Multiple Critical Security Vulnerabilities | Exploits Meltdown and Spectre – Emergency Security Updates

4 min read

It has been disclosed recently that multiple critical security vulnerabilities affecting many CPU architectures, (CVE-2017-5753, CVE-2017-5715, and CVE-2017-5754)

Security engineers within Intel and each operating system’s community are working to provide patches to eliminate this threat. At least one of your servers may be vulnerable and should be upgraded to a more recent kernel version as soon as possible.

As per our knowledge, no fixed kernels are officially shipped in any distribution. However, we encourage you to regularly check for security updates to perform an upgrade of your kernel once available. We will also provide timely updates on Our Blog / in Announcements on the client area regarding the situation as we get new information/patches released.

Intel Affected The CPU List

Here is a non-exhaustive list of Intel processors affected by Meltdown and Spectre vulnerabilities :

  • Intel Core™ i3 processor (45nm and 32nm)
  • Intel Core™ i5 processor (45nm and 32nm)
  • Intel Core™ i7 processor (45nm and 32nm)
  • Intel Core™ M processor family (45nm and 32nm)
  • 2nd generation Intel Core processors
  • 3rd generation Intel Core processors
  • 4th generation Intel Core processors
  • 5th generation Intel Core processors
  • 6th generation Intel Core processors
  • 7th generation Intel Core processors
  • 8th generation Intel Core processors
  • Intel Core X-series Processor Family for Intel X99 platforms
  • Intel Core X-series Processor Family for Intel X299 platforms
  • Intel Xeon processor 3400 series
  • Intel Xeon processor 3600 series
  • Intel Xeon processor 5500 series
  • Intel Xeon processor 5600 series
  • Intel Xeon processor 6500 series
  • Intel Xeon processor 7500 series
  • Intel Xeon Processor E3 Family
  • Intel Xeon Processor E3 v2 Family
  • Intel Xeon Processor E3 v3 Family
  • Intel Xeon Processor E3 v4 Family
  • Intel Xeon Processor E3 v5 Family
  • Intel Xeon Processor E3 v6 Family
  • Intel Xeon Processor E5 Family
  • Intel Xeon Processor E5 v2 Family
  • Intel Xeon Processor E5 v3 Family
  • Intel Xeon Processor E5 v4 Family
  • Intel Xeon Processor E7 Family
  • Intel Xeon Processor E7 v2 Family
  • Intel Xeon Processor E7 v3 Family
  • Intel Xeon Processor E7 v4 Family
  • Intel Xeon Processor Scalable Family
  • Intel Xeon Phi Processor 3200, 5200, 7200 Series
  • Intel Atom Processor C Series
  • Intel Atom Processor E Series
  • Intel Atom Processor A Series
  • Intel Atom Processor x3 Series
  • Intel Atom Processor Z Series
  • Intel Celeron Processor J Series
  • Intel Celeron Processor N Series
  • Intel Pentium Processor J Series
  • Intel Pentium Processor N Series

All of them are affected. If you’re using one of them, we strongly recommend updating your system with the latest available patches. Some AMD processors may also be affected.

Note: Please note, the latest CloudLinux kernels not booting on Xen PV (including CL6, CL6h, and CL7 kernels). It is still not entirely clear what causes the issue, and the bug might have likely been brought with the RHEL patches.
We apologize for the inconvenience. Our team is restless and we put all our efforts into delivering the fix ASAP. We encourage you to wait until the solution is found. As an alternative you can migrate from Xen PV to Xen HVM, we haven’t had any complaints about the last one.

