Critical Security Vulnerabilities | Exploits Meltdown and Spectre

4 min read

It has been disclosed recently that multiple critical security vulnerabilities affecting many CPU actitechtures, (CVE-2017-5753 , CVE-2017-5715, and CVE-2017-5754)

Security engineers within Intel and each operating system’s community are working to provide patches to eliminate this threat. At least one of your servers may be vulnerable and should be upgraded to a more recent kernel version as soon as possible.

As per our knowledge, no fixed kernels are officially shipped in any distribution but we encourage you to regularly check for security updates to perform an upgrade of your kernel once available. We will also provide timely updates on Our Blog / in Announcements on client area regarding the situation as we get new information/ patch released.

Intel affected CPU list

Here is a non-exhaustive list of Intel processors affected by Meltdown and Spectre vulnerabilities :

Intel Core™ i3 processor (45nm and 32nm)
Intel Core™ i5 processor (45nm and 32nm)
Intel Core™ i7 processor (45nm and 32nm)
Intel Core™ M processor family (45nm and 32nm)
2nd generation Intel Core processors
3rd generation Intel Core processors
4th generation Intel Core processors
5th generation Intel Core processors
6th generation Intel Core processors
7th generation Intel Core processors
8th generation Intel Core processors
Intel Core X-series Processor Family for Intel X99 platforms
Intel Core X-series Processor Family for Intel X299 platforms
Intel Xeon processor 3400 series
Intel Xeon processor 3600 series
Intel Xeon processor 5500 series
Intel Xeon processor 5600 series
Intel Xeon processor 6500 series
Intel Xeon processor 7500 series
Intel Xeon Processor E3 Family
Intel Xeon Processor E3 v2 Family
Intel Xeon Processor E3 v3 Family
Intel Xeon Processor E3 v4 Family
Intel Xeon Processor E3 v5 Family
Intel Xeon Processor E3 v6 Family
Intel Xeon Processor E5 Family
Intel Xeon Processor E5 v2 Family
Intel Xeon Processor E5 v3 Family
Intel Xeon Processor E5 v4 Family
Intel Xeon Processor E7 Family
Intel Xeon Processor E7 v2 Family
Intel Xeon Processor E7 v3 Family
Intel Xeon Processor E7 v4 Family
Intel Xeon Processor Scalable Family
Intel Xeon Phi Processor 3200, 5200, 7200 Series
Intel Atom Processor C Series
Intel Atom Processor E Series
Intel Atom Processor A Series
Intel Atom Processor x3 Series
Intel Atom Processor Z Series
Intel Celeron Processor J Series
Intel Celeron Processor N Series
Intel Pentium Processor J Series
Intel Pentium Processor N Series

All of them are affected. If you’re using one of them, we strongly recommend you to update your system with the latest available patches. Some AMD processors may also be affected .

Note: Please note, latest CloudLinux kernels not booting on Xen PV (including CL6, CL6h and CL7 kernels). It is still not entirely clear what causes the issue and quite likely the bug might have been brought with the RHEL patches.
We apologize for the inconvenience. Our team is restless and we put all the efforts to deliver the fix ASAP. We encourage you to wait until the solution is found. As an alternative you can migrate from Xen PV to Xen HVM, we haven’t had any complaints about the last one.

CloudLinux latest kernels from stable and beta repository have fixes for this CVE’s.
https://www.cloudlinux.com/cloudlinux-os-blog/entry/beta-cloudlinux-6-kernel-updated-1-8

Meltdown and Spectre patches availability as per OS

Spectre – Variant 1

Bounds Check Bypass

(CVE-2017-5753)

Spectre – Variant 2

Branch Target Injection

(CVE-2017-5715)

Meltdown

Rogue Data Cache Load

Meltdown

(CVE-2017-5754)

Windows

Server 2008

NOT AVAILABLE

upgrade to Windows Server 2008 R2

https://support.microsoft.com/en-us/help/4072698/windows-server-guidance-to-protect-against-the-speculative-execution-s

