For more information, see End-of-Life and End-of-Sale Notices for C-Series Servers and End-of-Life and End-of-Sale Notices for B-Series Servers.

X-Series M8 5.4(0.250037) Server Firmware

Cisco UCS X210c M8 Compute Node

The Cisco UCS X210c M8 Compute Node is the third generation of compute node to integrate into the Cisco UCS X-Series Modular System. It delivers performance, flexibility, and optimization for deployments in data centers, and at remote sites. This enterprise-class server offers market-leading performance, versatility, and density without compromise for workloads. Up to eight compute nodes can reside in the 7-Rack-Unit (7RU) Cisco UCS X9508 Chassis, offering one of the highest densities of compute, I/O, and storage per rack unit in the industry.

The Cisco UCS X210c M8 Compute Node provides these main features:

• CPU: Up to 2x Intel® Xeon® 6 Scalable Processors with up to 86 cores per processor and and up to 336MB of Level 3 cache per CPU.

• Memory: Up to 8TB with 32 x 256GB DDR5-6400 DIMMs, in a 2-socket configuration with Intel® Xeon® 6 Scalable Processors.

• Storage:

  • Up to nine hot-pluggable EDSFF E3.S NVMe drives with a new passthrough front mezzanin controller option new to the Cisco UCS X210c M8.

  • Up to six hot-pluggable, solid-state rives (SSDs), or non-volatile memory express (NVMe) 2.5-inch drives with a choice of enterprise-class redundant array of independent disks (RAIDs) or passthrough controllers with four lanes each of PCIe Gen 5 connectivity.

  • Up to two M.2 SATA drives or two M.2 NVMe drives for flexible boot and local storage capabilities.

• Optional Front Mezzanine GPU module: The Cisco UCS Front Mezzanine GPU module GPU module is a passive PCIe Gen 4 front mezzanine option with support for up to two U.2 or U.3 NVMe drives and two HHHL GPUs.

• mLOM virtual interface cards:

  • Cisco UCS VIC (Virtual Interface Card) 15420 occupies the server's modular LAN on motherboard (mLOM) slot, enabling up to 50 Gbps (2x 25Gbps) of unified fabric connectivity to each of the chassis's intelligent fabric modules (IFMs) for 100 Gbps connectivity per server with secure boot technology.

  • Cisco UCS VIC 15230 occupies the server's modular LAN on motherboard (mLOM) slot, enabling up to 100 Gbps of unified fabric connectivity to each of the chassis's intelligent fabric modules (IFMs) for 100 Gbps connectivity per server with secure boot technology.

• Optional Mezzanine card:

  • Cisco UCS VIC 15422, a 5th Gen virtual interface card, can occupy the server's mezzanine slot at the bottom rear of the chassis. This card's I/O connectors link to Cisco UCS X-Fabric technology. An included bridge card extends this VIC's 4x 25 Gbps of network connections through IFM connectors, bringing the total bandwidth to 100 Gbps per fabric (for a total of 200 Gbps per server).

  • Cisco UCS PCI mezzanine card for Cisco UCS X-Fabric can occupy the server's mezzanine slot at the bottom rear of the chassis. This card's I/O connectors link to Cisco UCS X-Fabric modules and enable connectivity to the Cisco UCS X-Series PCIe Nodes.

  • All VIC mezzanine cards also provide I/O connections from the Cisco UCS X210c Compute Node to the Cisco UCS X-Series PCIe Nodes.

• Security: The server supports an optional trusted platform module (TPM). Additional features include a secure boot FPGA and ACT2 anti-counterfeit provisions.

Note	Cisco UCS X210c M8 Compute Node requires one of the following Cisco Intersight Infrastructure firmware versions: Cisco UCS 6400 and 6500 Series FI - 4.3(6.250048) or later. Cisco UCS X-Series Direct FI - 4.3(6.250094) or later.

For complete list of supported peripherals for Cisco UCS X210c M8 Compute Node, see Cisco UCS X210c M8 Compute Node Spec Sheet.

C-Series M8 4.3(6.250039) Server Firmware

• Cisco UCS C220 M8 Server

  The 1RU, 2-socket Cisco UCS C220 M8 Rack Server is designed to meet the needs of customers that choose to deploy high density rack-mount servers. It combines the latest Intel® processors and is a versatile general-purpose application and infrastructure server delivering leading performance and efficiency for a wide range of workloads, including virtualization, collaboration, and bare-metal applications.

  The Cisco UCS C220 M8 Server extends the capabilities of the Cisco UCS rack server portfolio incorporating Intel Xeon® 6 CPUs. It improves security, performance, and efficiency while helping achieve sustainability goals with built-in accelerators such as Intel Trust Domain Extensions (TDX), Intel Data Streaming Accelerator (DSA), Intel QuickAssist Technology (QAT), Intel Advanced Matrix Extensions (AMX), and Intel In-Memory Analytics Accelerator (IAA).

  Operating Expenses (OpEx) for power and cooling, management, and maintenance can be decreased by consolidating older servers onto the latest generation of Cisco UCS C220 M8 Rack Servers.

  The Cisco UCS C220 M8 Server is a dense, fault-tolerant server that provides value, performance, and flexibility for both commercial and enterprise customers.

  The Cisco UCS C220 M8 Server offers the following:

  • CPU: Up to 2x Intel Xeon 6700P or 6500P processors (1 or 2)

  • Memory:

    • 32 DIMM slots (16 DIMMS per CPU): 16, 32, 48, 64, 96, 128GB DDR5 at up to 6400 MT/s for up to 4TB of memory.

    • 32, 64GB MRDIMMs at up to 8000 MT/s.

  • PCIe expansion: Up to 3 PCIe 5.0 half-height slots or up to 2 PCIe 5.0 full-height slots plus 1 dedicated24-Gbps RAID controller slot and 1 dedicated mLOM/OCP 3.0 slot.

  • RAID controllers:

    • Cisco® 24-Gbps modular tri-mode RAID controller supports SAS 4 or NVMe hardware RAID.

    • Cisco 24-Gbps modular tri-mode SAS Host Bus Adapter (HBA).

  • Internal storage:

    • Backplane options:

      • Up to 10 SFF SAS/SATA/U.3 NVMe drives through SAS4 tri-mode RAID orHBA controller, with optional up to eight direct-attach U.2/U.3 NVMe drives.

      • Up to 16 E3.S 1T direct-attach NVMe drives at PCIe Gen5 x4 each.

  • mLOM/OCP 3.0:

    • One dedicated PCIe Gen5x16 slot that can be used to add an mLOM or OCP 3.0 card for additional rear-panel connectivity.

    • mLOM slot can flexibly accommodate 10/25/50 and 40/100/200 Gbps Cisco VIC adapters.

    • OCP 3.0 slot features full out-of-band manageability that supports Intel X710 OCP dual 10GBase-T through mLOM interposer.

  • Power supplies: Hot-pluggable, redundant platinum, and titanium options:

    • Platinum: 1050W DC and 1600W AC

    • Titanium: 1200W AC and 2300W AC

  • Other storage:

    • Dedicated Baseboard Management Controller (BMC) FlexMMC for utilities (on board).

    • Dual M.2 SATA SSDs (internal or hot-swappable) with HW RAID support.

  • GPU: Up to three single-wide GPUs supported.

  Note	Cisco UCS C-Series M8 servers support only 15000 series secure boot adapters. Cisco UCS C220 M8 server requires Cisco Intersight Infrastructure Firmware version 4.3(6.250048) or later.

  For complete list of supported peripherals for Cisco UCS C220 M8 Compute Node, see Cisco UCS C220 M8 Compute Node Spec Sheet.

• Cisco UCS C240 M8 Server

  The 2RU, 2-socket Cisco UCS C240 M8 Rack Server offers I/O flexibility and larger storage capacity. It combines the fastest Intel® processors and is a versatile general-purpose application and infrastructure server delivering leading performance and efficiency for a wide range of workloads, including AI, big-data analytics, databases, collaboration, virtualization, and high-performance computing.

  The Cisco UCS C240 M8 Server extends the capabilities of the Cisco UCS rack server portfolio by incorporatingIntel Xeon® 6 CPUs. It improves security, performance, and efficiency while helping you achieve your sustainability goals with built-in accelerators such as Intel Trust Domain Extensions (TDX), Intel DataStreaming Accelerator (DSA), Intel QuickAssist Technology (QAT), Intel Advanced Matrix Extensions(AMX), and Intel In-Memory Analytics Accelerator (IAA).

  You are able to decrease server Operating Expenses (OpEx) for power and cooling, management, and maintenance by consolidating older servers onto the latest generation of Cisco UCS C240 M8 Server.

  The Cisco UCS C240 M8 Server offers the following:

  • CPU: Up to 2x Intel Xeon 6700P or 6500P processors (1 or 2).

  • Memory:

    • 32 DIMM slots (16 DIMMS per CPU): 16, 32, 48, 64, 96, 128, 256GB DDR5 at up to 6400 MT/sfor up to 8TB of memory.

    • 32, 64GB MRDIMMs at up to 8000 MT/s.