CloudLinux’s latest kernels from the stable and beta repositories have fixes for these CVEs.
https://www.cloudlinux.com/cloudlinux-os-blog/entry/beta-cloudlinux-6-kernel-updated-1-8

Meltdown and Spectre patches availability as per OS

OS Spectre – Variant 1

Bounds Check Bypass

(CVE-2017-5753)

Spectre – Variant 2

Branch Target Injection

(CVE-2017-5715)

Meltdown

Rogue Data Cache Load

Meltdown

(CVE-2017-5754)

 

 

Windows

Server 2008  

NOT AVAILABLE

upgrade to Windows Server 2008 R2

https://support.microsoft.com/en-us/help/4072698/windows-server-guidance-to-protect-against-the-speculative-execution-s

 

 

NOT AVAILABLE

upgrade to Windows Server 2008 R2

https://support.microsoft.com/en-us/help/4072698/windows-server-guidance-to-protect-against-the-speculative-execution-s

 

 

NOT AVAILABLE

upgrade to Windows Server 2008 R2

https://support.microsoft.com/en-us/help/4072698/windows-server-guidance-to-protect-against-the-speculative-execution-s

 

Windows Server 2008 R2 DONE

KB 4056897

https://support.microsoft.com/en-us/help/4072698/windows-server-guidance-to-protect-against-the-speculative-execution-s

https://support.microsoft.com/en-us/help/4056897

DONE

KB 4056897

https://support.microsoft.com/en-us/help/4072698/windows-server-guidance-to-protect-against-the-speculative-execution-s

https://support.microsoft.com/en-us/help/4056897

DONE

KB 4056897

https://support.microsoft.com/en-us/help/4072698/windows-server-guidance-to-protect-against-the-speculative-execution-s

https://support.microsoft.com/en-us/help/4056897

 

 

 

 

 

 

Windows

 

 

 

 

 

 

Server 2012

 

NOT AVAILABLE

upgrade to Windows Server 2012 R2

https://support.microsoft.com/en-us/help/4072698/windows-server-guidance-to-protect-against-the-speculative-execution-s

 

 

NOT AVAILABLE

upgrade to Windows Server 2012 R2

https://support.microsoft.com/en-us/help/4072698/windows-server-guidance-to-protect-against-the-speculative-execution-s

 

 

NOT AVAILABLE

upgrade to Windows Server 2012 R2

https://support.microsoft.com/en-us/help/4072698/windows-server-guidance-to-protect-against-the-speculative-execution-s

 

Windows Server 2012 R2 DONE

KB 4056898

https://support.microsoft.com/en-us/help/4072698/windows-server-guidance-to-protect-against-the-speculative-execution-s

https://support.microsoft.com/en-us/help/4056898

DONE

KB 4056898

https://support.microsoft.com/en-us/help/4072698/windows-server-guidance-to-protect-against-the-speculative-execution-s

https://support.microsoft.com/en-us/help/4056898

DONE

KB 4056898

https://support.microsoft.com/en-us/help/4072698/windows-server-guidance-to-protect-against-the-speculative-execution-s

https://support.microsoft.com/en-us/help/4056898

Windows Server 2016 DONE

KB 4056890 installed

https://support.microsoft.com/en-us/help/4072698/windows-server-guidance-to-protect-against-the-speculative-execution-s

https://support.microsoft.com/en-us/help/4056890

DONE

KB 4056890 installed

https://support.microsoft.com/en-us/help/4072698/windows-server-guidance-to-protect-against-the-speculative-execution-s

https://support.microsoft.com/en-us/help/4056890

DONE

KB 4056890 installed

https://support.microsoft.com/en-us/help/4072698/windows-server-guidance-to-protect-against-the-speculative-execution-s

https://support.microsoft.com/en-us/help/4056890

VMware vSphere 4.0/4.1/5.0/5.1 NOT AVAILABLE

https://www.vmware.com/us/security/advisories/VMSA-2018-0002.html

NOT AVAILABLE

https://www.vmware.com/us/security/advisories/VMSA-2018-0002.html

NOT AVAILABLE

 

https://www.vmware.com/us/security/advisories/VMSA-2018-0002.html

VMware vSphere 5.5 WAIT

https://www.vmware.com/us/security/advisories/VMSA-2018-0002.html

https://kb.vmware.com/kb/2150876

DONE

https://www.vmware.com/us/security/advisories/VMSA-2018-0002.html

https://kb.vmware.com/kb/2150876

 