NOT AVAILABLE

upgrade to Windows Server 2008 R2

https://support.microsoft.com/en-us/help/4072698/windows-server-guidance-to-protect-against-the-speculative-execution-s

NOT AVAILABLE

upgrade to Windows Server 2008 R2

https://support.microsoft.com/en-us/help/4072698/windows-server-guidance-to-protect-against-the-speculative-execution-s

Windows

Server 2008 R2

DONE

KB 4056897

https://support.microsoft.com/en-us/help/4072698/windows-server-guidance-to-protect-against-the-speculative-execution-s

https://support.microsoft.com/en-us/help/4056897

DONE

KB 4056897

https://support.microsoft.com/en-us/help/4072698/windows-server-guidance-to-protect-against-the-speculative-execution-s

https://support.microsoft.com/en-us/help/4056897

DONE

KB 4056897

https://support.microsoft.com/en-us/help/4072698/windows-server-guidance-to-protect-against-the-speculative-execution-s

https://support.microsoft.com/en-us/help/4056897

Windows

Server 2012

NOT AVAILABLE

upgrade to Windows Server 2012 R2

https://support.microsoft.com/en-us/help/4072698/windows-server-guidance-to-protect-against-the-speculative-execution-s

NOT AVAILABLE

upgrade to Windows Server 2012 R2

https://support.microsoft.com/en-us/help/4072698/windows-server-guidance-to-protect-against-the-speculative-execution-s

NOT AVAILABLE

upgrade to Windows Server 2012 R2

https://support.microsoft.com/en-us/help/4072698/windows-server-guidance-to-protect-against-the-speculative-execution-s

Windows

Server 2012 R2

DONE

KB 4056898

https://support.microsoft.com/en-us/help/4072698/windows-server-guidance-to-protect-against-the-speculative-execution-s

https://support.microsoft.com/en-us/help/4056898

DONE

KB 4056898

https://support.microsoft.com/en-us/help/4072698/windows-server-guidance-to-protect-against-the-speculative-execution-s

https://support.microsoft.com/en-us/help/4056898

DONE

KB 4056898

https://support.microsoft.com/en-us/help/4072698/windows-server-guidance-to-protect-against-the-speculative-execution-s

https://support.microsoft.com/en-us/help/4056898

Windows

Server 2016

DONE

KB 4056890 installed

https://support.microsoft.com/en-us/help/4072698/windows-server-guidance-to-protect-against-the-speculative-execution-s

https://support.microsoft.com/en-us/help/4056890

DONE

KB 4056890 installed

https://support.microsoft.com/en-us/help/4072698/windows-server-guidance-to-protect-against-the-speculative-execution-s

https://support.microsoft.com/en-us/help/4056890

DONE

KB 4056890 installed

https://support.microsoft.com/en-us/help/4072698/windows-server-guidance-to-protect-against-the-speculative-execution-s

