NetApp, IBM, HPE, Lenovo, Dell EMC weigh in on Spectre, Meltdown

By on
NetApp, IBM, HPE, Lenovo, Dell EMC weigh in on Spectre, Meltdown

NetApp and IBM said there are no issues concerning their systems and the Spectre and Meltdown processor vulnerabilities. Lenovo and HPE have said they have software patches coming soon.

The mixed responses in the storage industry stand in contrast to the security and networking businesses, where top vendors have been in lockstep.

One reason storage vendors have been measured in their responses seems to be tied to how storage software acts as a buffer between data in the memory.

One storage vendor told CRN USA that embedded systems, such as storage servers that do not support local users, or provide a means for arbitrary user code to run on the embedded system, are inherently vulnerable from side-channel analysis attack. 

This is because such attacks require that malicious code to be run locally on a system. Also, the storage vendor source said, many embedded systems do not support different privilege levels.

IBM, in a support blog post, wrote that its POWER-based servers and System z mainframes will have patches available soon. However, IBM wrote, its storage systems are not impacted by the Spectre or Meltdown vulnerabilities.

"The most immediate action clients can take to protect themselves is to prevent execution of unauthorised software on any system that handles sensitive data, including adjacent virtual machines," IBM wrote.

Lenovo, in a statement to CRN USA, wrote, "Lenovo has assessed its storage portfolio for affected CPUs and will release UEFI firmware updates incorporating Intel CPU microcode fixes for affected CPUs as they are available from Intel. Lenovo is also evaluating Operating System updates for incorporation into supported storage products, where appropriate."

NetApp told CRN USA via email that its OnTap storage operating system was designed in such a way that malicious code cannot run on its storage systems.

Dell EMC said in an emailed statement to CRN USA that it is working with Intel and others to address the issue.

Hewlett Packard Enterprise emailed CRN USA a statement that "the quality of HPE products is our top priority and we are proactively working with Intel to develop software and firmware updates to mitigate this issue."

While patches are not yet universally ready, at least one review site, Tom's Hardware, said Friday that a Microsoft Meltdown patch it tested has little impact on storage application performance.

Tom's Hardware tested the patch with a 480-GB Intel 900P Optane SSD because of its ability to provide consistent performance and found virtually identical performance across a wide range of real-world consumer and business applications before and after the Microsoft patch was applied.

Matt Brown contributed to this article.

This article originally appeared at

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © 2018 The Channel Company, LLC. All rights reserved.

Most Read Articles

You must be a registered member of CRN to post a comment.
| Register

Log In

Username / Email:
  |  Forgot your password?