  • PCIe expansion: Up to 8 PCIe 5.0 slots plus 1 dedicated 24-Gbps RAID controller slot and 1 dedicated mLOM/OCP 3.0 slot

  • RAID controllers:

    • Cisco 24-Gbps modular tri-mode RAID controller supports SAS 4 or NVMe hardware RAID.

    • Cisco 24-Gbps modular tri-mode SAS Host Bus Adapter (HBA).

  • Internal storage:

    • Backplane options: Up to 28 SFF SAS/SATA/U.3 NVMe drives through SAS4 tri-mode RAID orHBA controller, with optional up to eight direct-attach U.2/U.3 NVMe drives.

      • Up to 36 E3.S 1T direct-attach NVMe drives.

      • Up to 16 LFF SAS HDDs plus optional 4 rear SFF HDD/SSDs.

  • mLOM/OCP 3.0: One dedicated PCIe Gen5x16 slot that can be used to add an mLOM or OCP 3.0 card for additional rear-panel connectivity.

    • mLOM slot can flexibly accommodate 10/25/50 and 40/100/200 Gbps Cisco VIC adapters.

    • OCP 3.0 slot features full out-of-band manageability that supports Intel X710 OCP Dual 10GBase-T via mLOM interposer.

  • Power supplies: Hot-pluggable, redundant platinum and titanium options:

    • Platinum: 1050W DC and 1600W AC

    • Titanium: 1200W AC and 2300W AC

  • Other storage:

    • Dedicated Baseboard Management Controller (BMC) FlexMMC for utilities (on board).

    • Dual M.2 SATA SSDs (internal or hot-swappable) with HW RAID support.

  • GPU: Up to three double-wide or eight single-wide GPUs supported.

Note	Cisco UCS C-Series M8 servers support only 15000 series secure boot adapters. Cisco UCS C240 M8 server requires Cisco Intersight Infrastructure Firmware version 4.3(6.250048) or later.

For complete list of supported peripherals for Cisco UCS C240 M8 Compute Node, see Cisco UCS C240 M8 Compute Node Spec Sheet.

X-Series M8 5.3(0.250001) Server Firmware

• Support for the following 5th Generation AMD EPYC CPU on Cisco UCS X215c M8 Compute Node:

  • UCSX-CPU-A9655

  • UCSX-CPU-A9555

  • UCSX-CPU-A9355

  • UCSX-CPU-A9135

  • UCSX-CPU-A9575F

• Support for UCSC-GPU-MI210 GPU on Cisco UCS X215c M8 Compute Node.

• Support for the following DDR5-6400 MT/s DIMM for 5th Generation AMD EPYC™ CPU on Cisco UCS X215c M8 Compute Node:

  • UCS-MRX32G1RE5

  • UCS-MRX64G2RE5

• Support for the following DDR5-5600 MT/s DIMM for 4th Generation AMD EPYC™ CPU on Cisco UCS X215c M8 Compute Node:

  • UCSX-MR128G2RG3

C-Series M8 4.3(5.250001) Server Firmware

• Support for the following 5th Generation AMD EPYC CPU on Cisco UCS C245 M8 servers:

  • UCS-CPU-A9655

  • UCS-CPU-A9555

  • UCS-CPU-A9355

  • UCS-CPU-A9135

  • UCS-CPU-A9575F

• Support for the following 5th Generation AMD EPYC CPU on Cisco UCS C225 M8 servers:

  • UCS-CPU-A9655

  • UCS-CPU-A9555

  • UCS-CPU-A9355

  • UCS-CPU-A9135

  • UCS-CPU-A9575F

• Support for the following Cisco Tri-Mode M1 24G RAID storage controllers on Cisco UCS C225 M8 and C245 M8 servers equipped with 4th and 5th Generation AMD EPYC Processors.

  • UCSC-RAID-M1L16

  • UCSC-RAID-MP1L32

• Support for UCSC-GPU-MI210 GPU on Cisco UCS C245 M8 server.

• Support for the following DDR5-6400 MT/s DIMM for 5th Generation AMD EPYC™ CPU on Cisco UCS C225 M8 and C245 M8 servers:

  • UCS-MRX32G1RE5

  • UCS-MRX64G2RE5

• Support for the following DDR5-6400 MT/s DIMM for 5th Generation AMD EPYC™ CPU on Cisco UCS C245 M8 servers:

  • UCS-MRX96G2RF5

• Support for the following DDR5-5600 MT/s DIMM for 4th Generation AMD EPYC™ CPU on Cisco UCS C225 M8 and C245 M8 servers:

  • UCS-MR128G2RG3

X-Series M8 5.3(0.240016) Server Firmware

Cisco UCS X215c M8 Compute Node

The Cisco UCS X-Series Modular System simplifies your data center, adapting to the unpredictable needs of modern applications while also providing for traditional scale-out and enterprise workloads. It reduces the number of server types to maintain, thereby helping to improve operational efficiency and agility by minimizing complexity. Powered by the Cisco Intersight™ cloud operations platform, it shifts your thinking from administrative details to business outcomes with hybrid cloud infrastructure that is assembled from the cloud, shaped to your workloads, and continuously optimized.

The Cisco UCS X215c M8 Compute Node is integrate into the Cisco UCS X-Series Modular System. Up to eight compute nodes can reside in the 7-Rack-Unit (7RU) Cisco UCS X9508 Chassis, offering one of the highest densities of compute, IO, and storage per rack unit in the industry.

The Cisco UCS X215c M8 Compute Node offers the following:

• CPU: Up to 2x 4th Generation AMD EPYC Processors with up to 128 cores per processors

• Memory:

  • 24 DIMM slots (12 DIMMs per CPU socket), up to 4800 MT/s DDR5

  • Up to 6 TB of capacity

• Storage: Up to 6 hot-pluggable, Solid-State Drives (SSDs), or Non-Volatile Memory Express (NVMe) 2.5-inch drives with a choice of enterprise-class Redundant Array of Independent Disks (RAID) or pass-through controllers with four lanes each of PCIe Gen 4 connectivity and up to 2 M.2 SATA or NVMe drives for flexible boot and local storage capabilities.

• Optional Front Mezzanine GPU module: The Cisco UCS Front Mezzanine GPU module is a passive PCIe Gen 4 front mezzanine option with support for up to two U.2 or U.3 NVMe drives and two HHHL GPUs.

• mLOM virtual interface cards:

  • Cisco UCS Virtual Interface Card (VIC) 15420 occupies the server's Modular LAN on Motherboard (mLOM) slot, enabling up to 50 Gbps (2 x25Gbps) of unified fabric connectivity to each of the chassis Intelligent Fabric Modules (IFMs) for 100Gbps connectivity per server.

  • Cisco UCS Virtual Interface Card (VIC) 15230 occupies the server's modular LAN on motherboard (mLOM) slot, enabling up to 100 Gbps of unified fabric connectivity to each of the chassis Intelligent Fabric Modules (IFMs) for 100 Gbps connectivity per server with secure boot capability.

• Optional Mezzanine card:

  • Cisco UCS Virtual Interface Card (VIC) 15422 can occupy the server's mezzanine slot at the bottom rear of the chassis. An included bridge card extends this VIC's 100 Gbps (4 x 25Gbps) of network connections through IFM connectors, bringing the total bandwidth to 100 Gbps per VIC 15420 and 15422 (for a total of 200 Gbps per server). In addition to IFM connectivity, the VIC 15422 I/O connectors link to Cisco UCS X-Fabric technology.

  • Cisco UCS PCI Mezz card for X-Fabric can occupy the server's mezzanine slot at the bottom rear of the chassis. This card's I/O connectors link to Cisco UCS X-Fabric modules and enable connectivity to the X440p PCIe Node.

• Security: Includes secure boot silicon root of trust FPGA, ACT2 anti-counterfeit provisions, and optional Trusted Platform Model (TPM).

For complete list of supported peripherals for Cisco UCS X215c M8 Compute Node, see Cisco UCS X215c M8 Compute Node Spec Sheet.

Note	Cisco UCS X215c M8 Compute Node support only 14000 Series and 15000 Series secure boot VIC adapters.

X-Series M7 5.3(0.240016) Server Firmware

Added support for the following GPUs on the UCSX-210C-M7 Compute Node:

• UCSX-GPU-H100-NVL

• UCSX-GPU-L4-MEZZ

C-Series M8 4.3(5.240021) Server Firmware

• Cisco UCS C225 M8 Servers

  The Cisco UCS C225 M8 Servers is a versatile general-purpose infrastructure and application server. This high-density, 1RU, single-socket rack server delivers industry-leading performance and efficiency for a wide range of workloads, including virtualization, collaboration, and bare-metal applications.

  The Cisco UCS C225 M8 Servers extends the capabilities of the Cisco UCS rack server portfolio. It powers 4^thGen AMD EPYC^™ Processors with 100 percent more cores per socket designed using AMD’s chiplet architecture. With advanced features such as AMD Infinity Guard, compute-intensive applications will see significant performance improvements and reap other benefits such as power and cost efficiencies.

  You can deploy the Cisco UCS C225 M8 Servers as standalone servers or as part of the Cisco Unified Computing System^™ managed by Cisco Intersight^® or Cisco UCS Manager to take advantage of Cisco^® standards-based unified computing innovations that can help reduce your Total Cost of Ownership (TCO) and increase your business agility.

