The H3C Technical Solution Bulletin for Rogue Register Load(Variant 3a) Security Vulnerability (CVE-2018-3640)

 

Background

On May 21. 2018, the vulnerability was disclosed, referred to as Rogue Register Load or Variant 3A (CVE-2018-3640) that allows an attacker to improperly access processor registers. This vulnerability impacts Intel-based products only. Mitigation for this vulnerability requires only a System ROM update that includes a new Intel microcode. The same microcode required for mitigation of Speculative Store Bypass or Variant 4 will also mitigate Rogue Register Load or Variant 3A. The vulnerability numbers is CVE-2018-3640.

Impact

An attack that exploits the vulnerability requires malicious code to run on the system.

H3C Products

H3C R&D team quickly investigated the H3C products after the vulnerabilities were publicly disclosed.

We found below products are in impact scope:

l IMC

l SDN products

l Storage products

l H3C Server products

Solution for H3C Products

For product solutions, please contact H3C Service Hotline: +852 2907 0456 or email: service_hk@h3c.com.