Product Security Advisory: Meltdown and Spectre vulnerability in Promise VTrak series
Jan 26 2018
Background:
In December 2017 information about two vulnerabilities in modern processors were published. These exploits are often referred to as Meltdown and Spectre.
The Meltdown and Spectre exploits are detailed in the URL below
Meltdown:
Meltdown breaks the most fundamental isolation between user applications and the operating system. This attack allows a program to access the memory, and thus also the secrets, of other programs and the operating system. This may include passwords and sensitive data stored on the system
Spectre:
Spectre breaks the isolation between different applications. It allows an attacker to trick error-free programs, which follow best practices on speculative execution into leaking their secrets.
Promise VTrak:
Promise storage subsystems use an embedded OS with a close system design which does not allow users to add software, thus preventing the injection of malicious code or malware for the Meltdown or Spectra attacks. Nevertheless, Promise will take proactive measure to monitor the progress and recommendations from Intel and other CPU vendors regarding microcode updates.
VTraks not affected:
The Ex10 product line does not use an Intel or AMD x86 processor and is not affected by Spectre and Meltdown.
Contact Promise Technology Support
Need more help? Save time by starting your support request online and a technical support agent will be assigned to your case.
Promise Technology Technical Support >