  The C225 M8 rack server brings many new innovations to the Cisco UCS AMD rack server portfolio. With the introduction of PCIe Gen 5.0 for high-speed I/O, a DDR5 memory bus, and expanded storage capabilities, the server delivers significant performance and efficiency gains that will improve your application performance.

  The key features of Cisco UCS C225 M8 Servers include:

  • Supports one 4thGen AMD EPYC CPU, with up to 128 cores per socket

  • Up to 12 DDR5 DIMMs for up to 1.5 TB of capacity using 128 GB DIMMs

  • Up to 4800 MT/s DDR5 memory

  • Up to 3 PCIe 4.0 slots or up to 2 PCIe 5.0 slots, plus a modular LAN on motherboard (mLOM) / OCP slot 3.0

  • Support for Cisco UCS VIC 15000 Series adapters as well as a host of third-party NIC options

  • UCS C225 M8S chassis: up to 10 SAS/SATA or NVMe disk drives

    • New tri-mode RAID controller supports SAS4 or NVMe hardware RAID

    • Up to 4 direct-attach NVMe SSDs

  • UCS C225 M8N chassis: up to 10 direct attach NVMe SSDs

    • All 10 NVMe drives connected at PCIe Gen4 x4

  • M.2 boot options

    • Up to two 960 GB SATA M.2 drives with hardware RAID

    • Up to two 960 GB NVMe M.2 drives with NVMe hardware RAID

  • Up to three GPUs supported

  • Hybrid modular LOM/OCP 3.0

    • One dedicated Gen 4.0 x16 slot that can be used to add an mLOM or OCP 3.0 card for additional rear-panel connectivity

    • mLOM allows for Cisco UCS Virtual Interface Cards (VICs) without consuming a PCIe slot, supporting quad-port 10/25/50 Gbps or dual-port 40/100/200 Gbps network connectivity

    • OCP 3.0 slot features full out-of-band management for select adapters

  For complete list of supported peripherals for Cisco UCS C225 M8 Servers, see Cisco UCS C225 M8 SFF Rack Server Spec Sheet.

  Note	Cisco UCS C225 M8 Servers support only 14000 Series and 15000 Series secure boot VIC adapters.

• Added support for the following GPU on Cisco UCS C245 M8 Server:

  • UCSC-GPU-H100-NVL

• Support for the following DIMM on Cisco UCS X410c M7 Compute Nodes:

  • UCSX-MRX96G2RF3

• Support for the following Graphics Processing Unit on Cisco UCS X410c M7 and Cisco UCS X210c M7 Compute Nodes:

  • UCSX-GPU-L40S

• Support for the following Trusted Platform Module on Cisco UCS X210c M7, X410c M7, X210c M6 Compute Nodes, and Cisco UCS B200 M6 servers:

  • UCS-TPM-002D

• Support for the following 5^th Generation Intel^® Xeon^® Scalable Processors on Cisco UCS X210c Compute Nodes:

  • UCSX-CPU-I4510T - Intel^® Xeon^® Silver 4510T Processor

  • UCSX-CPU-I4510 - Intel^® Xeon^® Silver 4510 Processor

  • UCSX-CPU-I4509Y - Intel^® Xeon^® Silver 4509Y Processor

  • UCSX-CPU-I3508U - Intel^® Xeon^® Bronze 3508U Processor

Support for the following 5^th Generation Intel^® Xeon^® Scalable Processors on Cisco UCS X210c M7 Compute Nodes with server firmware release version 5.2(1.240010):

• UCSX-CPU-I8592V - Intel^® Xeon^® Platinum 8592V Processor

• UCSX-CPU-I8592+ - Intel^® Xeon^® Platinum 8592+ Processor

• UCSX-CPU-I8581V - Intel^® Xeon^® Platinum 8581V Processor

• UCSX-CPU-I8580 - Intel^® Xeon^® Platinum 8580 Processor

• UCSX-CPU-I8571N - Intel^® Xeon^® Platinum 8571 Processor

• UCSX-CPU-I8570 - Intel^® Xeon^® Platinum 8570 Processor

• UCSX-CPU-I8568Y+ - Intel^® Xeon^® Platinum 8568Y+ Processor

• UCSX-CPU-I8562Y+ - Intel^® Xeon^® Platinum 8562Y+ Processor

• UCSX-CPU-I8558U - Intel^® Xeon^® Platinum 8558U Processor

• UCSX-CPU-I8558P - Intel^® Xeon^® Platinum 8558P Processor

• UCSX-CPU-I8558 - Intel^® Xeon^® Platinum 8558 Processor

• UCSX-CPU-I6554S - - Intel^® Xeon^® Gold 6554S Processor

• UCSX-CPU-I6548Y+ - Intel^® Xeon^® Gold 6548Y+ Processor

• UCSX-CPU-I6548N - Intel^® Xeon^® Gold 6548N Processor

• UCSX-CPU-I6544Y - Intel^® Xeon^® Gold 6544Y Processor

• UCSX-CPU-I6542Y - Intel^® Xeon^® Gold 6542 Processor

• UCSX-CPU-I6538Y+ - Intel^® Xeon^® Gold 6538Y+ Processor

• UCSX-CPU-I6538N - Intel^® Xeon^® Gold 6538N Processor

• UCSX-CPU-I6534 - Intel^® Xeon^® Gold 6534 Processor

• UCSX-CPU-I6530 - Intel^® Xeon^® Gold 6530 Processor

• UCSX-CPU-I6526Y - Intel^® Xeon^® Gold 6526Y Processor

• UCSX-CPU-I5520+ - Intel^® Xeon^® Gold 5520+ Processor

• UCSX-CPU-I5515+ - Intel^® Xeon^® Gold 5515+ Processor

• UCSX-CPU-I5512U - Intel^® Xeon^® Gold 5512U Processor

• UCSX-CPU-I4516Y+ - Intel^® Xeon^® Silver 4516Y+ Processor

• UCSX-CPU-I4514Y - Intel^® Xeon^® Silver 4514Y Processor

Support for the following 5^th Generation Intel^® Xeon^® Scalable Processors on Cisco UCS C220 M7 and C240 M7 servers with server firmware version 4.3(3.240022):

• UCS-CPU-I8592V - Intel^® Xeon^® Platinum 8592V Processor

• UCS-CPU-I8592+ - Intel^® Xeon^® Platinum 8592+ Processor

• UCS-CPU-I8580 - Intel^® Xeon^® Platinum 8580 Processor

• UCS-CPU-I8568Y+ - Intel^® Xeon^® Platinum 8568Y+ Processor

• UCS-CPU-I8562Y+ - Intel^® Xeon^® Platinum 8562Y+ Processor

• UCS-CPU-I8558P - Intel^® Xeon^® Platinum 8558P Processor

• UCS-CPU-I8558 - Intel^® Xeon^® Platinum 8558 Processor

• UCS-CPU-I6554S - Intel^® Xeon^® Gold 6554S Processor

• UCS-CPU-I6548Y+ - Intel^® Xeon^® Gold 6548Y+ Processor

• UCS-CPU-I6548N - Intel^® Xeon^® Gold 6548N Processor

• UCS-CPU-I6544Y - Intel^® Xeon^® Gold 6544Y Processor

• UCS-CPU-I6542Y - Intel^® Xeon^® Gold 6542Y Processor

• UCS-CPU-I6538Y+ - Intel^® Xeon^® Gold 6538Y+ Processor

• UCS-CPU-I6534 - Intel^® Xeon^® Gold 6534 Processor

• UCS-CPU-I6530 - Intel^® Xeon^® Gold 6530 Processor

• UCS-CPU-I6526Y - Intel^® Xeon^® Gold 6526Y Processor

• UCS-CPU-I5520+ - Intel^® Xeon^® Gold 5520+ Processor

• UCS-CPU-I5515+ - Intel^® Xeon^® Gold 5515+ Processor

• UCS-CPU-I4516Y+ - Intel^® Xeon^® Silver 4516Y+ Processor

• UCS-CPU-I4514Y - Intel^® Xeon^® Silver 4514Y Processor

Supported GPUs

Support for the following GPU cards with the above listed CPUs:

• Support for Data Center GPU Flex 170, FH-3/4L, 150W PCIe on Cisco UCS C240 M7 servers

• Support for Data Center GPU Flex 140, HHHL, 75W PCIe on Cisco UCS C220 M7 and C240 M7 servers

Support for DDR5 5600 MT/s DIMM

Support for the following 5600 DIMMs on Cisco UCS X410c M7 and X210c M7 Compute Nodes with server firmware version 5.2(1.240010):

• UCSX-MRX16G1RE3 - 16GB DDR5-5600 RDIMM 1Rx8 (16Gb)

• UCSX-MRX32G1RE3 - 32GB DDR5-5600 RDIMM 1Rx4 (16GB)

• UCSX-MRX64G2RE3 - 64GB DDR5-5600 RDIMM 2Rx4 (16GB)

• UCSX-MRX96G2RF3 - 96GB DDR5-5600 RDIMM 2Rx4 (24GB)

• UCSX-MR128G4RE3 - 128GB DDR5-5600B RDIMM 4Rx4 (16GB)

• UCSX-MR256G8RE3 - 256GB DDR5-5600 RDIMM 8Rx4 (16Gb)

Support for the following 5600 DIMMs on Cisco UCS C240 M7 and C220 M7 servers with Server Firmware version 4.3(3.240022):

• UCS-MRX16G1RE3 - 16GB DDR5-5600 RDIMM 1Rx8 (16Gb)

• UCS-MRX32G1RE3 - 32GB DDR5-5600 RDIMM 1Rx4 (16Gb)

• UCS-MRX64G2RE3 - 64GB DDR5-5600 RDIMM 2Rx4 (16GB))

• UCS-MRX96G2RF3 - 96GB DDR5-5600 RDIMM 2Rx4 (24GB)

• UCS-MR128G4RE3 - 128GB DDR5-5600 RDIMM 4Rx4 (16GB)

• UCS-MR256G8RE3 - 256GB DDR5-5600 RDIMM 8Rx4 (16Gb)

Support for the following Cisco UCS VIC 15000 Series Secure Boot-enabled mLOM adapter on Cisco UCS X-Series servers:

UCSX-ML-V5D200GV2 - Cisco UCS VIC 15230 (2x100G or 4x25G) mLOM on X-Series M6 and M7 servers.

