In January 2017 in the Intel Atom C2000 Series spec revision Intel published information about a flaw “System May Experience Inability to Boot or May Cease Operation”.
The official errata says the B0 stepping of C2xxx Atoms are vulnerable to failure, and these parts began shipping in 2013. The specific SKUs are: C2308, C2338, C2350, C2358, C2508, C2518, C2530, C2538, C2550, C2558, C2718, C2730, C2738, C2750, and C2758.
Lots of hardware vendors may be potentially affected by high rate of product failures after 18 months of use because of the faulty clock component. Some of the vendors, like Cisco, already announced replacement program for products under warranty or covered by any valid services contract where Synology decided to extend warranty for the 6 listed below products by 1 year. Other vendors still work on their course of action.
Official Intel Atom C2000 family spec – Link
Other articles about the flaw in the Intel Atom C2000 Series
February 3, 2017 – Ticking time-bomb fault will brick Cisco gear after 18 months
February 6, 2017 – Intel’s Atom C2000 chips are bricking products – and it’s not just Cisco hit
February 7, 2017 – Intel Atom chips have been dying for at least 18 months – only now is truth coming to light
February 7, 2017 – PSA: Intel Atom C2000 Chips Flaw Bricking Routers/NAS/Firewall devices that are powered by Linux, pfSense and FreeNAS
February 8, 2017 – An Intel Atom C2000 bug is killing products from multiple manufacturers
February 8, 2017 – Semi-Critical Intel Atom C2000 SoC Flaw Discovered, Hardware Fix Required
February 14, 2017 – Juniper facing fatal clock flaw that impacts Cisco routers, switches
February 15, 2017 – Intel’s Atom C2000 chip flaw spreads to Juniper
February 17, 2017 – HPE joins Cisco, Juniper with faulty clock technology problem
March 3, 2017 – Intel’s dying Atom chips strike again: Netgear recalls four ReadyNAS, Wi-Fi management lines
Below you can find a list of affected vendors and their products
- Cisco (link to the official Cisco announcement about the flaw and the replacement program)
- NCS5500 – line cards for a high-scale WAN aggregation NCS5500 router
- NCS1K-CNTLR – a controller in NCS1000 Series, an optical system which can transparently deliver multiple 10Gbe, 40Gbe and 100Gbe over two 100Gbps, 200Gbps or 250Gbps coherent DWDM wavelengths
- N9K-C9504-FM-E, N9K-C9508-FM-E, N9K-X9732C-EX – line cards for Nexus 9000 Series
- ISR4321, ISR4331, ISR4351 – Integrated Services Routers with 2/3 NIMs (Network Interface Modules) 50Mbps to 200Mbps upgradeable to 100-400Mbps depends on the model
- IR809G-LTE – Industrial Integrated Services Router with 2x 4G/LTE Wireless WAN Interfaces
- IR829GW-LTE – Industrial Integrated Services Router with an optional module for a single or dual multimode LTE modem
- ISA-3000 – DIN-rail mounted Industrial Security Appliance
- UCS EN120E, UCS EN140N – Cisco UCS E-Series Network Compute Engine (NCE) Servers
- ASA5506, ASA5508, ASA5516 – Adaptive Security Appliances / Range of Cisco firewalls/UTMs
- Meraki MX84 and MS350 Series – Cloud managed Security Appliances
- Juniper – 13 switches, routers and other products
- PTX3000 – an integrated photonic line card in PTX3000 which is a dense, ultra-compact 8 Tbps core router
- MPC7E 10G – a line card for Juniper MX Series with 40x 10Gb-SFP+ ports
- MPC7E multi rate – a line card for Juniper MX Series with 12x 40Gb-QSFP+ ports where 4 ports can work as 100Gb-QSFP28
- MX2K-MPC8E – a line card for Juniper MX2000 Series with two MIC slots
- OCX1100 – Open Networking Switch with 48x 10Gb-SFP+ and 6x 40Gb-QSFP+ ports
- EX9200 Series – Ethernet 4/8/14-slot modular core switches with up to 3.2, 9.6 or 13.2Tbps backplane capacity
- AS55/57/58/67/68/77 – Switches from 48x 10Gb-SFP+ ports to 32x 100Gb-QSFP28 ports. Some are Intel Atom C2538 based, but some, like AS56 series, Freescale P2020 therefore unaffected
- Wedge-16X – A switch with 16x 40Gb-QSFP+ ports. According to the spec it’s Intel Atom C2550 based
- QuantaMesh BMS T3048-LY8 – A switch with 48x 10Gb-SFP+ ports
- QuantaMesh BMS T3048-LY9 – A switch with 48x 10Gb-T ports/li>
- QuantaMesh BMS T5032-LY6-x86 – A switch with 48x 40Gb-QSFP+ ports, but T5032-LY6 should be safe as it’s PowerPC based
- Extreme Networks
- WLAN C35 – A wireless controller supporting up to 250 APs
- S4000 – A switch with 48 x 10GbE SFP+ ports (or 48 x 10GBaseT ports) and 6 x 40GbE QSFP+ ports. Intel Atom C2338 based ?
- Z9000 – A switch with 32 x 40GbE QSFP+ ports
Altoline S6900 – A switch with 48x 1Gb-T ports, 4x 10Gb-SFP+ ports and 2x 20Gb-QSFP+ stacking ports. According to the HPE product spec the series is based on ARM Cortex-A9, so not affected by the issue
- Altoline 6921 – A switch with 48x 10GbE-SFP+ ports and 6x 40Gb-QSFP+ ports, Intel Atom C2538 based. Link to the product spec file.
- Altoline 6941 – A switch with 32x 40GbE-QSFP+ ports, Intel Atom C2538 based. Link to the product spec file.
- Altoline 6960 – A switch with 32x 100GbE-QSFP28 ports, Intel Rangeley C2538 based. Link to the product spec file.
- OS9900 – A modular switch. All modules are either based on Intel Rangeley Quad or Dual core CPUs. Link to the product spec file.
- SN510 – a mid-range UTM Appliance
- SN710 – a mid-range UTM Appliance
- UTM SG125
- UTM SG135
- Netgear (link to the official announcement) – updated 04/03/2017
- ReadyNAS RN3130
- ReadyNAS RN3138
- WC7500 Series
- WC7600v2 Series
- pfSense firewalls
- Synology (link to the product status update page) – updated 19/02/2017 (*)
- NAS Pro
- FreeNAS Mini
- ASRock Rack
- ZNYX Networks
If you know more details about a specific hardware vendor, what is the vendor’s course of action about the issue, what products are potentially affected, please contact me and I will update the list.
(*) – Thank you JT for sending the link to the Synology status update page.