Meltdown

Multiple Critical Security Vulnerabilities | Exploits Meltdown and Spectre – Emergency Security Updates

4 min read
Posted on
by Atiq
Home Community Posts Multiple Critical Security Vulnerabilities | Exploits Meltdown and Spectre – Emergency Security Updates
Home Community Posts Multiple Critical Security Vulnerabilities | Exploits Meltdown and Spectre – Emergency Security Updates

Multiple Critical Security Vulnerabilities | Exploits Meltdown and Spectre – Emergency Security Updates

Atiq<span class="bp-verified-badge"></span> Atiq
Posted on
4 min read
7
4 min read

It has been disclosed recently that multiple critical security vulnerabilities affecting many CPU architectures, (CVE-2017-5753, CVE-2017-5715, and CVE-2017-5754)

Security engineers within Intel and each operating system’s community are working to provide patches to eliminate this threat. At least one of your servers may be vulnerable and should be upgraded to a more recent kernel version as soon as possible.

As per our knowledge, no fixed kernels are officially shipped in any distribution. However, we encourage you to regularly check for security updates to perform an upgrade of your kernel once available. We will also provide timely updates on Our Blog / in Announcements on the client area regarding the situation as we get new information/patches released.

Intel Affected The CPU List

Here is a non-exhaustive list of Intel processors affected by Meltdown and Spectre vulnerabilities :

  • Intel Core™ i3 processor (45nm and 32nm)
  • Intel Core™ i5 processor (45nm and 32nm)
  • Intel Core™ i7 processor (45nm and 32nm)
  • Intel Core™ M processor family (45nm and 32nm)
  • 2nd generation Intel Core processors
  • 3rd generation Intel Core processors
  • 4th generation Intel Core processors
  • 5th generation Intel Core processors
  • 6th generation Intel Core processors
  • 7th generation Intel Core processors
  • 8th generation Intel Core processors
  • Intel Core X-series Processor Family for Intel X99 platforms
  • Intel Core X-series Processor Family for Intel X299 platforms
  • Intel Xeon processor 3400 series
  • Intel Xeon processor 3600 series
  • Intel Xeon processor 5500 series
  • Intel Xeon processor 5600 series
  • Intel Xeon processor 6500 series
  • Intel Xeon processor 7500 series
  • Intel Xeon Processor E3 Family
  • Intel Xeon Processor E3 v2 Family
  • Intel Xeon Processor E3 v3 Family
  • Intel Xeon Processor E3 v4 Family
  • Intel Xeon Processor E3 v5 Family
  • Intel Xeon Processor E3 v6 Family
  • Intel Xeon Processor E5 Family
  • Intel Xeon Processor E5 v2 Family
  • Intel Xeon Processor E5 v3 Family
  • Intel Xeon Processor E5 v4 Family
  • Intel Xeon Processor E7 Family
  • Intel Xeon Processor E7 v2 Family
  • Intel Xeon Processor E7 v3 Family
  • Intel Xeon Processor E7 v4 Family
  • Intel Xeon Processor Scalable Family
  • Intel Xeon Phi Processor 3200, 5200, 7200 Series
  • Intel Atom Processor C Series
  • Intel Atom Processor E Series
  • Intel Atom Processor A Series
  • Intel Atom Processor x3 Series
  • Intel Atom Processor Z Series
  • Intel Celeron Processor J Series
  • Intel Celeron Processor N Series
  • Intel Pentium Processor J Series
  • Intel Pentium Processor N Series

All of them are affected. If you’re using one of them, we strongly recommend updating your system with the latest available patches. Some AMD processors may also be affected.

Note: Please note, the latest CloudLinux kernels not booting on Xen PV (including CL6, CL6h, and CL7 kernels). It is still not entirely clear what causes the issue, and the bug might have likely been brought with the RHEL patches.
We apologize for the inconvenience. Our team is restless and we put all our efforts into delivering the fix ASAP. We encourage you to wait until the solution is found. As an alternative you can migrate from Xen PV to Xen HVM, we haven’t had any complaints about the last one.