Note	The hardware listed above is compatible with Infrastructure firmware version 4.3(2.230129) and later.

For more information on the new Hardware Support, see Supported Hardware for Intersight Managed Mode.

• Support for UCSX-M2-PT-FPN (M.2 NVMe controller) on Cisco UCS X210c M7 Compute Node.

• Support for the following Graphics Processing Units on Cisco UCS X210c M7 and UCS X410c M7 Compute Nodes.

  • UCSC-GPU-H100-80

  • UCSC-GPU-L40

  • UCSC-GPU-L4

  • UCSC-GPU-FLEX140

  • UCSC-GPU-FLEX170

For more information, see Supported Hardware for Intersight Managed Mode.

Support for the following Cisco Trimode M1 24G RAID and HBA controllers:

• UCSC-HBA-M1L16 and UCSC-RAID-M1L16 on Cisco UCSC-C220-M7 servers

• UCSC-HBA-M1L16 and UCSC-RAID-MP1L32 on Cisco UCSC-C240-M7 servers

Advantages of Cisco Trimode M1 24G RAID and HBA controllers:

• Uses Enterprise Key Management (EKMS) for remote key management, enhancing the physical security of data.

• Uses the Distributed Management Task Force's (DMTF's) Redfish schema, ensuring independence from changes in storage software architecture or stack.

• Allows quick integration of new vendors and adaptors via Out-Of-Band management.

• 5% of maximum drive space is reserved to allow slight variance in drive sizes over time.

Cisco UCS C245 M8 Rack Server

The Cisco UCS C245 M8 Rack Server extends the capabilities of the Cisco UCS rack server portfolio. It powers 4^th Gen AMD EPYC^™ Processors that have double the number of cores per socket compared to the previous generation, and are designed using AMD’s chiplet architecture. With advanced features like AMD Infinity Guard, compute-intensive applications will see significant performance improvements and will reap other benefits such as power and cost efficiencies.

With the introduction of PCIe Gen 5.0 expansion slots for high-speed I/O, a DDR5 memory bus, and expanded storage capabilities, the server delivers significant performance and efficiency gains that will greatly enhance application performance.

Some of the features of the server include:

• CPU: Support for up to two 4^th Gen AMD EPYC^™ CPUs in a server designed to drive as much as 256 CPU cores (128 cores per socket)

• Storage: Up to 24 DDR5 DIMM slots, yielding up to 6 TB of capacity, using 256 GB DIMMs (12 DIMMs per socket)

• Memory: Up to 4800 MT/s DDR5 memory

• Up to 8 x PCIe Gen 4.0 slots or up to 4 x PCIe Gen 5.0 slots, plus a hybrid modular LAN on motherboard (mLOM) /OCP 3.0 slot (details below)

• Adapters: Support for Cisco UCS VIC 15000 Series adapters as well as multiple third-party NIC options

• Up to 28 hot-swappable small-form-factor (SFF) SAS/SATA or NVMe drives (with up to 8 direct-attach NVMe drives)

  • New tri-mode RAID controller supports SAS4 plus NVMe hardware RAID

• M.2 boot options

  • Up to two 960GB SATA M.2 drives with hardware RAID support

  • Up to two 960GB NVMe M.2 drives with NVMe hardware RAID

• GPU: Support for up to Eight GPUs

• Modular LOM / OCP 3.0

  • One dedicated PCIe Gen4x16 slot that can be used to add an mLOM or OCP 3.0 card for additional rear-panel connectivity

  • mLOM slot that can be used to install a Cisco UCS Virtual Interface Card (VIC) without consuming a PCIe slot, supporting quad-port 10/25/50 Gbps or dual-port 40/100/200 Gbps network connectivity

  • OCP 3.0 slot that features full out-of-band management for select adapters

For more information on the sub-components bundled with the server, see Cisco UCS C245 M8 Server Spec Sheet.

• Support for the following Graphics Processing Unit on Cisco UCS C240 M7 server:

  • UCSC-GPU-L40S

• Support for the following Graphics Processing Unit on Cisco UCS C220 M6 and C240 M6 servers:

  • UCSC-GPU-L4

• Support for the following Trusted Platform Module on Cisco UCS C220 M7, C240 M7, C220 M6, and C240 M6 servers:

  • UCS-TPM-002D

• Support for the following Trusted Platform Module on Cisco UCS C225 M6 and C245 M6 servers:

  • UCS-TPM2-002D

• Support for the following 5^th Generation Intel^® Xeon^® Scalable Processors on Cisco UCS C220 M7 and C240 M7 servers:

  • UCS-CPU-I4510T - Intel^® Xeon^® Silver 4510T Processor

  • UCS-CPU-I4510 - Intel^® Xeon^® Silver 4510 Processor

  • UCS-CPU-I4509Y - Intel^® Xeon^® Silver 4509Y Processor

  • UCS-CPU-I3508U - Intel^® Xeon^® Bronze 3508U Processor

Support for the following Cisco UCS VIC 15000 Series Secure Boot-enabled mLOM adapters on Cisco UCS C-Series servers:

• UCSC-M-V5D200GV2 - Cisco UCS VIC 15237 (2x40/100/200G) mLOM on C-Series M6 and M7 servers.

• UCSC-M-V5Q50GV2 - Cisco UCS VIC 15427 (4x10/25/50G) mLOM on C-Series M6 and M7 servers.

Note	The hardware listed above is compatible with Infrastructure Firmware version 4.3(2.230129) and later.

For more information, see Supported Hardware for Intersight Managed Mode.

• Support for the following Cisco UCS VIC 15000 Series Secure Boot-enabled PCIe adapters on Cisco UCS C-Series M6 and M7 servers:

  • UCSC-P-V5D200G - Cisco UCS VIC 15235 2x40/100/200G

  • UCSC-P-V5Q50G - Cisco UCS VIC 15425 4x10/25/50G

Note	The hardware listed above is compatible with Infrastructure Firmware version 4.3(2.230117) and later.

• Support for the following Graphics Processing Units:

  • UCSC-GPU-H100-80 on Cisco UCS C240 M7 server

  • UCSC-GPU-L40 on Cisco UCS C240 M7 server

  • UCSC-GPU-L4 on Cisco UCS C-Series M7 server

  • UCSC-GPU-FLEX140 on Cisco UCS C-Series M7 server

  • UCSC-GPU-FLEX170 on Cisco UCS C240 M7 server

For more information, see Supported Hardware for Intersight Managed Mode.

• Support for Cisco UCS C220 M7 and C240 M7 servers.

• Support for the following Graphics Processing Units on C-Series M7 servers:

  • UCSC-GPU-A16

  • UCSC-GPU-A100-80

For more information, see Supported Hardware for Intersight Managed Mode.

The Cisco UCS B-Series M6 Blade Servers, UCS C-Series M6 Rack Servers, and UCS X-Series M6 Compute Nodes include an Intel CPU that is affected by the vulnerability identified by the following Common Vulnerability and Exposures (CVE) ID:

• CVE-2024-45332 — Exposure of sensitive information caused by shared microarchitectural predictor state that influences transient execution in the indirect branch predictors for some Intel®Processors may allow an authenticated user to potentially enable information disclosure via local access.

The affected third-party software component has been upgraded to a version that includes fixes for the vulnerability. Future versions of the product(s) will not be affected by this vulnerability.

The Cisco products UCS C-Series M7 Rack Servers and UCS X-Series M7 Compute Nodes include an Intel CPU that is affected by the vulnerabilities identified by the following Common Vulnerability and Exposures (CVE) IDs:

• CVE-2025-20103 — Insufficient resource pool in the core management mechanism for some Intel®Processors may allow an authenticated user to potentially enable denial of service via local access.

• CVE-2025-20054 — Uncaught exception in the core management mechanism for some Intel®Processors may allow an authenticated user to potentially enable denial of service through local access.

