Meltdown & Spectre – x86/x64 architecture bug – what you need to know
As you may have read, 2018 has started with the unfortunate news of two vulnerabilities that affect Intel, AMD and ARM computing architectures: Meltdown, and Spectre.
This post summarizes what we know about the problems and what you’ll need to do to mitigate these issues in your OnApp clouds.
UPDATE: 5th January, 16:30 GMT
We’re making progress with updates to OnApp packages – but owing to the dependency on upstream OS updates, and the critical requirement to ensure OS and OnApp updates are fully tested – we’re not yet ready to release. Watch this space and @OnApp on Twitter for more news. We’ll also be communicating updates to customers via email as soon as they’re ready. Meanwhile, on the template side of things, you’ll find the latest advice for OS updates at our documentation portal.
What are Meltdown and Spectre?
Meltdown and Spectre are hardware bugs that were uncovered by a number of security researchers, and widely reported in the media on January 3rd 2018. In brief, “Meltdown” affects the most fundamental isolation of user applications from the operating system, which could allow a program to access memory being used by another program, or the Operating System; while “Spectre” is reported to break the isolation between error-free applications. You can read more at https://meltdownattack.com/.
What is OnApp doing about it?
These issues are not specific to OnApp: they are created by hardware bugs that affect a large number of different computing platforms, from smartphones and desktop PCs to datacenter infrastructure. The nature of these vulnerabilities appears not to be addressable via microcode updates (i.e. at the hardware level). They must therefore be addressed by software patches at the OS level.
Mitigating these problems is going to require updates to OnApp software packages, and to OnApp OS templates. We’ve created a page dedicated to these at our documentation portal, here: https://docs.onapp.com/display/RN/Meltdown+and+Spectre+CPU+Issues
We’re working hard to get the patches you require developed, tested and ready. Owing to the seriousness of these issues, and the very short time since we learned about them, we’ll be issuing patches and advice on a rolling basis – think hourly or daily rather than one ‘big bang’ fix.
Keep an eye on this blog post, and the @OnApp twitter feed, for the latest news.
Need more help?
If you’re an OnApp customer with any concerns about these problems, or if you need additional help understanding or implementing fixes to your OnApp cloud, just get in touch with our support team.
We’ll keep this post updated as we learn more. Happy New Year… !