CloudLinux’s latest kernels from the stable and beta repositories have fixes for these CVEs.
https://www.cloudlinux.com/cloudlinux-os-blog/entry/beta-cloudlinux-6-kernel-updated-1-8

Meltdown and Spectre patches availability as per OS

OS Spectre – Variant 1

Bounds Check Bypass

(CVE-2017-5753)

 Spectre – Variant 2

Branch Target Injection

(CVE-2017-5715)

 Meltdown

Rogue Data Cache Load

Meltdown

(CVE-2017-5754)
 

 

Windows

 Server 2008  

NOT AVAILABLE

upgrade to Windows Server 2008 R2

https://support.microsoft.com/en-us/help/4072698/windows-server-guidance-to-protect-against-the-speculative-execution-s

 

  

NOT AVAILABLE

upgrade to Windows Server 2008 R2

https://support.microsoft.com/en-us/help/4072698/windows-server-guidance-to-protect-against-the-speculative-execution-s

 

  

NOT AVAILABLE

upgrade to Windows Server 2008 R2

https://support.microsoft.com/en-us/help/4072698/windows-server-guidance-to-protect-against-the-speculative-execution-s

 
Windows Server 2008 R2 DONE

KB 4056897

https://support.microsoft.com/en-us/help/4072698/windows-server-guidance-to-protect-against-the-speculative-execution-s

https://support.microsoft.com/en-us/help/4056897

 DONE

KB 4056897

https://support.microsoft.com/en-us/help/4072698/windows-server-guidance-to-protect-against-the-speculative-execution-s

https://support.microsoft.com/en-us/help/4056897

 DONE

KB 4056897

https://support.microsoft.com/en-us/help/4072698/windows-server-guidance-to-protect-against-the-speculative-execution-s

https://support.microsoft.com/en-us/help/4056897
 

 

 

 

 

 

Windows

  

 

 

 

 

 

Server 2012

  

NOT AVAILABLE

upgrade to Windows Server 2012 R2

https://support.microsoft.com/en-us/help/4072698/windows-server-guidance-to-protect-against-the-speculative-execution-s

 

  

NOT AVAILABLE

upgrade to Windows Server 2012 R2

https://support.microsoft.com/en-us/help/4072698/windows-server-guidance-to-protect-against-the-speculative-execution-s

 

  

NOT AVAILABLE

upgrade to Windows Server 2012 R2

https://support.microsoft.com/en-us/help/4072698/windows-server-guidance-to-protect-against-the-speculative-execution-s

 
Windows Server 2012 R2 DONE

KB 4056898

https://support.microsoft.com/en-us/help/4072698/windows-server-guidance-to-protect-against-the-speculative-execution-s

https://support.microsoft.com/en-us/help/4056898

 DONE

KB 4056898

https://support.microsoft.com/en-us/help/4072698/windows-server-guidance-to-protect-against-the-speculative-execution-s

https://support.microsoft.com/en-us/help/4056898

 DONE

KB 4056898

https://support.microsoft.com/en-us/help/4072698/windows-server-guidance-to-protect-against-the-speculative-execution-s

https://support.microsoft.com/en-us/help/4056898
Windows Server 2016 DONE

KB 4056890 installed

https://support.microsoft.com/en-us/help/4072698/windows-server-guidance-to-protect-against-the-speculative-execution-s

https://support.microsoft.com/en-us/help/4056890

 DONE

KB 4056890 installed

https://support.microsoft.com/en-us/help/4072698/windows-server-guidance-to-protect-against-the-speculative-execution-s

https://support.microsoft.com/en-us/help/4056890

 DONE

KB 4056890 installed

https://support.microsoft.com/en-us/help/4072698/windows-server-guidance-to-protect-against-the-speculative-execution-s

https://support.microsoft.com/en-us/help/4056890
VMware vSphere 4.0/4.1/5.0/5.1 NOT AVAILABLE

https://www.vmware.com/us/security/advisories/VMSA-2018-0002.html

 NOT AVAILABLE

https://www.vmware.com/us/security/advisories/VMSA-2018-0002.html

 NOT AVAILABLE

 

https://www.vmware.com/us/security/advisories/VMSA-2018-0002.html
VMware vSphere 5.5 WAIT

https://www.vmware.com/us/security/advisories/VMSA-2018-0002.html

https://kb.vmware.com/kb/2150876

 DONE

https://www.vmware.com/us/security/advisories/VMSA-2018-0002.html

https://kb.vmware.com/kb/2150876

  

WAIThttps://www.vmware.com/us/security/advisories/VMSA-2018-0002.html

https://kb.vmware.com/kb/2150876
VMware vSphere 6.0/6.5 DONE

https://www.vmware.com/us/security/advisories/VMSA-2018-0002.html

https://kb.vmware.com/kb/2151132

https://kb.vmware.com/kb/2151099

 DONE

https://www.vmware.com/us/security/advisories/VMSA-2018-0002.html

https://kb.vmware.com/kb/2151132

https://kb.vmware.com/kb/2151099

 DONE

https://www.vmware.com/us/security/advisories/VMSA-2018-0002.html

https://kb.vmware.com/kb/2151132

https://kb.vmware.com/kb/2151099
Linux Debian Wheezy WAIT

https://security-tracker.debian.org/tracker/CVE-2017-5753

 WAIT

https://security-tracker.debian.org/tracker/CVE-2017-5715

 DONE

https://security-tracker.debian.org/tracker/CVE-2017-5754
Linux Debian Jessie WAIT