• CVE-2024-45332 — Exposure of sensitive information caused by shared microarchitectural predictor state that influences transient execution in the indirect branch predictors for some Intel®Processors may allow an authenticated user to potentially enable information disclosure via local access.

The affected third-party software component has been upgraded to a version that includes fixes for the vulnerability. Future versions of the product(s) will not be affected by this vulnerability.

The UCS C-Series M5 Rack Servers include an Intel CPU that is affected by the vulnerability identified by the following Common Vulnerability and Exposures (CVE) ID:

• CVE-2024-45332 — Exposure of sensitive information caused by shared microarchitectural predictor state that influences transient execution in the indirect branch predictors for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.

Cisco UCS B-Series M5 servers, which include an Intel CPU and BIOS, are affected by the vulnerabilities identified under the following Common Vulnerabilities and Exposures (CVE) IDs:

• CVE-2024-28047—Improper input validation in UEFI firmware for some Intel(R) Processors may allow a privileged user to potentially enable information disclosure via local access.

Cisco UCS C225 M6 and C245 M6 servers are affected by vulnerabilities identified by the following Common Vulnerability and Exposures (CVE) IDs:

• CVE-2024-56161—Improper signature verification in AMD CPU ROM microcode patch loader may allow an attacker with local administrator privilege to load malicious CPU microcode resulting in loss of confidentiality and integrity of a confidential guest running under AMD SEV-SNP.

• CVE-2024-21925—Improper input validation within the AmdPspP2CmboxV2 driver may allow a privileged attacker to overwrite SMRAM, leading to arbitrary code execution.

• CVE-2024-21924—SMM callout vulnerability within the AmdPlatformRasSspSmm driver could allow a ring 0 attacker to modify boot services handlers, potentially resulting in arbitrary code execution.

Cisco UCS B-Series Blade Servers-Serial over LAN (SOL) and Cisco UCS X-Series Compute Nodes-Serial over LAN (SOL) includes Third-party Software that is affected by the vulnerabilities identified by the following Common Vulnerability and Exposures (CVE) IDs:

• CVE-2024-6387—A security regression (CVE-2006-5051) has been discovered in the OpenSSH server (sshd). A race condition exists that may cause sshd to handle certain signals unsafely. This vulnerability can potentially be exploited by an unauthenticated, remote attacker by failing to authenticate within a specified time period.

The affected third-party software component has been upgraded to a version that includes fixes for the vulnerability. Future versions of the product(s) will not be affected by this vulnerability.

Cisco UCS B-Series Blade Servers-Serial over LAN (SOL) and Cisco UCS X-Series Compute Nodes-Serial over LAN (SOL) includes Third-party Software that is affected by the vulnerabilities identified by the following Common Vulnerability and Exposures (CVE) IDs:

• CVE-2024-6387—A security regression (CVE-2006-5051) has been discovered in the OpenSSH server (sshd). A race condition exists that may cause sshd to handle certain signals unsafely. This vulnerability can potentially be exploited by an unauthenticated, remote attacker by failing to authenticate within a specified time period.

The affected third-party software component has been upgraded to a version that includes fixes for the vulnerability. Future versions of the product(s) will not be affected by this vulnerability.

The following security issue is resolved:

The Cisco products UCS B-Series M6 Servers; UCS C-Series M6 servers; UCS X-Series M6 Compute Nodes include an Intel® CPU that is affected by the vulnerability identified by the following Common Vulnerability and Exposures (CVE) ID:

CVE-2023-23583—Sequence of processor instructions leads to unexpected behavior for some Intel® Processors may allow an authenticated user to potentially enable escalation of privilege and/or information disclosure and/or denial of service via local access.

The following security issues are resolved:

Defect ID - CSCwh58728

Cisco UCS Manager includes Third-party Software that is affected by the vulnerabilities identified by the following Common Vulnerability and Exposures (CVE) IDs:

• CVE-2023-38408—The PKCS#11 feature in ssh-agent in OpenSSH before 9.3p2 has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarded to an attacker-controlled system. (Code in /usr/lib is not necessarily safe for loading into ssh-agent.)

The affected third-party software component has been upgraded to a version that includes fixes for the vulnerability. Future versions of the product(s) will not be affected by this vulnerability.

Defect ID - CSCwm73565

Cisco UCS M5 servers are affected by the vulnerabilities identified by the following Common Vulnerability and Exposures (CVE) IDs:

• CVE-2024-28047—Improper input validation in UEFI firmware for some Intel(R) Processors may allow a privileged user to potentially enable information disclosure via local access.

Defect ID - CSCwk77757

Cisco UCS M5 servers are affected by the vulnerabilities identified by the following Common Vulnerability and Exposures (CVE) IDs:

• CVE-2024-24853—Incorrect behavior order in transition between executive monitor and SMI transfer monitor (STM) in some Intel(R) Processor may allow a privileged user to potentially enable escalation of privilege through local access.

• CVE-2024-21781—Improper input validation in UEFI firmware for some Intel(R) Processors may allow a privileged user to enable information disclosure or denial of service through local access.

Defect ID - CSCwi21160

Cisco UCS server includes Third-party Software that is affected by the vulnerabilities identified by the following Common Vulnerability and Exposures (CVE) IDs:

• CVE-2019-1543—ChaCha20-Poly1305 is an AEAD cipher, and requires a unique nonce input for every encryption operation. RFC 7539 specifies that the nonce value (IV) should be 96 bits (12 bytes). OpenSSL allows a variable nonce length and front pads the nonce with 0 bytes if it is less than 12 bytes. However it also incorrectly allows a nonce to be set of up to 16 bytes. In this case only the last 12 bytes are significant and any additional leading bytes are ignored. It is a requirement of using this cipher that nonce values are unique. Messages encrypted using a reused nonce value are susceptible to serious confidentiality and integrity attacks. If an application changes the default nonce length to be longer than 12 bytes and then makes a change to the leading bytes of the nonce expecting the new value to be a new unique nonce then such an application could inadvertently encrypt messages with a reused nonce. Additionally the ignored bytes in a long nonce are not covered by the integrity guarantee of this cipher. Any application that relies on the integrity of these ignored leading bytes of a long nonce may be further affected. Any OpenSSL internal use of this cipher, including in SSL/TLS, is safe because no such use sets such a long nonce value. However user applications that use this cipher directly and set a non-default nonce length to be longer than 12 bytes may be vulnerable. OpenSSL versions 1.1.1 and 1.1.0 are affected by this issue. Due to the limited scope of affected deployments this has been assessed as low severity and therefore we are not creating new releases at this time. Fixed in OpenSSL 1.1.1c (Affected 1.1.1-1.1.1b). Fixed in OpenSSL 1.1.0k (Affected 1.1.0-1.1.0j).

• CVE-2019-1547—Normally in OpenSSL EC groups always have a co-factor present and this is used in side channel resistant code paths. However, in some cases, it is possible to construct a group using explicit parameters (instead of using a named curve). In those cases it is possible that such a group does not have the cofactor present. This can occur even where all the parameters match a known named curve. If such a curve is used then OpenSSL falls back to non-side channel resistant code paths which may result in full key recovery during an ECDSA signature operation. In order to be vulnerable an attacker would have to have the ability to time the creation of a large number of signatures where explicit parameters with no co-factor present are in use by an application using libcrypto. For the avoidance of doubt libssl is not vulnerable because explicit parameters are never used. Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c). Fixed in OpenSSL 1.1.0l (Affected 1.1.0-1.1.0k). Fixed in OpenSSL 1.0.2t (Affected 1.0.2-1.0.2s).

• CVE-2019-1552—OpenSSL has internal defaults for a directory tree where it can find a configuration file as well as certificates used for verification in TLS. This directory is most commonly referred to as OPENSSLDIR, and is configurable with the -\-prefix / -\-openssldir configuration options. For OpenSSL versions 1.1.0 and 1.1.1, the mingw configuration targets assume that resulting programs and libraries are installed in a Unix-like environment and the default prefix for program installation as well as for OPENSSLDIR should be '/usr/local'. However, mingw programs are Windows programs, and as such, find themselves looking at sub-directories of 'C:/usr/local', which may be world writable, which enables untrusted users to modify OpenSSL's default configuration, insert CA certificates, modify (or even replace) existing engine modules, etc. For OpenSSL 1.0.2, '/usr/local/ssl' is used as default for OPENSSLDIR on all Unix and Windows targets, including Visual C builds. However, some build instructions for the diverse Windows targets on 1.0.2 encourage you to specify your own -\-prefix. OpenSSL versions 1.1.1, 1.1.0 and 1.0.2 are affected by this issue. Due to the limited scope of affected deployments this has been assessed as low severity and therefore we are not creating new releases at this time. Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c). Fixed in OpenSSL 1.1.0l (Affected 1.1.0-1.1.0k). Fixed in OpenSSL 1.0.2t (Affected 1.0.2-1.0.2s).

• CVE-2019-1563—In situations where an attacker receives automated notification of the success or failure of a decryption attempt an attacker, after sending a very large number of messages to be decrypted, can recover a CMS/PKCS7 transported encryption key or decrypt any RSA encrypted message that was encrypted with the public RSA key, using a Bleichenbacher padding oracle attack. Applications are not affected if they use a certificate together with the private RSA key to the CMS_decrypt or PKCS7_decrypt functions to select the correct recipient info to decrypt. Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c). Fixed in OpenSSL 1.1.0l (Affected 1.1.0-1.1.0k). Fixed in OpenSSL 1.0.2t (Affected 1.0.2-1.0.2s).

