January 17, 2018
Hitachi, Ltd. IT Platform Products Management Division

Notice on "side channel attack to the CPUs with speculative execution function"

Researchers disclosed the vulnerabilities below which allow side channel attack to the CPUs with speculative execution function.
[JVNVU#93823979(CVE-2017-5715, CVE-2017-5753, CVE-2017-5754)]
CVE-2017-5715 and CVE-2017-5753 are known as Spectre.
CVE-2017-5754 is known as Meltdown.

When a malicious software is executed on a target product of the attack, the data stored in the memory that is used for each processing in OS kernel space and user space is unexpectedly exposed by the vulnerabilities.
However, the vulnerabilities do not affect our storage products (including SVP) because it is impossible to execute any external program on the storage products.

List of Storage Products

  • Hitachi Universal Storage Platform
  • Hitachi Universal Storage Platform V/VM
  • Hitachi Universal Storage Platform H12000/H20000/H24000

  • Hitachi Virtual Storage Platform
  • Hitachi Virtual Storage Platform G series/F series
  • Hitachi Virtual Storage Platform VP9500
  • Hitachi Virtual Storage Platform VX7

  • Hitachi Network storage Controller
  • Hitachi Network storage Controller H10000

  • Hitachi Unified Storage VM
  • Hitachi Unified Storage 100 series

  • Adaptable Modular Storage 2000 series

  • BR1600/BR1650 series

  • Hitachi Data Ingestor

  • Hitachi NAS Platform

  • Hitachi Content Platform
  • Hitachi Content Platform Anywhere

  • Hitachi Capacity Optimization

  • Fibre Channel Switch(HT-4990-SWxxxx)

  • Backup Storage(TFxxxx)

Update history

  • January 17, 2018: This security information page is newly created and uploaded.
  • Hitachi, Ltd. (hereinafter referred to as "Hitachi") tries to provide accurate information about security countermeasures. However, since information about security problems constantly changes, the contents of these Web pages are subject to change without prior notice. When referencing information, please confirm that you are referencing the latest information.
  • The Web pages include information about products that are developed by non-Hitachi software developers. Vulnerability information about those products is based on the information provided or disclosed by those developers. Although Hitachi is careful about the accuracy and completeness of this information, the contents of the Web pages may change depending on the changes made by the developers.
  • The Web pages are intended to provide vulnerability information only, and Hitachi shall not have any legal responsibility for the information contained in them. Hitachi shall not be liable for any consequences arising out of or in connection with the security countermeasures or other actions that you will take or have taken (or not taken) by yourself.
  • The links to other web sites are valid at the time of the release of the page. Although Hitachi makes an effort to maintain the links, Hitachi cannot guarantee their permanent availability.