Lucene search

F5F5:K41043270

HistorySep 08, 2021 - 12:00 a.m.

K41043270 : Intel processor vulnerabilities CVE-2021-0086 and CVE-2021-0089

2021-09-0800:00:00

my.f5.com

6.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

6.2 Medium

AI Score

Confidence

High

2.1 Low

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

0.0005 Low

EPSS

Percentile

14.9%

JSON

Security Advisory Description

CVE-2021-0086

Observable response discrepancy in floating-point operations for some Intel® Processors may allow an authorized user to potentially enable information disclosure via local access.

CVE-2021-0089

Observable response discrepancy in some Intel® Processors may allow an authorized user to potentially enable information disclosure via local access.

Impact

All versions of Virtual Edition (VE) for the BIG-IP and BIG-IQ products are potentially impacted if the processors underlying the VE installations are affected. Microcode updates from Intel are available to address this issue but must be applied at the hardware level, which is outside the scope of the ability of F5 to support or patch.

This hardware issue impacts all the BIG-IP, BIG-IQ, VIPRION, and VELOS platforms using the following Intel Xeon processor families:

Ivy Bridge EP
Sandy Bridge EP
Ivy Bridge
Sandy Bridge
Hanswell E
Broadwell
Skylake-D

The following BIG-IP, BIG-IQ, VIPRION, and VELOS platforms are vulnerable:

A112 VIPRION Blade 2250
A114 VIPRION Blade 4450
A118 VELOS Blade BX110
C109 BIG-IP 5000s, 5200v, 5050s, 5250v, 5250v-F
C115 BIG-IP iSeries i4600, i4800
C116 BIG-IP iSeries i10600, i10600-D, i10800, i10800-D
C117 BIG-IP iSeries i850, i2600, i2800
C118 BIG-IP iSeries i7600, i7600-D, i7800, i7800-D
C119 BIG-IP iSeries i5600, i5800
C123 BIG-IP iSeries i11600, i11800
C124 BIG-IP iSeries i11400-DS, i11600-DS, i11800-DS
C125 BIG-IP iSeries i5820-DF
C126 BIG-IP iSeries i7820-DF
D110 BIG-IP 7000s, 7200v, 7200s-SSL, 7200v-FIPS, 7050s, 7250v, 7055s, 7255s
D110 BIG-IQ 7000
D111 BIG-IP 12250v
D112 BIG-IP 10350v, 10150s-N, 10350v-N, 10350v-F
D113 BIG-IP 10000s, 10200v, 10200v-SSL, 10200v-FIPS, 10050s, 10250v, 10055s, 10255v
D116 BIG-IP iSeries i15600, i15800
E102 BIG-IP 11050 NEBS

The following BIG-IP and VIPRION platforms are not vulnerable:

A107 VIPRION Blade 4200
A108 VIPRION Blade 4300
A109 VIPRION Blade 2100
A110 VIPRION Blade 4340
A111 VIPRION Blade 4200N
A113 VIPRION Blade 2150
C102 BIG-IP 1600, 1600 LC
C103 BIG-IP 3600
C106 BIG-IP 3900
C112 BIG-IP 2000s, 2200s
C113 BIG-IP 4000s, 4200v
C114 BIG-IP 800
D104 BIG-IP 6900, 6900s, 6900 FIPS
D106 BIG-IP 8900, 8900 FIPS
D107 BIG-IP 8950, 8950s
E101 BIG-IP 11000, 11000 FIPS
E102 BIG-IP 11050 FIPS
E102 BIG-IP 11050

CPENameOperatorVersion
f5 ssl orchestratoreq14.1.0
f5 ssl orchestratoreq14.1.2
f5 ssl orchestratoreq14.1.4
f5 ssl orchestratoreq15.1.0
f5 ssl orchestratoreq15.1.1
f5 ssl orchestratoreq15.1.2
f5 ssl orchestratoreq15.1.9
f5 ssl orchestratoreq16.0.0
f5 ssl orchestratoreq16.0.1
f5 ssl orchestratoreq16.1.0

Name	Operator	Version
f5 ssl orchestrator	eq	14.1.0
f5 ssl orchestrator	eq	14.1.2
f5 ssl orchestrator	eq	14.1.4
f5 ssl orchestrator	eq	15.1.0
f5 ssl orchestrator	eq	15.1.1
f5 ssl orchestrator	eq	15.1.2
f5 ssl orchestrator	eq	15.1.9
f5 ssl orchestrator	eq	16.0.0
f5 ssl orchestrator	eq	16.0.1
f5 ssl orchestrator	eq	16.1.0