FS#29261 — Meltdown / Spectre
Attached to Project— Cloud
Maintenance | |
cloud | |
CLOSED | |
![]() |
Following the different CVE publicized :
- CVE-2017-5715 (branch target injection – Spectre)
- CVE-2017-5753 (bounds check bypass – Spectre)
- CVE-2017-5754 (rogue data cache load – Meltdown)
Variant 1: bounds check bypass (CVE-2017-5753) - spectre
Vulnerable : YES
Fixed by patch : YES
Variant 2: branch target injection (CVE-2017-5715) - spectre
Vulnerable : YES
Fixed by patch : YES
Variant 3: rogue data cache load (CVE-2017-5754) - meltdown
Vulnerable : YES
Fixed by patch : YES
We will have to apply updates on different sides:
- customers side
- OVH side
On customer side, KVM on host is not impacted but customers need to apply patches in their OS. OVH is maintaining a list of vendors patches => http://travaux.ovh.net/?do=details&id=29257.
On OVH side, new versions of microcodes and kernels are being tested and will be applied in next step once they'll be validated.
Date: Monday, 04 June 2018, 10:03AM- CVE-2017-5715 (branch target injection – Spectre)
- CVE-2017-5753 (bounds check bypass – Spectre)
- CVE-2017-5754 (rogue data cache load – Meltdown)
Variant 1: bounds check bypass (CVE-2017-5753) - spectre
Vulnerable : YES
Fixed by patch : YES
Variant 2: branch target injection (CVE-2017-5715) - spectre
Vulnerable : YES
Fixed by patch : YES
Variant 3: rogue data cache load (CVE-2017-5754) - meltdown
Vulnerable : YES
Fixed by patch : YES
We will have to apply updates on different sides:
- customers side
- OVH side
On customer side, KVM on host is not impacted but customers need to apply patches in their OS. OVH is maintaining a list of vendors patches => http://travaux.ovh.net/?do=details&id=29257.
On OVH side, new versions of microcodes and kernels are being tested and will be applied in next step once they'll be validated.
Reason for closing: Done
Upgrade still in progress.
Microcode deploy this week.
We closed this travaux tasks.