https://security-tracker.debian.org/tracker/CVE-2017-5753

 WAIT

https://security-tracker.debian.org/tracker/CVE-2017-5715

 DONE

https://security-tracker.debian.org/tracker/CVE-2017-5754
Linux Debian Stretch WAIT

https://security-tracker.debian.org/tracker/CVE-2017-5753

 WAIT

https://security-tracker.debian.org/tracker/CVE-2017-5715

 DONE

https://security-tracker.debian.org/tracker/CVE-2017-5754

https://www.debian.org/doc/manuals/debian-faq/ch-uptodate.en.html
Linux Debian Buster WAIT

https://security-tracker.debian.org/tracker/CVE-2017-5753

 WAIT

https://security-tracker.debian.org/tracker/CVE-2017-5715

 WAIT

https://security-tracker.debian.org/tracker/CVE-2017-5754
Linux Debian Sid WAIT

https://security-tracker.debian.org/tracker/CVE-2017-5753

 WAIT

https://security-tracker.debian.org/tracker/CVE-2017-5715

  

DONEhttps://security-tracker.debian.org/tracker/CVE-2017-5754

https://www.debian.org/doc/manuals/debian-faq/ch-uptodate.en.html
Linux Red Hat Enterprise Linux 7 WAIT

https://bugzilla.redhat.com/show_bug.cgi?id=1519778

 WAIT

https://bugzilla.redhat.com/show_bug.cgi?id=1519780

 DONE

https://bugzilla.redhat.com/show_bug.cgi?id=1519781

RHSA-2018:0007

RHSA-2018:0016
Linux Red Hat Enterprise Linux 6 WAIT

https://bugzilla.redhat.com/show_bug.cgi?id=1519778

 WAIT

https://bugzilla.redhat.com/show_bug.cgi?id=1519780

 DONE

https://bugzilla.redhat.com/show_bug.cgi?id=1519781

RHSA-2018:0008
Linux Red Hat Enterprise Linux 5 WAIT

https://access.redhat.com/security/vulnerabilities/speculativeexecution

 WAIT

https://access.redhat.com/security/vulnerabilities/speculativeexecution

 WAIT

https://access.redhat.com/security/vulnerabilities/speculativeexecution
Linux Red Hat Enterprise Linux OpenStack Platform 7.0 (Kilo) for RHEL 7 WAIT

https://access.redhat.com/security/vulnerabilities/speculativeexecution

 WAIT

https://access.redhat.com/security/vulnerabilities/speculativeexecution

 WAIT

https://access.redhat.com/security/vulnerabilities/speculativeexecution
Linux Red Hat Enterprise Linux OpenStack Platform 6.0 (Juno) for RHEL 7 WAIT

https://access.redhat.com/security/vulnerabilities/speculativeexecution

 WAIT

https://access.redhat.com/security/vulnerabilities/speculativeexecution

 WAIT

https://access.redhat.com/security/vulnerabilities/speculativeexecution
Linux Red Hat OpenStack Platform v 8/9/10/11/12 WAIT

https://access.redhat.com/security/vulnerabilities/speculativeexecution

 WAIT

https://access.redhat.com/security/vulnerabilities/speculativeexecution

 WAIT

https://access.redhat.com/security/vulnerabilities/speculativeexecution
Linux CentOS 6 DONE

https://access.redhat.com/errata/RHSA-2018:0008

https://access.redhat.com/errata/RHSA-2018:0013

https://access.redhat.com/errata/RHSA-2018:0024

 WAIT DONE

https://access.redhat.com/errata/RHSA-2018:0008


https://access.redhat.com/errata/RHSA-2018:0013


https://access.redhat.com/errata/RHSA-2018:0024
Linux CentOS 7 DONE

https://www.centos.org/forums/viewtopic.php?f=51&t=65617

https://bugzilla.redhat.com/show_bug.cgi?id=151977

 WAIT DONE

https://www.centos.org/forums/viewtopic.php?f=51&t=65617

https://bugzilla.redhat.com/show_bug.cgi?id=1519778
Linux Fedora 26 WAIT WAIT DONE
Linux Fedora 27 WAIT WAIT DONE
Linux SUSE OpenStack Cloud 6 WAIT

https://www.suse.com/security/cve/CVE-2017-5753/

 WAIT

https://www.suse.com/security/cve/CVE-2017-5715/

 WAIT

https://www.suse.com/security/cve/CVE-2017-5754/
Linux SUSE Linux Enterprise Server 11 SP3-LTSS WAIT