https://support.microsoft.com/en-us/help/4056890

VMware

vSphere 4.0/4.1/5.0/5.1

NOT AVAILABLE

https://www.vmware.com/us/security/advisories/VMSA-2018-0002.html

NOT AVAILABLE

https://www.vmware.com/us/security/advisories/VMSA-2018-0002.html

NOT AVAILABLE

https://www.vmware.com/us/security/advisories/VMSA-2018-0002.html

VMware

vSphere 5.5

WAIT

https://www.vmware.com/us/security/advisories/VMSA-2018-0002.html

http://kb.vmware.com/kb/2150876

DONE

https://www.vmware.com/us/security/advisories/VMSA-2018-0002.html

http://kb.vmware.com/kb/2150876

WAIThttps://www.vmware.com/us/security/advisories/VMSA-2018-0002.html

http://kb.vmware.com/kb/2150876

VMware

vSphere 6.0/6.5

DONE

https://www.vmware.com/us/security/advisories/VMSA-2018-0002.html

http://kb.vmware.com/kb/2151132

http://kb.vmware.com/kb/2151099

DONE

https://www.vmware.com/us/security/advisories/VMSA-2018-0002.html

http://kb.vmware.com/kb/2151132

http://kb.vmware.com/kb/2151099

DONE

https://www.vmware.com/us/security/advisories/VMSA-2018-0002.html

http://kb.vmware.com/kb/2151132

http://kb.vmware.com/kb/2151099

Linux

Debian Wheezy

WAIT

https://security-tracker.debian.org/tracker/CVE-2017-5753

WAIT

https://security-tracker.debian.org/tracker/CVE-2017-5715

DONE

https://security-tracker.debian.org/tracker/CVE-2017-5754

Linux

Debian Jessie

WAIT

https://security-tracker.debian.org/tracker/CVE-2017-5753

WAIT

https://security-tracker.debian.org/tracker/CVE-2017-5715

DONE

https://security-tracker.debian.org/tracker/CVE-2017-5754

Linux

Debian Stretch

WAIT

https://security-tracker.debian.org/tracker/CVE-2017-5753

WAIT

https://security-tracker.debian.org/tracker/CVE-2017-5715

DONE

https://security-tracker.debian.org/tracker/CVE-2017-5754

https://www.debian.org/doc/manuals/debian-faq/ch-uptodate.en.html

Linux

Debian Buster

WAIT

https://security-tracker.debian.org/tracker/CVE-2017-5753

WAIT

https://security-tracker.debian.org/tracker/CVE-2017-5715

WAIT

https://security-tracker.debian.org/tracker/CVE-2017-5754

Linux

Debian Sid

WAIT

https://security-tracker.debian.org/tracker/CVE-2017-5753

WAIT

https://security-tracker.debian.org/tracker/CVE-2017-5715

DONEhttps://security-tracker.debian.org/tracker/CVE-2017-5754

https://www.debian.org/doc/manuals/debian-faq/ch-uptodate.en.html

Linux

Red Hat Enterprise Linux 7

WAIT

https://bugzilla.redhat.com/show_bug.cgi?id=1519778

WAIT

https://bugzilla.redhat.com/show_bug.cgi?id=1519780

DONE

https://bugzilla.redhat.com/show_bug.cgi?id=1519781

RHSA-2018:0007

RHSA-2018:0016

Linux

Red Hat Enterprise Linux 6

WAIT

https://bugzilla.redhat.com/show_bug.cgi?id=1519778

WAIT

https://bugzilla.redhat.com/show_bug.cgi?id=1519780

DONE

https://bugzilla.redhat.com/show_bug.cgi?id=1519781

RHSA-2018:0008

Linux

Red Hat Enterprise Linux 5

WAIT

https://access.redhat.com/security/vulnerabilities/speculativeexecution

WAIT

https://access.redhat.com/security/vulnerabilities/speculativeexecution

WAIT

https://access.redhat.com/security/vulnerabilities/speculativeexecution

Linux

Red Hat Enterprise Linux OpenStack Platform 7.0 (Kilo) for RHEL 7

WAIT

https://access.redhat.com/security/vulnerabilities/speculativeexecution

WAIT

https://access.redhat.com/security/vulnerabilities/speculativeexecution

WAIT

https://access.redhat.com/security/vulnerabilities/speculativeexecution

Linux

Red Hat Enterprise Linux OpenStack Platform 6.0 (Juno) for RHEL 7

WAIT

https://access.redhat.com/security/vulnerabilities/speculativeexecution

WAIT

https://access.redhat.com/security/vulnerabilities/speculativeexecution

