OVHcloud Bare Metal Cloud Status

Current status
Legend
  • Operational
  • Degraded performance
  • Partial Outage
  • Major Outage
  • Under maintenance
Meltdown / Spectre
Scheduled Maintenance Report for Bare Metal Cloud
Completed
Regarding the different CVE publicized
- CVE-2017-5715 (branch target injection – Spectre)
- CVE-2017-5753 (bounds check bypass – Spectre)
- CVE-2017-5754 (rogue data cache load – Meltdown)

On Dedicated Servers, customer operations ARE REQUIRED in order to mitigate the Meltdown flaw.
Your system need to be updated: http://travaux.ovh.net/?do=details&id=29257.
If you are running an OVH Kernel, you can simply enable the 'Netboot' feature and reboot your system (https://docs.ovh.com/gb/en/dedicated/kernel-netboot/#boot-from-network-mode)

Spectre flaws mitigation is not available for the moment.
Our teams are working on the deployment of an Intel microcode (during the system boot and/or EFI). This microcode would require kernel counter-measures (understand patch/update) to fully mitigate against Variant 2 / CVE-2017-5715 (https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00088&languageid=en-fr).

Update(s):

Date: 2018-01-24 16:19:07 UTC
The OVH bzImage versions have been adapted to 4.9.78 and 4.14.15, respectively.

Date: 2018-01-23 13:29:20 UTC
Regarding OVH kernels, there are two updated versions available, which both mitigate the \"Meltdown\" as well as the \"Spectre Variant 2\" vulnerabilities.

Currently available are the versions 4.9.77 (stable/production) and 4.14.14 (testing). The 4.9 version is used for standard netboot and reinstallations if no other kernel is chosen.
Those kernels have been compiled with a retpoline-enabled GCC version 7.2, and are bundled with the latest (reference version v224) CPU microcodes obtained from Intel.
Those bzImages are updated regularly to reflect the latest findings and published best-practices. Microcodes for CPUs from AMD will be added when available.

If you want to update an existing installation using those kernels, you can either:
- boot the kernel directly from network as described in https://docs.ovh.com/gb/en/dedicated/kernel-netboot/, or
- install the OVH kernel on your disk in the /boot directory and adapting your bootloader's config (\"update-grub\" on Debian/Ubuntu or \"grub2-mkconfig\" on RHEL/CentOS/Fedora/SuSE and others) after downloading the corresponding files from ftp://ftp.ovh.net/made-in-ovh/bzImage/latest-production/ or ftp://ftp.ovh.net/made-in-ovh/bzImage/latest-test/ respectively.
Posted Jan 06, 2018 - 14:52 UTC
This scheduled maintenance affected: Dedicated Servers || Global Infrastructure (BHS, ERI, GRA, LIM, RBX, SBG, SGP, SYD, WAW).