WAIThttps://www.vmware.com/us/security/advisories/VMSA-2018-0002.html

https://kb.vmware.com/kb/2150876

VMware vSphere 6.0/6.5 DONE

https://www.vmware.com/us/security/advisories/VMSA-2018-0002.html

https://kb.vmware.com/kb/2151132

https://kb.vmware.com/kb/2151099

DONE

https://www.vmware.com/us/security/advisories/VMSA-2018-0002.html

https://kb.vmware.com/kb/2151132

https://kb.vmware.com/kb/2151099

DONE

https://www.vmware.com/us/security/advisories/VMSA-2018-0002.html

https://kb.vmware.com/kb/2151132

https://kb.vmware.com/kb/2151099

Linux Debian Wheezy WAIT

https://security-tracker.debian.org/tracker/CVE-2017-5753

WAIT

https://security-tracker.debian.org/tracker/CVE-2017-5715

DONE

https://security-tracker.debian.org/tracker/CVE-2017-5754

Linux Debian Jessie WAIT

https://security-tracker.debian.org/tracker/CVE-2017-5753

WAIT

https://security-tracker.debian.org/tracker/CVE-2017-5715

DONE

https://security-tracker.debian.org/tracker/CVE-2017-5754

Linux Debian Stretch WAIT

https://security-tracker.debian.org/tracker/CVE-2017-5753

WAIT

https://security-tracker.debian.org/tracker/CVE-2017-5715

DONE

https://security-tracker.debian.org/tracker/CVE-2017-5754

 

Linux Debian Buster WAIT

https://security-tracker.debian.org/tracker/CVE-2017-5753

WAIT

https://security-tracker.debian.org/tracker/CVE-2017-5715

WAIT

https://security-tracker.debian.org/tracker/CVE-2017-5754

Linux Debian Sid WAIT

https://security-tracker.debian.org/tracker/CVE-2017-5753

WAIT

https://security-tracker.debian.org/tracker/CVE-2017-5715

 