WAIT

https://access.redhat.com/security/vulnerabilities/speculativeexecution

Linux

Red Hat OpenStack Platform v 8/9/10/11/12

WAIT

https://access.redhat.com/security/vulnerabilities/speculativeexecution

WAIT

https://access.redhat.com/security/vulnerabilities/speculativeexecution

WAIT

https://access.redhat.com/security/vulnerabilities/speculativeexecution

Linux

CentOS 6

DONE

https://access.redhat.com/errata/RHSA-2018:0008

https://access.redhat.com/errata/RHSA-2018:0013

https://access.redhat.com/errata/RHSA-2018:0024

WAIT

DONE

https://access.redhat.com/errata/RHSA-2018:0008

https://access.redhat.com/errata/RHSA-2018:0013

https://access.redhat.com/errata/RHSA-2018:0024

Linux

CentOS 7

DONE

https://www.centos.org/forums/viewtopic.php?f=51&t=65617

https://bugzilla.redhat.com/show_bug.cgi?id=151977

WAIT

DONE

https://www.centos.org/forums/viewtopic.php?f=51&t=65617

https://bugzilla.redhat.com/show_bug.cgi?id=1519778

Linux

Fedora 26

WAIT

DONE

Linux

Fedora 27

WAIT

DONE

Linux

SUSE OpenStack Cloud 6

WAIT

https://www.suse.com/security/cve/CVE-2017-5753/

WAIT

https://www.suse.com/security/cve/CVE-2017-5715/

WAIT

https://www.suse.com/security/cve/CVE-2017-5754/

Linux

SUSE Linux Enterprise Server 11 SP3-LTSS

WAIT

https://www.suse.com/security/cve/CVE-2017-5753/

WAIT

https://www.suse.com/security/cve/CVE-2017-5715/

WAIT

https://www.suse.com/security/cve/CVE-2017-5754/

Linux

SUSE Linux Enterprise Server 11 SP4

DONE

https://www.suse.com/security/cve/CVE-2017-5753/

https://download.suse.com/Download?buildid=Sgz1BG6h3yE~

https://download.suse.com/Download?buildid=8qOeEOkt8Vs~

https://download.suse.com/Download?buildid=1x1ZNuXBr48~

DONE

https://www.suse.com/security/cve/CVE-2017-5715/

https://download.suse.com/Download?buildid=Sgz1BG6h3yE~

https://download.suse.com/Download?buildid=8qOeEOkt8Vs~

https://download.suse.com/Download?buildid=1x1ZNuXBr48~

DONE

https://www.suse.com/security/cve/CVE-2017-5754/

https://download.suse.com/Download?buildid=Sgz1BG6h3yE~

https://download.suse.com/Download?buildid=8qOeEOkt8Vs~

https://download.suse.com/Download?buildid=1x1ZNuXBr48~

Linux

SUSE Container as a Service Platform ALL

DONE

https://www.suse.com/security/cve/CVE-2017-5753/

https://download.suse.com/Download?buildid=GlSdn9vmvx8~

https://download.suse.com/Download?buildid=Bd4ejFnSPQA~

https://download.suse.com/Download?buildid=7iQ4Q7STjhA~

https://www.suse.com/security/cve/CVE-2017-5753/

DONE

https://www.suse.com/security/cve/CVE-2017-5715/

https://download.suse.com/Download?buildid=GlSdn9vmvx8~

https://download.suse.com/Download?buildid=Bd4ejFnSPQA~

https://download.suse.com/Download?buildid=7iQ4Q7STjhA~

DONE

https://www.suse.com/security/cve/CVE-2017-5754/

https://download.suse.com/Download?buildid=GlSdn9vmvx8~

https://download.suse.com/Download?buildid=Bd4ejFnSPQA~

https://download.suse.com/Download?buildid=7iQ4Q7STjhA~

Linux

Gentoo

WAIT

https://bugs.gentoo.org/643352

https://wiki.gentoo.org/wiki/Project:Security/Vulnerabilities/Meltdown_and_Spectre

https://bugs.gentoo.org/643340

WAIT

https://bugs.gentoo.org/643352

https://wiki.gentoo.org/wiki/Project:Security/Vulnerabilities/Meltdown_and_Spectre

https://bugs.gentoo.org/643342

WAIT

https://bugs.gentoo.org/643352

https://wiki.gentoo.org/wiki/Project:Security/Vulnerabilities/Meltdown_and_Spectre

https://bugs.gentoo.org/643344

Linux

Slackware 14

WAIT

Solaris

SmartOS

WAIT

https://help.joyent.com/hc/en-us/articles/115015938847-Security-Advisory-Intel-Security-Findings

