C20V200R002C20SPC600
HUAWEI MateBook X Pro (MACH-W19/ MACH-W29)Versions earlier than BIOS 1.12BIOS 1.12
RH1288 V2Versions earlier than V100R002C00SPC640 (BIOS 520)V100R002C00SPC640 (BIOS 520)
RH1288A V2Versions earlier than V100R002C00SPC710 (BIOS V521)V100R002C00SPC710 (BIOS V521)
RH2265 V2Versions earlier than V100R002C00SPC510 (BIOS V519)V100R002C00SPC510 (BIOS V519)
RH2268 V2Versions earlier than V100R002C00SPC609 (BIOS V519)V100R002C00SPC609 (BIOS V519)
RH2285 V2Versions earlier than V100R002C00SPC511 (BIOS V521)V100R002C00SPC511 (BIOS V521)
RH2285H V2Versions earlier than V100R002C00SPC511 (BIOS V521)V100R002C00SPC511 (BIOS V521)
RH2288 V2Versions earlier than V100R002C00SPC610 (BIOS 520)V100R002C00SPC610 (BIOS 520)
RH2288A V2Versions earlier than V100R002C00SPC710 (BIOS V521)V100R002C00SPC710 (BIOS V521)
RH2288E V2Versions earlier than V100R002C00SPC302 (BIOS V519)V100R002C00SPC302 (BIOS V519)
RH2288H V2Versions earlier than V100R002C00SPC620 (BIOS 520)V100R002C00SPC620 (BIOS 520)
RH2485 V2Versions earlier than V100R002C00SPC713 (BIOS V521)V100R002C00SPC713 (BIOS V521)
SMC2.0V500R002C00V600R006C10SPC800
UC Audio RecorderV100R001C01eSpace Audio Recorder V100R001C01SPC100
UC Audio RecorderV100R001C02eSpace Audio Recorder V100R001C02SPC300
VP9630V600R006C10V600R019C00
VP9660V600R006C10V600R019C00
eLogV200R003C10V200R005C00SPC208
eLogV200R003C20V200R005C00SPC208
eSpace U2980V100R001C01V100R001C10SPC601
eSpace U2980V100R001C02V100R001C10SPC601
eSpace U2980V100R001C10V100R001C10SPC601
eSpace U2980V200R003C00V100R001C10SPC601
eSpace UMSV200R002C00V200R002C00SPC300
iManager NetEcoV600R007C00iManager NetEco 6000-TOOL_Linux_AutoInstall V600R007C00SPC260
iManager NetEcoV600R007C10iManager NetEco 6000-TOOL_Linux_AutoInstall V600R007C00SPC260
iManager NetEcoV600R007C11iManager NetEco 6000-TOOL_Linux_AutoInstall V600R007C00SPC260
iManager NetEcoV600R007C12iManager NetEco 6000-TOOL_Linux_AutoInstall V600R007C00SPC260
iManager NetEcoV600R007C20iManager NetEco 6000-TOOL_Linux_AutoInstall V600R007C00SPC260
iManager NetEcoV600R007C30iManager NetEco 6000-TOOL_Linux_AutoInstall V600R007C00SPC260
iManager NetEcoV600R007C40iManager NetEco 6000-TOOL_Linux_AutoInstall V600R007C00SPC260
iManager NetEcoV600R007C50iManager NetEco 6000-TOOL_Linux_AutoInstall V600R007C00SPC260
iManager NetEcoV600R007C60iManager NetEco 6000-TOOL_Linux_AutoInstall V600R007C00SPC260
iManager NetEcoV600R008C00iManager NetEco 6000-TOOL_Linux_AutoInstall V600R007C00SPC260
iManager NetEcoV600R008C10iManager NetEco 6000-TOOL_Linux_AutoInstall V600R007C00SPC260
iManager NetEcoV600R008C20iManager NetEco 6000-TOOL_Linux_AutoInstall V600R007C00SPC260
iManager NetEcoV600R008C30iManager NetEco 6000-TOOL_Linux_AutoInstall V600R007C00SPC260
iManager NetEco 6000V600R007C40iManager NetEco 6000-TOOL_Linux_AutoInstall V600R007C00SPC260
iManager NetEco 6000V600R007C60iManager NetEco 6000-TOOL_Linux_AutoInstall V600R007C00SPC260
iManager NetEco 6000V600R007C80iManager NetEco 6000-TOOL_Linux_AutoInstall V600R007C00SPC260
iManager NetEco 6000V600R007C90iManager NetEco 6000-TOOL_Linux_AutoInstall V600R007C00SPC260
iManager NetEco 6000V600R008C00iManager NetEco 6000-TOOL_Linux_AutoInstall V600R007C00SPC260