THE POSSIBILITIES ARE INFINITE

  1. Home > Support > Mobile

Side-Channel Analysis Method (Spectre & Meltdown) Security Review


Reference: Security vulnerabilities (CVE 2017- 5715,CVE 2017- 5753,CVE 2017- 5754,SA-00088)

Summary:
Malicious code utilizing a new method of side-channel analysis and running locally on a normally operating platform has the potential to allow the inference of data values from memory. This issue takes advantage of techniques commonly used in many modern processor architectures.

Potential impacts:
Elevation of Privilege / Information Disclosure
The exploits do not have the potential to corrupt, modify or delete data.

For more detailed information please refer to Intel® Speculative Execution and Indirect Branch Prediction Side Channel Analysis Method (Intel-SA-00088)

Affected Fujitsu Products:
A number of Fujitsu products are affected by these vulnerabilities. Fujitsu is working to distribute patches for all affected products that are currently supported. Older systems that are no longer supported will not be patched.
An overview of the affected Client Computing Devices can be found here:

Model NameUpdate TypeRelease Date1
LIFEBOOK E547BIOSFeb 2018
LIFEBOOK E557BIOSFeb 2018
LIFEBOOK P727BIOSFeb 2018
LIFEBOOK T937BIOSFeb 2018
LIFEBOOK U727BIOSFeb 2018
LIFEBOOK U747BIOSFeb 2018
LIFEBOOK U757BIOSFeb 2018
LIFEBOOK U937BIOSFeb 2018
STYLISTIC Q737BIOSFeb 2018
LIFEBOOK E546BIOSFeb 2018
LIFEBOOK E556BIOSFeb 2018
LIFEBOOK E736BIOSFeb 2018
LIFEBOOK E746BIOSFeb 2018
LIFEBOOK E756BIOSFeb 2018
LIFEBOOK T726BIOSFeb 2018
LIFEBOOK T936BIOSFeb 2018
LIFEBOOK U727 6th GenBIOSFeb 2018
LIFEBOOK U747 6th GenBIOSFeb 2018
LIFEBOOK U757 6th GenBIOSFeb 2018
STYLISTIC Q616BIOSFeb 2018
STYLISTIC Q736BIOSFeb 2018
STYLISTIC R726BIOSTBD
LIFEBOOK T725BIOSTBD
LIFEBOOK T935BIOSTBD
LIFEBOOK U745BIOSTBD
STYLISTIC Q665BIOSTBD
STYLISTIC Q775BIOSTBD
LIFEBOOK AH564BIOSTBD
LIFEBOOK E544BIOSTBD
LIFEBOOK E554BIOSTBD
LIFEBOOK E734BIOSTBD
LIFEBOOK E744BIOSTBD
LIFEBOOK E754BIOSTBD
LIFEBOOK T734BIOSTBD
LIFEBOOK T904BIOSTBD
LIFEBOOK U904BIOSTBD
STYLISTIC Q704BIOSTBD
LIFEBOOK AH532BIOSTBD
LIFEBOOK AH562BIOSTBD
LIFEBOOK E733BIOSTBD
LIFEBOOK E743BIOSTBD
LIFEBOOK E753BIOSTBD
LIFEBOOK E752BIOSTBD
LIFEBOOK LH532BIOSTBD
LIFEBOOK P702BIOSTBD
LIFEBOOK P772BIOSTBD
LIFEBOOK S762BIOSTBD
LIFEBOOK S752BIOSTBD
LIFEBOOK T732BIOSTBD
LIFEBOOK T902BIOSTBD
LIFEBOOK U772BIOSTBD
LIFEBOOK UH572BIOSTBD
STYLISTIC Q702BIOSTBD
STYLISTIC Q507BIOSTBD
STYLISTIC Q335BIOSTBD
STYLISTIC Q555BIOSTBD
STYLISTIC Q584BIOSTBD
STYLISTIC V535BIOSTBD
1. Dates are subject to change

Mitigation:
Referring to the recommendations made by third-party suppliers, Fujitsu strongly advises all customers to update affected products. Updates are provided through an updated version of the BIOS and the necessary patches for the dedicated operating system. Under some circumstances, enabling these updates may affect performance. The actual performance impact will depend on multiple factors, such as the specific CPU generation in your physical host and the system load (used application). Fujitsu recommends that customers assess the performance impact for their system environment and make necessary adjustments.

The security of our products and our customers’ data is number one priority for Fujitsu. We are continuing to work with our partners in the industry to minimize any potential performance impact.

Fujitsu highly recommends customers to ensure that systems are physically secured where possible, and follow good security practices to ensure that only authorized personnel have access to devices.

Recommended steps:

  1. It is necessary to update the BIOS
  2. Consult the list of affected Fujitsu systems for the timing of BIOS availability.
  3. To download the respective updates for your system, please go to the Fujitsu Support page http://support.fujitsupc.com/CS/Portal/support.do?srch=DOWNLOADS and perform the following steps:

Microsoft Windows Advisory
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/ADV180002