Sunday, January 7, 2018


It has been disclosed recently that multiple critical security vulnerabilities affecting many CPU actitechtures, (CVE-2017-5753 , CVE-2017-5715, and CVE-2017-5754)

Security engineers within Intel and each operating system’s community are working to provide patches to eliminate this threat. At least one of your servers may be vulnerable and should be upgraded to a more recent kernel version as soon as possible.

As per our knowledge, no fixed kernels are officially shipped in any distribution but we encourage you to regularly check for security updates to perform an upgrade of your kernel once available. We will also provide timely updates on Our Blog / in Announcements on client area regarding the situation as we get new information/ patch released.

 

Intel affected CPU list

Here is a non-exhaustive list of Intel processors affected by Meltdown and Spectre vulnerabilities :

  • Intel Core™ i3 processor (45nm and 32nm)
  • Intel Core™ i5 processor (45nm and 32nm)
  • Intel Core™ i7 processor (45nm and 32nm)
  • Intel Core™ M processor family (45nm and 32nm)
  • 2nd generation Intel Core processors
  • 3rd generation Intel Core processors
  • 4th generation Intel Core processors
  • 5th generation Intel Core processors
  • 6th generation Intel Core processors
  • 7th generation Intel Core processors
  • 8th generation Intel Core processors
  • Intel Core X-series Processor Family for Intel X99 platforms
  • Intel Core X-series Processor Family for Intel X299 platforms
  • Intel Xeon processor 3400 series
  • Intel Xeon processor 3600 series
  • Intel Xeon processor 5500 series
  • Intel Xeon processor 5600 series
  • Intel Xeon processor 6500 series
  • Intel Xeon processor 7500 series
  • Intel Xeon Processor E3 Family
  • Intel Xeon Processor E3 v2 Family
  • Intel Xeon Processor E3 v3 Family
  • Intel Xeon Processor E3 v4 Family
  • Intel Xeon Processor E3 v5 Family
  • Intel Xeon Processor E3 v6 Family
  • Intel Xeon Processor E5 Family
  • Intel Xeon Processor E5 v2 Family
  • Intel Xeon Processor E5 v3 Family
  • Intel Xeon Processor E5 v4 Family
  • Intel Xeon Processor E7 Family
  • Intel Xeon Processor E7 v2 Family
  • Intel Xeon Processor E7 v3 Family
  • Intel Xeon Processor E7 v4 Family
  • Intel Xeon Processor Scalable Family
  • Intel Xeon Phi Processor 3200, 5200, 7200 Series
  • Intel Atom Processor C Series
  • Intel Atom Processor E Series
  • Intel Atom Processor A Series
  • Intel Atom Processor x3 Series
  • Intel Atom Processor Z Series
  • Intel Celeron Processor J Series
  • Intel Celeron Processor N Series
  • Intel Pentium Processor J Series
  • Intel Pentium Processor N Series

All of them are affected. If you’re using one of them, we strongly recommend you to update your system with the latest available patches. Some AMD processors may also be affected .



You can find more information regarding Meltdown and Spectre at:



-------

Note: Please note, latest CloudLinux kernels not booting on Xen PV (including CL6, CL6h and CL7 kernels). It is still not entirely clear what causes the issue and quite likely the bug might have been brought with the RHEL patches.
We apologize for the inconvenience. Our team is restless and we put all the efforts to deliver the fix ASAP. We encourage you to wait until the solution is found. As an alternative you can migrate from Xen PV to Xen HVM, we haven’t had any complaints about the last one.

CloudLinux latest kernels from stable and beta repository have fixes for this CVE's.
https://www.cloudlinux.com/cloudlinux-os-blog/entry/beta-cloudlinux-6-kernel-updated-1-8



Meltdown and Spectre patches availability  per OS

 

 

 
OS

Spectre - Variant 1

***

Bounds Check Bypass

(CVE-2017-5753)

Spectre - Variant 2

***

Branch Target Injection

(CVE-2017-5715)

Meltdown

***

Rogue Data Cache Load

Meltdown

(CVE-2017-5754)

     
 
 
Windows Server 2008
Windows Server 2008 R2
Windows Server 2012
Windows Server 2012 R2

DONE

Windows Server 2016
VMware vSphere 4.0/4.1/5.0/5.1
VMware vSphere 5.5
VMware vSphere 6.0/6.5
Linux Debian Wheezy
Linux Debian Jessie
Linux Debian Stretch
Linux Debian Buster
Linux Debian Sid
Linux Red Hat Enterprise Linux 7
Linux Red Hat Enterprise Linux 6
Linux Red Hat Enterprise Linux 5
Linux Red Hat Enterprise Linux OpenStack Platform 7.0 (Kilo) for RHEL 7
Linux Red Hat Enterprise Linux OpenStack Platform 6.0 (Juno) for RHEL 7
Linux Red Hat OpenStack Platform v 8/9/10/11/12
Linux CentOS 6

WAIT

Linux CentOS 7

WAIT

Linux Fedora 26

WAIT

WAIT

DONE

Linux Fedora 27

WAIT

WAIT

DONE

Linux SUSE OpenStack Cloud 6
Linux SUSE Linux Enterprise Server 11 SP3-LTSS
Linux SUSE Linux Enterprise Server 11 SP4
Linux SUSE Container as a Service Platform ALL
Linux Gentoo

<span class="status









« Back