DONE

https://security-tracker.debian.org/tracker/CVE-2017-5754

Linux Red Hat Enterprise Linux 7 WAIT

https://bugzilla.redhat.com/show_bug.cgi?id=1519778

WAIT

https://bugzilla.redhat.com/show_bug.cgi?id=1519780

DONE

https://bugzilla.redhat.com/show_bug.cgi?id=1519781

RHSA-2018:0007

RHSA-2018:0016

Linux Red Hat Enterprise Linux 6 WAIT

https://bugzilla.redhat.com/show_bug.cgi?id=1519778

WAIT

https://bugzilla.redhat.com/show_bug.cgi?id=1519780

DONE

https://bugzilla.redhat.com/show_bug.cgi?id=1519781

RHSA-2018:0008

Linux Red Hat Enterprise Linux 5 WAIT

https://access.redhat.com/security/vulnerabilities/speculativeexecution

WAIT

https://access.redhat.com/security/vulnerabilities/speculativeexecution

WAIT

https://access.redhat.com/security/vulnerabilities/speculativeexecution

Linux Red Hat Enterprise Linux OpenStack Platform 7.0 (Kilo) for RHEL 7 WAIT

https://access.redhat.com/security/vulnerabilities/speculativeexecution

WAIT

https://access.redhat.com/security/vulnerabilities/speculativeexecution

WAIT

https://access.redhat.com/security/vulnerabilities/speculativeexecution

Linux Red Hat Enterprise Linux OpenStack Platform 6.0 (Juno) for RHEL 7 WAIT

https://access.redhat.com/security/vulnerabilities/speculativeexecution

WAIT

https://access.redhat.com/security/vulnerabilities/speculativeexecution

WAIT

https://access.redhat.com/security/vulnerabilities/speculativeexecution

Linux Red Hat OpenStack Platform v 8/9/10/11/12 WAIT

https://access.redhat.com/security/vulnerabilities/speculativeexecution

WAIT

https://access.redhat.com/security/vulnerabilities/speculativeexecution

WAIT

https://access.redhat.com/security/vulnerabilities/speculativeexecution

Linux CentOS 6 DONE

https://access.redhat.com/errata/RHSA-2018:0008

https://access.redhat.com/errata/RHSA-2018:0013

https://access.redhat.com/errata/RHSA-2018:0024

WAIT DONE

https://access.redhat.com/errata/RHSA-2018:0008


https://access.redhat.com/errata/RHSA-2018:0013


https://access.redhat.com/errata/RHSA-2018:0024

Linux CentOS 7 DONE

https://www.centos.org/forums/viewtopic.php?f=51&t=65617

https://bugzilla.redhat.com/show_bug.cgi?id=151977

WAIT DONE

https://www.centos.org/forums/viewtopic.php?f=51&t=65617

https://bugzilla.redhat.com/show_bug.cgi?id=1519778

Linux Fedora 26 WAIT WAIT DONE
Linux Fedora 27 WAIT WAIT DONE
Linux SUSE OpenStack Cloud 6 WAIT

https://www.suse.com/security/cve/CVE-2017-5753/

WAIT

https://www.suse.com/security/cve/CVE-2017-5715/

WAIT

https://www.suse.com/security/cve/CVE-2017-5754/

Linux SUSE Linux Enterprise Server 11 SP3-LTSS WAIT

https://www.suse.com/security/cve/CVE-2017-5753/

WAIT

https://www.suse.com/security/cve/CVE-2017-5715/

WAIT

https://www.suse.com/security/cve/CVE-2017-5754/

Linux SUSE Linux Enterprise Server 11 SP4 DONE

https://www.suse.com/security/cve/CVE-2017-5753/

https://download.suse.com/Download?buildid=Sgz1BG6h3yE~

https://download.suse.com/Download?buildid=8qOeEOkt8Vs~

https://download.suse.com/Download?buildid=1x1ZNuXBr48~

DONE

https://www.suse.com/security/cve/CVE-2017-5715/

https://download.suse.com/Download?buildid=Sgz1BG6h3yE~

https://download.suse.com/Download?buildid=8qOeEOkt8Vs~

https://download.suse.com/Download?buildid=1x1ZNuXBr48~

DONE

https://www.suse.com/security/cve/CVE-2017-5754/

https://download.suse.com/Download?buildid=Sgz1BG6h3yE~

https://download.suse.com/Download?buildid=8qOeEOkt8Vs~

https://download.suse.com/Download?buildid=1x1ZNuXBr48~

Linux SUSE Container as a Service Platform ALL DONE

https://www.suse.com/security/cve/CVE-2017-5753/

https://download.suse.com/Download?buildid=GlSdn9vmvx8~

https://download.suse.com/Download?buildid=Bd4ejFnSPQA~

https://download.suse.com/Download?buildid=7iQ4Q7STjhA~

https://www.suse.com/security/cve/CVE-2017-5753/

DONE

https://www.suse.com/security/cve/CVE-2017-5715/

https://download.suse.com/Download?buildid=GlSdn9vmvx8~

https://download.suse.com/Download?buildid=Bd4ejFnSPQA~

https://download.suse.com/Download?buildid=7iQ4Q7STjhA~

 

DONE

https://www.suse.com/security/cve/CVE-2017-5754/

https://download.suse.com/Download?buildid=GlSdn9vmvx8~

https://download.suse.com/Download?buildid=Bd4ejFnSPQA~

https://download.suse.com/Download?buildid=7iQ4Q7STjhA~

Linux Gentoo WAIT

https://bugs.gentoo.org/643352

https://wiki.gentoo.org/wiki/Project:Security/Vulnerabilities/Meltdown_and_Spectre

https://bugs.gentoo.org/643340

WAIT

https://bugs.gentoo.org/643352

https://wiki.gentoo.org/wiki/Project:Security/Vulnerabilities/Meltdown_and_Spectre

https://bugs.gentoo.org/643342

WAIT

https://bugs.gentoo.org/643352

https://wiki.gentoo.org/wiki/Project:Security/Vulnerabilities/Meltdown_and_Spectre

https://bugs.gentoo.org/643344

Linux Slackware 14 WAIT WAIT WAIT
Solaris SmartOS WAIT

https://help.joyent.com/hc/en-us/articles/115015938847-Security-Advisory-Intel-Security-Findings

