About the EEB
- This EEB is for all Access Appliance customers.
- This EEB is applicable to the Access Appliance software version 7.3.2.
- This EEB fixes the Variant #2 vulnerability for Intel BIOS.
- In an Access cluster, install the EEB successively on each of the nodes in the cluster.
This package contains the VRTSaccess-app-EEB-ET3948432-7.3.2.0-1.x86_64 EBB.
Background
CVE-2017-5715 (Spectre variant 2) is an indirect branching poisoning attack that can lead to data leakage. This attack allows a virtual guest to read memory from the host system. This issue is corrected with updated microcode from Intel, along with kernel and virtualization updates to the guest and host virtualization software from Veritas. Both of these updates are required to resolve this vulnerability. Variant #2 behavior is controlled by the ibrs and ibpb tunables (noibrs/ibrs_enabled and noibpb/ibpb_enabled), which work in conjunction with the microcode.
Solution design for the issues
This EEB resolves the Spectre variant 2 vulnerability. The relative Etrack cases are ET3948339 and ET3948432.
To resolve these issues, this EEB provides an updated BIOS patch package from Intel for Access 3340 Appliance version 7.3.2.
After the BIOS is completely updated, the appliance powers off during the reboot operation. You need to manually power the appliance on.
Steps to Install the EEB on Access 3340 Appliance 7.3.2
This EEB applies only to Access Appliance 7.3.2. With this upgrade, the BIOS version is update to SE5C620.86B.00.01.0013.030920180427. If the current BIOS version of the machine is the same or is later than this version, the upgrade cannot proceed.
Note: You need to install this EEB on each node of the Access 3340 Appliance.
We strongly recommend that you reboot the machine after the EEB is installed.
Note: Power on the machine manually if it does not reboot after shutdown.
To install the EEB, complete the following steps:
- Prepare the EEB on your local machine.
- Use the
scpcommand or other tools to copy the EEB to the Access Appliance directory:
/inst/patch/incoming
For example:scp VRTSaccess-app-EEB-ET3948432-7.3.2.0-1.x86_64.rpm admin@xxx.xxx.xxx.xxx:/inst/patch/incoming/
Password:P@ssw0rd - In the Access Appliance Shell Menu, navigate to the
Manage > Softwareview. - Run the following command from the
Manage > Softwareview:
List Downloaded
The EEB appears in the list. - Run the following command to install the latest version of the EEB:
Install VRTSaccess-app-EEB-ET3948432-7.3.2.0-1.x86_64.rpm - At the end of the installation, you are prompted to reboot the machine immediately. We strongly recommend that you select “yes”.
- After the machine powers off, power it on manually or via IPMI.
- Install the EEB on the other node.
The following shows an example of the output:
EEB Rollback
Note: You need to install this EEB on each node of the Access 3340 Appliance.
-
In the Access Appliance Shell Menu, navigate to the
Manage > Softwareview. -
Run the following command from the
Manage > Softwareview:
List EEBs
The EEBs those are installed on the appliance are listed. -
Run the following command to rollback VRTSaccess-app-EEB-ET3948432-7.3.2.0-1.x86_64.rpm:
Rollback VRTSaccess-app-EEB-ET3948432-7.3.2.0-1.x86_64.rpmNote: This EEB updates the Intel BIOS. Once it is installed, though the EEB can be uninstalled/rollback. The BIOS will not rollback actually.
Troubleshooting
- Save the files located under the
/log/app_vxul/V409-*and/log/flashupdtEEBoutput.logdirectories. - Take a screenshot of the EEB installation console output.
Was this content helpful?
Translated Content
Please note that this document is a translation from English, and may have been machine-translated. It is possible that updates have been made to the original version after this document was translated and published. Veritas does not guarantee the accuracy regarding the completeness of the translation. You may also refer to the English Version of this knowledge base article for up-to-date information.