WAIT

https://help.joyent.com/hc/en-us/articles/115015938847-Security-Advisory-Intel-Security-Findings

WAIT

https://help.joyent.com/hc/en-us/articles/115015938847-Security-Advisory-Intel-Security-Findings

Linux

CloudLinux 6

DONE

https://www.cloudlinux.com/cloudlinux-os-blog/entry/cloudlinux-6-kernel-updated-1-5

DONE

https://www.cloudlinux.com/cloudlinux-os-blog/entry/cloudlinux-6-kernel-updated-1-5

DONE

https://www.cloudlinux.com/cloudlinux-os-blog/entry/cloudlinux-6-kernel-updated-1-5

Linux

CloudLinux 7

DONE

https://www.cloudlinux.com/cloudlinux-os-blog/entry/beta-cloudlinux-7-and-cloudlinux-6-hybrid-kernel-updated

DONE

https://www.cloudlinux.com/cloudlinux-os-blog/entry/beta-cloudlinux-7-and-cloudlinux-6-hybrid-kernel-updated

DONE

https://www.cloudlinux.com/cloudlinux-os-blog/entry/beta-cloudlinux-7-and-cloudlinux-6-hybrid-kernel-updated

Linux

Ubuntu

WAIT

https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SpectreAndMeltdown

WAIT

https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SpectreAndMeltdown

DONE

https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-5754.html

Linux

OpenSuse Linux based upon SUSE 12/11

WAIT

https://www.suse.com/security/cve/CVE-2017-5753/

WAIT

https://www.suse.com/security/cve/CVE-2017-5715/

WAIT

https://www.suse.com/security/cve/CVE-2017-5754/

Linux

Archlinux

WAIT

https://security.archlinux.org/CVE-2017-5753

WAIT

https://security.archlinux.org/CVE-2017-5715

DONE

https://security.archlinux.org/CVE-2017-5754

Linux

OpenVZ

DONE

https://openvz.org/Download/kernel/rhel6/042stab127.2

DONE

https://openvz.org/Download/kernel/rhel6/042stab127.2

DONE

https://openvz.org/Download/kernel/rhel6/042stab127.2

Linux

Proxmox 3.x

WAIT

Linux

Proxmox 4.X

DONE

https://forum.proxmox.com/threads/meltdown-and-spectre-linux-kernel-fixes.39110/

DONE

(/!\ partial /!\)

https://forum.proxmox.com/threads/meltdown-and-spectre-linux-kernel-fixes.39110/

DONE

(/!\ partial /!\)

https://forum.proxmox.com/threads/meltdown-and-spectre-linux-kernel-fixes.39110/

Linux

Proxmox 5.X

DONE

https://forum.proxmox.com/threads/meltdown-and-spectre-linux-kernel-fixes.39110/

DONE

(/!\ partial /!\)

https://forum.proxmox.com/threads/meltdown-and-spectre-linux-kernel-fixes.39110/

DONE

(/!\ partial /!\)

https://forum.proxmox.com/threads/meltdown-and-spectre-linux-kernel-fixes.39110/

Linux

CoreOS Container Linux (channels Stable/Beta/Alpha)