• CVE-2020-1968—The Raccoon attack exploits a flaw in the TLS specification which can lead to an attacker being able to compute the pre-master secret in connections which have used a Diffie-Hellman (DH) based ciphersuite. In such a case this would result in the attacker being able to eavesdrop on all encrypted communications sent over that TLS connection. The attack can only be exploited if an implementation re-uses a DH secret across multiple TLS connections. Note that this issue only impacts DH ciphersuites and not ECDH ciphersuites. This issue affects OpenSSL 1.0.2 which is out of support and no longer receiving public updates. OpenSSL 1.1.1 is not vulnerable to this issue. Fixed in OpenSSL 1.0.2w (Affected 1.0.2-1.0.2v).

• CVE-2021-23840—Calls to EVP_CipherUpdate, EVP_EncryptUpdate and EVP_DecryptUpdate may overflow the output length argument in some cases where the input length is close to the maximum permissable length for an integer on the platform. In such cases the return value from the function call will be 1 (indicating success), but the output length value will be negative. This could cause applications to behave incorrectly or crash. OpenSSL versions 1.1.1i and below are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1j. OpenSSL versions 1.0.2x and below are affected by this issue. However OpenSSL 1.0.2 is out of support and no longer receiving public updates. Premium support customers of OpenSSL 1.0.2 should upgrade to 1.0.2y. Other users should upgrade to 1.1.1j. Fixed in OpenSSL 1.1.1j (Affected 1.1.1-1.1.1i). Fixed in OpenSSL 1.0.2y (Affected 1.0.2-1.0.2x).

• CVE-2021-3711—In order to decrypt SM2 encrypted data an application is expected to call the API function EVP_PKEY_decrypt(). Typically an application will call this function twice. The first time, on entry, the "out" parameter can be NULL and, on exit, the "outlen" parameter is populated with the buffer size required to hold the decrypted plaintext. The application can then allocate a sufficiently sized buffer and call EVP_PKEY_decrypt() again, but this time passing a non-NULL value for the "out" parameter. A bug in the implementation of the SM2 decryption code means that the calculation of the buffer size required to hold the plaintext returned by the first call to EVP_PKEY_decrypt() can be smaller than the actual size required by the second call. This can lead to a buffer overflow when EVP_PKEY_decrypt() is called by the application a second time with a buffer that is too small. A malicious attacker who is able present SM2 content for decryption to an application could cause attacker chosen data to overflow the buffer by up to a maximum of 62 bytes altering the contents of other data held after the buffer, possibly changing application behaviour or causing the application to crash. The location of the buffer is application dependent but is typically heap allocated. Fixed in OpenSSL 1.1.1l (Affected 1.1.1-1.1.1k).

• CVE-2021-3712—ASN.1 strings are represented internally within OpenSSL as an ASN1_STRING structure which contains a buffer holding the string data and a field holding the buffer length. This contrasts with normal C strings which are repesented as a buffer for the string data which is terminated with a NUL (0) byte. Although not a strict requirement, ASN.1 strings that are parsed using OpenSSL's own "d2i" functions (and other similar parsing functions) as well as any string whose value has been set with the ASN1_STRING_set() function will additionally NUL terminate the byte array in the ASN1_STRING structure. However, it is possible for applications to directly construct valid ASN1_STRING structures which do not NUL terminate the byte array by directly setting the "data" and "length" fields in the ASN1_STRING array. This can also happen by using the ASN1_STRING_set0() function. Numerous OpenSSL functions that print ASN.1 data have been found to assume that the ASN1_STRING byte array will be NUL terminated, even though this is not guaranteed for strings that have been directly constructed. Where an application requests an ASN.1 structure to be printed, and where that ASN.1 structure contains ASN1_STRINGs that have been directly constructed by the application without NUL terminating the "data" field, then a read buffer overrun can occur. The same thing can also occur during name constraints processing of certificates (for example if a certificate has been directly constructed by the application instead of loading it via the OpenSSL parsing functions, and the certificate contains non NUL terminated ASN1_STRING structures). It can also occur in the X509_get1_email(), X509_REQ_get1_email() and X509_get1_ocsp() functions. If a malicious actor can cause an application to directly construct an ASN1_STRING and then process it through one of the affected OpenSSL functions then this issue could be hit. This might result in a crash (causing a Denial of Service attack). It could also result in the disclosure of private memory contents (such as private keys, or sensitive plaintext). Fixed in OpenSSL 1.1.1l (Affected 1.1.1-1.1.1k). Fixed in OpenSSL 1.0.2za (Affected 1.0.2-1.0.2y).

• CVE-2022-0778—The BN_mod_sqrt() function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli. Internally this function is used when parsing certificates that contain elliptic curve public keys in compressed form or explicit elliptic curve parameters with a base point encoded in compressed form. It is possible to trigger the infinite loop by crafting a certificate that has invalid explicit curve parameters. Since certificate parsing happens prior to verification of the certificate signature, any process that parses an externally supplied certificate may thus be subject to a denial of service attack. The infinite loop can also be reached when parsing crafted private keys as they can contain explicit elliptic curve parameters. Thus vulnerable situations include: - TLS clients consuming server certificates - TLS servers consuming client certificates - Hosting providers taking certificates or private keys from customers - Certificate authorities parsing certification requests from subscribers - Anything else which parses ASN.1 elliptic curve parameters Also any other applications that use the BN_mod_sqrt() where the attacker can control the parameter values are vulnerable to this DoS issue. In the OpenSSL 1.0.2 version the public key is not parsed during initial parsing of the certificate which makes it slightly harder to trigger the infinite loop. However any operation which requires the public key from the certificate will trigger the infinite loop. In particular the attacker can use a self-signed certificate to trigger the loop during verification of the certificate signature. This issue affects OpenSSL versions 1.0.2, 1.1.1 and 3.0. It was addressed in the releases of 1.1.1n and 3.0.2 on the 15th March 2022. Fixed in OpenSSL 3.0.2 (Affected 3.0.0,3.0.1). Fixed in OpenSSL 1.1.1n (Affected 1.1.1-1.1.1m). Fixed in OpenSSL 1.0.2zd (Affected 1.0.2-1.0.2zc).

Defect ID - CSCwi21161

Cisco UCS server includes Third-party Software that is affected by the vulnerabilities identified by the following Common Vulnerability and Exposures (CVE) IDs:

• CVE-2010-4252—OpenSSL before 1.0.0c, when J-PAKE is enabled, does not properly validate the public parameters in the J-PAKE protocol, which allows remote attackers to bypass the need for knowledge of the shared secret, and successfully authenticate, by sending crafted values in each round of the protocol.

• CVE-2010-5298—Race condition in the ssl3_read_bytes function in s3_pkt.c in OpenSSL through 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is enabled, allows remote attackers to inject data across sessions or cause a denial of service (use-after-free and parsing error) via an SSL connection in a multithreaded environment.

• CVE-2011-1945—The elliptic curve cryptography (ECC) subsystem in OpenSSL 1.0.0d and earlier, when the Elliptic Curve Digital Signature Algorithm (ECDSA) is used for the ECDHE_ECDSA cipher suite, does not properly implement curves over binary fields, which makes it easier for context-dependent attackers to determine private keys via a timing attack and a lattice calculation.

• CVE-2011-4108—The DTLS implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f performs a MAC check only if certain padding is valid, which makes it easier for remote attackers to recover plaintext via a padding oracle attack.

• CVE-2011-4576—The SSL 3.0 implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f does not properly initialize data structures for block cipher padding, which might allow remote attackers to obtain sensitive information by decrypting the padding data sent by an SSL peer.

• CVE-2011-4577—OpenSSL before 0.9.8s and 1.x before 1.0.0f, when RFC 3779 support is enabled, allows remote attackers to cause a denial of service (assertion failure) via an X.509 certificate containing certificate-extension data associated with (1) IP address blocks or (2) Autonomous System (AS) identifiers.

• CVE-2011-4619—The Server Gated Cryptography (SGC) implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f does not properly handle handshake restarts, which allows remote attackers to cause a denial of service (CPU consumption) via unspecified vectors.

• CVE-2012-0027—The GOST ENGINE in OpenSSL before 1.0.0f does not properly handle invalid parameters for the GOST block cipher, which allows remote attackers to cause a denial of service (daemon crash) via crafted data from a TLS client.

• CVE-2013-6449—The ssl_get_algorithm2 function in ssl/s3_lib.c in OpenSSL before 1.0.2 obtains a certain version number from an incorrect data structure, which allows remote attackers to cause a denial of service (daemon crash) via crafted traffic from a TLS 1.2 client.

• CVE-2014-0076—The Montgomery ladder implementation in OpenSSL through 1.0.0l does not ensure that certain swap operations have a constant-time behavior, which makes it easier for local users to obtain ECDSA nonces via a FLUSH+RELOAD cache side-channel attack.

• CVE-2014-3566—The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue.