WAIT

https://help.joyent.com/hc/en-us/articles/115015938847-Security-Advisory-Intel-Security-Findings

WAIT

https://help.joyent.com/hc/en-us/articles/115015938847-Security-Advisory-Intel-Security-Findings

Linux CloudLinux 6 DONE

https://www.cloudlinux.com/cloudlinux-os-blog/entry/cloudlinux-6-kernel-updated-1-5

DONE

https://www.cloudlinux.com/cloudlinux-os-blog/entry/cloudlinux-6-kernel-updated-1-5

DONE

https://www.cloudlinux.com/cloudlinux-os-blog/entry/cloudlinux-6-kernel-updated-1-5

Linux CloudLinux 7 DONE

https://www.cloudlinux.com/cloudlinux-os-blog/entry/beta-cloudlinux-7-and-cloudlinux-6-hybrid-kernel-updated

DONE

https://www.cloudlinux.com/cloudlinux-os-blog/entry/beta-cloudlinux-7-and-cloudlinux-6-hybrid-kernel-updated

DONE

https://www.cloudlinux.com/cloudlinux-os-blog/entry/beta-cloudlinux-7-and-cloudlinux-6-hybrid-kernel-updated

Linux Ubuntu

 

WAIT

https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SpectreAndMeltdown

WAIT

https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SpectreAndMeltdown

DONE

https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-5754.html

Linux OpenSuse Linux based upon SUSE 12/11 WAIT

https://www.suse.com/security/cve/CVE-2017-5753/

WAIT

https://www.suse.com/security/cve/CVE-2017-5715/

WAIT

https://www.suse.com/security/cve/CVE-2017-5754/

Linux Archlinux WAIT

https://security.archlinux.org/CVE-2017-5753

WAIT

https://security.archlinux.org/CVE-2017-5715

DONE

https://security.archlinux.org/CVE-2017-5754

Linux OpenVZ DONE

https://openvz.org/Download/kernel/rhel6/042stab127.2

DONE

https://openvz.org/Download/kernel/rhel6/042stab127.2

DONE

https://openvz.org/Download/kernel/rhel6/042stab127.2

Linux Proxmox 3. x WAIT WAIT WAIT
Linux Proxmox 4. X DONE

https://forum.proxmox.com/threads/meltdown-and-spectre-linux-kernel-fixes.39110/

DONE

(/!\ partial /!\)

https://forum.proxmox.com/threads/meltdown-and-spectre-linux-kernel-fixes.39110/

DONE

(/!\ partial /!\)

https://forum.proxmox.com/threads/meltdown-and-spectre-linux-kernel-fixes.39110/

Linux Proxmox 5. X DONE

https://forum.proxmox.com/threads/meltdown-and-spectre-linux-kernel-fixes.39110/

DONE

(/!\ partial /!\)

https://forum.proxmox.com/threads/meltdown-and-spectre-linux-kernel-fixes.39110/

DONE

(/!\ partial /!\)

https://forum.proxmox.com/threads/meltdown-and-spectre-linux-kernel-fixes.39110/

Linux CoreOS Container Linux (channels Stable/Beta/Alpha) WAIT

https://coreos.com/releases

WAIT

https://coreos.com/releases

DONE

https://coreos.com/releases

BSD DragonFlyBSD WAIT

 

WAIT DONE

https://lists.dragonflybsd.org/pipermail/users/2018-January/313758.html

BSD FreeBSD WAIT

https://www.freebsd.org/fr/news/newsflash.html

WAIT

https://www.freebsd.org/fr/news/newsflash.html

WAIT

https://www.freebsd.org/fr/news/newsflash.html

BSD OpenBSD WAIT WAIT WAIT
BSD NetBSD WAIT WAIT WAIT

You can find more information regarding Meltdown and Spectre at:

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Make Your Website Live!

Choose Your Desired Web Hosting Plan Now

Temok IT Services
© Copyright TEMOK 2024. All Rights Reserved.