WAIT

https://coreos.com/releases

WAIT

https://coreos.com/releases

DONE

https://coreos.com/releases

BSD

DragonFlyBSD

WAIT

DONE

http://lists.dragonflybsd.org/pipermail/users/2018-January/313758.html

BSD

FreeBSD

WAIT

https://www.freebsd.org/fr/news/newsflash.html

WAIT

https://www.freebsd.org/fr/news/newsflash.html

WAIT

https://www.freebsd.org/fr/news/newsflash.html

BSD

OpenBSD

WAIT

BSD

NetBSD

WAIT

You can find more information regarding Meltdown and Spectre at:

Show Comments Hide Comments

7 thoughts on

Multiple Critical Security Vulnerabilities | Exploits Meltdown and Spectre – Emergency Security updates

Divya Sehgal

January 13, 2018 at 5:38 pm

Hey Atiq,

You have shared a very priceless Information in this post. But i did not understand the title cause i am from india so do not have enough good english. :p

Thanks for sharing Information about Security Vulnerabilities.

Atiq

January 18, 2018 at 10:44 am

Kernel Side-Channel Attacks – CVE-2017-5754 CVE-2017-5753 CVE-2017-5715
Redhat released updates :
Take Action

Red Hat customers running affected versions of the Red Hat products are strongly recommended to update them as soon as errata are available. Customers are urged to apply the appropriate updates immediately. All impacted products should apply fixes to mitigate all 3 variants; CVE-2017-5753 (variant 1), CVE-2017-5715 (variant 2), and CVE-2017-5754 (variant 3).

For details please visit: https://access.redhat.com/security/vulnerabilities/speculativeexecution

Joy Healey

January 27, 2018 at 9:27 pm

Gosh Atiq,

That sounds scary but I wouldn’t even know how to find out what my processor is and whether it is vulnerable!

I obviously still have a lot to learn 🙁

Joy Healey – Blogging After Dark

- Oleg Kaluger
  
  January 28, 2018 at 1:14 pm
  
  Hey Joy,
  
  Thank you for the comment,
  No worries about keeping track of Technical Specifications, the Tech team here at Temok does all that for you,
  
  thanks,
  – Oleg
  
Owin Joseph

February 2, 2018 at 9:25 pm

This is a very helpful post, nothing is ioo % safe nowadays, we have to be careful and vigilant which. Means installing updates as soon as they become available, and soon as you see any abnormality check it out. Get advice, also install a good firewall and malware software on your computer.

- Oleg Kaluger
  
  February 16, 2018 at 6:59 am
  
  Hey Owin,
  
  Thank you for the comment,
  Yes, the best action that you can take to protect yourself is to be careful,
  
  Stay safe, keep everything updated and have a firewall and anti-virus software,
  
  thanks,
  – Oleg
  
bhavik aherwal

February 24, 2018 at 11:59 am

great post keep it up

Multiple Critical Security Vulnerabilities | Exploits Meltdown and Spectre – Emergency Security updates

Multiple Critical Security Vulnerabilities | Exploits Meltdown and Spectre – Emergency Security updates

Intel affected CPU list

7 thoughts on

Multiple Critical Security Vulnerabilities | Exploits Meltdown and Spectre – Emergency Security updates

Divya Sehgal

Atiq

Joy Healey

Oleg Kaluger

Owin Joseph

Oleg Kaluger

bhavik aherwal

Leave a Reply Cancel reply

Register Your Domain

Before anyone else does

Make your Website Live Today

Choose one of your required Web Hosting Plan at market competitive prices

Managed Cloud Services

Managed Hosting

Company

Multiple Critical Security Vulnerabilities | Exploits Meltdown and Spectre – Emergency Security updates

Intel affected CPU list

7 thoughts on

Multiple Critical Security Vulnerabilities | Exploits Meltdown and Spectre – Emergency Security updates

Divya Sehgal

Atiq

Joy Healey

Oleg Kaluger

Owin Joseph

Oleg Kaluger

bhavik aherwal

Leave a Reply Cancel reply

Register Your Domain

Before anyone else does

Make your Website Live Today

Choose one of your required Web Hosting Plan at market competitive prices

Managed Cloud Services

Managed Hosting

Company

Newsletter