• CVE-2014-3567—Memory leak in the tls_decrypt_ticket function in t1_lib.c in OpenSSL before 0.9.8zc, 1.0.0 before 1.0.0o, and 1.0.1 before 1.0.1j allows remote attackers to cause a denial of service (memory consumption) via a crafted session ticket that triggers an integrity-check failure.

• CVE-2014-3568—OpenSSL before 0.9.8zc, 1.0.0 before 1.0.0o, and 1.0.1 before 1.0.1j does not properly enforce the no-ssl3 build option, which allows remote attackers to bypass intended access restrictions via an SSL 3.0 handshake, related to s23_clnt.c and s23_srvr.c.

• CVE-2014-3570—The BN_sqr implementation in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k does not properly calculate the square of a BIGNUM value, which might make it easier for remote attackers to defeat cryptographic protection mechanisms via unspecified vectors, related to crypto/bn/asm/mips.pl, crypto/bn/asm/x86_64-gcc.c, and crypto/bn/bn_asm.c.

• CVE-2014-3571—OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted DTLS message that is processed with a different read operation for the handshake header than for the handshake body, related to the dtls1_get_record function in d1_pkt.c and the ssl3_read_n function in s3_pkt.c.

• CVE-2014-3572—The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL servers to conduct ECDHE-to-ECDH downgrade attacks and trigger a loss of forward secrecy by omitting the ServerKeyExchange message.

• CVE-2014-8275—OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k does not enforce certain constraints on certificate data, which allows remote attackers to defeat a fingerprint-based certificate-blacklist protection mechanism by including crafted data within a certificate's unsigned portion, related to crypto/asn1/a_verify.c, crypto/dsa/dsa_asn1.c, crypto/ecdsa/ecs_vrf.c, and crypto/x509/x_all.c.

• CVE-2015-0204—The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL servers to conduct RSA-to-EXPORT_RSA downgrade attacks and facilitate brute-force decryption by offering a weak ephemeral RSA key in a noncompliant role, related to the "FREAK" issue. NOTE: the scope of this CVE is only client code based on OpenSSL, not EXPORT_RSA issues associated with servers or other TLS implementations.

• CVE-2015-0209—Use-after-free vulnerability in the d2i_ECPrivateKey function in crypto/ec/ec_asn1.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a might allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via a malformed Elliptic Curve (EC) private-key file that is improperly handled during import.

• CVE-2015-0286—The ASN1_TYPE_cmp function in crypto/asn1/a_type.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a does not properly perform boolean-type comparisons, which allows remote attackers to cause a denial of service (invalid read operation and application crash) via a crafted X.509 certificate to an endpoint that uses the certificate-verification feature.

• CVE-2015-0287—The ASN1_item_ex_d2i function in crypto/asn1/tasn_dec.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a does not reinitialize CHOICE and ADB data structures, which might allow attackers to cause a denial of service (invalid write operation and memory corruption) by leveraging an application that relies on ASN.1 structure reuse.

• CVE-2015-0288—The X509_to_X509_REQ function in crypto/x509/x509_req.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a might allow attackers to cause a denial of service (NULL pointer dereference and application crash) via an invalid certificate key.

• CVE-2015-0289—The PKCS#7 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a does not properly handle a lack of outer ContentInfo, which allows attackers to cause a denial of service (NULL pointer dereference and application crash) by leveraging an application that processes arbitrary PKCS#7 data and providing malformed data with ASN.1 encoding, related to crypto/pkcs7/pk7_doit.c and crypto/pkcs7/pk7_lib.c.

• CVE-2015-0293—The SSLv2 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a allows remote attackers to cause a denial of service (s2_lib.c assertion failure and daemon exit) via a crafted CLIENT-MASTER-KEY message.

• CVE-2015-1788—The BN_GF2m_mod_inv function in crypto/bn/bn_gf2m.c in OpenSSL before 0.9.8s, 1.0.0 before 1.0.0e, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b does not properly handle ECParameters structures in which the curve is over a malformed binary polynomial field, which allows remote attackers to cause a denial of service (infinite loop) via a session that uses an Elliptic Curve algorithm, as demonstrated by an attack against a server that supports client authentication.

• CVE-2015-1789—The X509_cmp_time function in crypto/x509/x509_vfy.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted length field in ASN1_TIME data, as demonstrated by an attack against a server that supports client authentication with a custom verification callback.

• CVE-2015-1790—The PKCS7_dataDecodefunction in crypto/pkcs7/pk7_doit.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a PKCS#7 blob that uses ASN.1 encoding and lacks inner EncryptedContent data.

• CVE-2015-1791—Rare condition in the ssl3_get_new_session_ticket function in ssl/s3_clnt.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b, when used for a multi-threaded client, allows remote attackers to cause a denial of service (double free and application crash) or possibly have unspecified other impact by providing a NewSessionTicket during an attempt to reuse a ticket that had been obtained earlier.

• CVE-2015-1792—The do_free_upto function in crypto/cms/cms_smime.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b allows remote attackers to cause a denial of service (infinite loop) via vectors that trigger a NULL value of a BIO data structure, as demonstrated by an unrecognized X.660 OID for a hash function.

• CVE-2015-3195—The ASN1_TFLG_COMBINE implementation in crypto/asn1/tasn_dec.c in OpenSSL before 0.9.8zh, 1.0.0 before 1.0.0t, 1.0.1 before 1.0.1q, and 1.0.2 before 1.0.2e mishandles errors caused by malformed X509_ATTRIBUTE data, which allows remote attackers to obtain sensitive information from process memory by triggering a decoding failure in a PKCS#7 or CMS application.

• CVE-2015-4000—The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHE_EXPORT and then rewriting a ServerHello with DHE_EXPORT replaced by DHE, aka the "Logjam" issue.

• CVE-2016-0703—The get_client_master_key function in s2_srvr.c in the SSLv2 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a accepts a nonzero CLIENT-MASTER-KEY CLEAR-KEY-LENGTH value for an arbitrary cipher, which allows man-in-the-middle attackers to determine the MASTER-KEY value and decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, a related issue to CVE-2016-0800.

• CVE-2016-0704—An oracle protection mechanism in the get_client_master_key function in s2_srvr.c in the SSLv2 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a overwrites incorrect MASTER-KEY bytes during use of export cipher suites, which makes it easier for remote attackers to decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, a related issue to CVE-2016-0800.

• CVE-2016-2106—Integer overflow in the EVP_EncryptUpdate function in crypto/evp/evp_enc.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (heap memory corruption) via a large amount of data.

• CVE-2016-2107—The AES-NI implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h does not consider memory allocation during a certain padding check, which allows remote attackers to obtain sensitive cleartext information via a padding-oracle attack against an AES CBC session. NOTE: this vulnerability exists because of an incorrect fix for CVE-2013-0169.

• CVE-2016-2108—The ASN.1 implementation in OpenSSL before 1.0.1o and 1.0.2 before 1.0.2c allows remote attackers to execute arbitrary code or cause a denial of service (buffer underflow and memory corruption) via an ANY field in crafted serialized data, aka the "negative zero" issue.

• CVE-2016-2109—The asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c in the ASN.1 BIO implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (memory consumption) via a short invalid encoding.

• CVE-2016-2176—The X509_NAME_oneline function in crypto/x509/x509_obj.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to obtain sensitive information from process stack memory or cause a denial of service (buffer over-read) via crafted EBCDIC ASN.1 data.

• CVE-2016-7056—A timing attack flaw was found in OpenSSL 1.0.1u and before that could allow a malicious user with local access to recover ECDSA P-256 private keys.

• CVE-2017-3735—While parsing an IPAddressFamily extension in an X.509 certificate, it is possible to do a one-byte overread. This would result in an incorrect text display of the certificate. This bug has been present since 2006 and is present in all versions of OpenSSL before 1.0.2m and 1.1.0g.

• CVE-2021-23840—Calls to EVP_CipherUpdate, EVP_EncryptUpdate and EVP_DecryptUpdate may overflow the output length argument in some cases where the input length is close to the maximum permissable length for an integer on the platform. In such cases the return value from the function call will be 1 (indicating success), but the output length value will be negative. This could cause applications to behave incorrectly or crash. OpenSSL versions 1.1.1i and below are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1j. OpenSSL versions 1.0.2x and below are affected by this issue. However OpenSSL 1.0.2 is out of support and no longer receiving public updates. Premium support customers of OpenSSL 1.0.2 should upgrade to 1.0.2y. Other users should upgrade to 1.1.1j. Fixed in OpenSSL 1.1.1j (Affected 1.1.1-1.1.1i). Fixed in OpenSSL 1.0.2y (Affected 1.0.2-1.0.2x).

• CVE-2021-3711—In order to decrypt SM2 encrypted data an application is expected to call the API function EVP_PKEY_decrypt(). Typically an application will call this function twice. The first time, on entry, the "out" parameter can be NULL and, on exit, the "outlen" parameter is populated with the buffer size required to hold the decrypted plaintext. The application can then allocate a sufficiently sized buffer and call EVP_PKEY_decrypt() again, but this time passing a non-NULL value for the "out" parameter. A bug in the implementation of the SM2 decryption code means that the calculation of the buffer size required to hold the plaintext returned by the first call to EVP_PKEY_decrypt() can be smaller than the actual size required by the second call. This can lead to a buffer overflow when EVP_PKEY_decrypt() is called by the application a second time with a buffer that is too small. A malicious attacker who is able present SM2 content for decryption to an application could cause attacker chosen data to overflow the buffer by up to a maximum of 62 bytes altering the contents of other data held after the buffer, possibly changing application behaviour or causing the application to crash. The location of the buffer is application dependent but is typically heap allocated. Fixed in OpenSSL 1.1.1l (Affected 1.1.1-1.1.1k).

• CVE-2021-3712—ASN.1 strings are represented internally within OpenSSL as an ASN1_STRING structure which contains a buffer holding the string data and a field holding the buffer length. This contrasts with normal C strings which are repesented as a buffer for the string data which is terminated with a NUL (0) byte. Although not a strict requirement, ASN.1 strings that are parsed using OpenSSL's own "d2i" functions (and other similar parsing functions) as well as any string whose value has been set with the ASN1_STRING_set() function will additionally NUL terminate the byte array in the ASN1_STRING structure. However, it is possible for applications to directly construct valid ASN1_STRING structures which do not NUL terminate the byte array by directly setting the "data" and "length" fields in the ASN1_STRING array. This can also happen by using the ASN1_STRING_set0() function. Numerous OpenSSL functions that print ASN.1 data have been found to assume that the ASN1_STRING byte array will be NUL terminated, even though this is not guaranteed for strings that have been directly constructed. Where an application requests an ASN.1 structure to be printed, and where that ASN.1 structure contains ASN1_STRINGs that have been directly constructed by the application without NUL terminating the "data" field, then a read buffer overrun can occur. The same thing can also occur during name constraints processing of certificates (for example if a certificate has been directly constructed by the application instead of loading it via the OpenSSL parsing functions, and the certificate contains non NUL terminated ASN1_STRING structures). It can also occur in the X509_get1_email(), X509_REQ_get1_email() and X509_get1_ocsp() functions. If a malicious actor can cause an application to directly construct an ASN1_STRING and then process it through one of the affected OpenSSL functions then this issue could be hit. This might result in a crash (causing a Denial of Service attack). It could also result in the disclosure of private memory contents (such as private keys, or sensitive plaintext). Fixed in OpenSSL 1.1.1l (Affected 1.1.1-1.1.1k). Fixed in OpenSSL 1.0.2za (Affected 1.0.2-1.0.2y).

• CVE-2021-4044—Internally libssl in OpenSSL calls X509_verify_cert() on the client side to verify a certificate supplied by a server. That function may return a negative return value to indicate an internal error (for example out of memory). Such a negative return value is mishandled by OpenSSL and will cause an IO function (such as SSL_connect() or SSL_do_handshake()) to not indicate success and a subsequent call to SSL_get_error() to return the value SSL_ERROR_WANT_RETRY_VERIFY. This return value is only supposed to be returned by OpenSSL if the application has previously called SSL_CTX_set_cert_verify_callback(). Since most applications do not do this the SSL_ERROR_WANT_RETRY_VERIFY return value from SSL_get_error() will be totally unexpected and applications may not behave correctly as a result. The exact behaviour will depend on the application but it could result in crashes, infinite loops or other similar incorrect responses. This issue is made more serious in combination with a separate bug in OpenSSL 3.0 that will cause X509_verify_cert() to indicate an internal error when processing a certificate chain. This will occur where a certificate does not include the Subject Alternative Name extension but where a Certificate Authority has enforced name constraints. This issue can occur even with valid chains. By combining the two issues an attacker could induce incorrect, application dependent behaviour. Fixed in OpenSSL 3.0.1 (Affected 3.0.0).

Defect ID - CSCwk90710

Cisco UCS C-Series M6 servers are affected by vulnerabilities identified by the following Common Vulnerability and Exposures (CVE) IDs:

• CVE-2024-24853—Incorrect behavior order in transition between executive monitor and SMI transfer monitor (STM) in some Intel(R) Processor may allow a privileged user to potentially enable escalation of privilege via local access.

• CVE-2024-24980—Protection mechanism failure in some 3rd, 4th, and 5th Generation Intel(R) Xeon(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access.

• CVE-2024-21829—Improper input validation in UEFI firmware error handler for some Intel® Processors may allow a privileged user to potentially enable escalation of privilege via local access.

• CVE-2024-21781—Improper input validation in UEFI firmware for some Intel® Processors may allow a privileged user to enable information disclosure or denial of service via local access.

• CVE-2023-43753—Improper conditions check in some Intel(R) Processors with Intel® Software Guard Extensions (Intel® SGX) may allow a privileged user to potentially enable information disclosure via local access.

• CVE-2024-24968—Improper finite state machines (FSMs) in hardware logic in some Intel® Processors may allow an privileged user to potentially enable a denial of service via local access.

• CVE-2024-23984—Observable discrepancy in RAPL interface for some Intel® Processors may allow a privileged user to potentially enable information disclosure via local access.

Defect ID - CSCwk62266

Cisco UCS C-Series M7 and M6 servers are affected by the vulnerabilities identified by the following Common Vulnerability and Exposures (CVE) IDs:

• CVE-2024-6387—A race condition has been identified in the sshd service related to its signal handler. If a client fails to authenticate within the LoginGraceTime period (default is 120 seconds, previously 600 seconds in older OpenSSH versions), the sshd SIGALRM handler is triggered asynchronously. This handler, however, invokes several functions that are not safe to call from within a signal handler, such as syslog().

The affected third-party software component has been upgraded to a version that includes fixes for the vulnerability. Future versions of the product(s) will not be affected by this vulnerability.

Defect ID - CSCwk62266

Cisco UCS C-Series M5 servers are affected by the vulnerabilities identified by the following Common Vulnerability and Exposures (CVE) IDs:

• CVE-2024-6387—A race condition has been identified in the sshd service related to its signal handler. If a client fails to authenticate within the LoginGraceTime period (default is 120 seconds, previously 600 seconds in older OpenSSH versions), the sshd SIGALRM handler is triggered asynchronously. This handler, however, invokes several functions that are not safe to call from within a signal handler, such as syslog().

The affected third-party software component has been upgraded to a version that includes fixes for the vulnerability. Future versions of the product(s) will not be affected by this vulnerability.

Defect ID - CSCwi59840

Cisco UCS M5 servers are affected by vulnerabilities identified by the following Common Vulnerability and Exposures (CVE) IDs:

CVE-2023-48795—The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks, such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, also known as Terrapin attack.

This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the handshake phase and use of sequence numbers. For example, when there is an effective attack against SSH's use of ChaCha20-Poly1305 (and CBC with Encrypt-then-MAC), the bypass occurs in chacha20-poly1305@openssh.com, (and if CBC is used, then the -etm@openssh.com MAC algorithms).

The following security issue is resolved:

Cisco UCS C225 and C245 M6 servers are affected by vulnerabilities identified by the following Common Vulnerability and Exposures (CVE) IDs:

CVE-2023-20593—An issue in Zen 2 CPUs, under specific microarchitectural circumstances, might allow an attacker to potentially access sensitive information.

Cisco UCS C125 M5 servers are affected by vulnerabilities identified by the following Common Vulnerability and Exposures (CVE) IDs:

CVE-2023-20593—An issue in Zen 2 CPUs, under specific microarchitectural circumstances, might allow an attacker to potentially access sensitive information.

The following security issues are resolved:

• Defect ID - CSCwe96259

  Cisco UCS C-series M6 servers are affected by vulnerabilities identified by the following Common Vulnerability and Exposures (CVE) IDs:

  CVE-2023-20228—This vulnerability is due to insufficient validation of user input. An attacker could exploit this vulnerability by persuading a user of an affected interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the browser of the targeted user or access sensitive, browser-based information.

• Defect ID - CSCwf30460

  Cisco UCS C-series M6 servers are affected by vulnerabilities identified by the following Common Vulnerability and Exposures (CVE) IDs:

  • CVE-2022-41804—Unauthorized error injection in Intel^® SGX or Intel^® TDX for some Intel^® Xeon^® Processors which may allow a privileged user to potentially enable escalation of privilege through local access.

  • CVE-2022-40982—Information exposure through microarchitectural state after transient execution in certain vector execution units for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure through local access.

  • CVE-2023-23908—Improper access control in some 3rd Generation Intel^® Xeon^® Scalable processors may allow a privileged user to potentially enable information disclosure through local access.

  • CVE-2022-37343— Improper access control in the BIOS firmware for some Intel^® Processors may allow a privileged user to potentially enable escalation of privilege through local access.

• Defect ID - CSCwf30468

  Cisco UCS C-series M5 servers are affected by vulnerabilities identified by the following Common Vulnerability and Exposures (CVE) IDs:

  • CVE-2022-40982—Information exposure through microarchitectural state after transient execution in certain vector execution units for some Intel^® Processors may allow an authenticated user to potentially enable information disclosure through local access.

  • CVE-2022-43505—Insufficient control flow management in the BIOS firmware for some Intel^® Processors may allow a privileged user to potentially enable denial of service through local access.