https://www.suse.com/security/cve/CVE-2017-5753/

 WAIT

https://www.suse.com/security/cve/CVE-2017-5715/

 WAIT

https://www.suse.com/security/cve/CVE-2017-5754/
Linux SUSE Linux Enterprise Server 11 SP4 DONE

https://www.suse.com/security/cve/CVE-2017-5753/

https://download.suse.com/Download?buildid=Sgz1BG6h3yE~

https://download.suse.com/Download?buildid=8qOeEOkt8Vs~

https://download.suse.com/Download?buildid=1x1ZNuXBr48~

 DONE

https://www.suse.com/security/cve/CVE-2017-5715/

https://download.suse.com/Download?buildid=Sgz1BG6h3yE~

https://download.suse.com/Download?buildid=8qOeEOkt8Vs~

https://download.suse.com/Download?buildid=1x1ZNuXBr48~

 DONE

https://www.suse.com/security/cve/CVE-2017-5754/

https://download.suse.com/Download?buildid=Sgz1BG6h3yE~

https://download.suse.com/Download?buildid=8qOeEOkt8Vs~

https://download.suse.com/Download?buildid=1x1ZNuXBr48~
Linux SUSE Container as a Service Platform ALL DONE

https://www.suse.com/security/cve/CVE-2017-5753/

https://download.suse.com/Download?buildid=GlSdn9vmvx8~

https://download.suse.com/Download?buildid=Bd4ejFnSPQA~

https://download.suse.com/Download?buildid=7iQ4Q7STjhA~

https://www.suse.com/security/cve/CVE-2017-5753/

 DONE

https://www.suse.com/security/cve/CVE-2017-5715/

https://download.suse.com/Download?buildid=GlSdn9vmvx8~

https://download.suse.com/Download?buildid=Bd4ejFnSPQA~

https://download.suse.com/Download?buildid=7iQ4Q7STjhA~

 

 DONE

https://www.suse.com/security/cve/CVE-2017-5754/

https://download.suse.com/Download?buildid=GlSdn9vmvx8~

https://download.suse.com/Download?buildid=Bd4ejFnSPQA~

https://download.suse.com/Download?buildid=7iQ4Q7STjhA~
Linux Gentoo WAIT

https://bugs.gentoo.org/643352

https://wiki.gentoo.org/wiki/Project:Security/Vulnerabilities/Meltdown_and_Spectre

https://bugs.gentoo.org/643340

 WAIT

https://bugs.gentoo.org/643352

https://wiki.gentoo.org/wiki/Project:Security/Vulnerabilities/Meltdown_and_Spectre

https://bugs.gentoo.org/643342

 WAIT

https://bugs.gentoo.org/643352

https://wiki.gentoo.org/wiki/Project:Security/Vulnerabilities/Meltdown_and_Spectre

https://bugs.gentoo.org/643344
Linux Slackware 14 WAIT WAIT WAIT
Solaris SmartOS WAIT

https://help.joyent.com/hc/en-us/articles/115015938847-Security-Advisory-Intel-Security-Findings

 WAIT

https://help.joyent.com/hc/en-us/articles/115015938847-Security-Advisory-Intel-Security-Findings

 WAIT

https://help.joyent.com/hc/en-us/articles/115015938847-Security-Advisory-Intel-Security-Findings
Linux CloudLinux 6 DONE

https://www.cloudlinux.com/cloudlinux-os-blog/entry/cloudlinux-6-kernel-updated-1-5

 DONE

https://www.cloudlinux.com/cloudlinux-os-blog/entry/cloudlinux-6-kernel-updated-1-5

 DONE

https://www.cloudlinux.com/cloudlinux-os-blog/entry/cloudlinux-6-kernel-updated-1-5
Linux CloudLinux 7 DONE

https://www.cloudlinux.com/cloudlinux-os-blog/entry/beta-cloudlinux-7-and-cloudlinux-6-hybrid-kernel-updated

 DONE

https://www.cloudlinux.com/cloudlinux-os-blog/entry/beta-cloudlinux-7-and-cloudlinux-6-hybrid-kernel-updated

 DONE

https://www.cloudlinux.com/cloudlinux-os-blog/entry/beta-cloudlinux-7-and-cloudlinux-6-hybrid-kernel-updated
Linux Ubuntu

 

 WAIT

https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SpectreAndMeltdown

 WAIT

https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SpectreAndMeltdown

 DONE

https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-5754.html
Linux OpenSuse Linux based upon SUSE 12/11 WAIT

https://www.suse.com/security/cve/CVE-2017-5753/

 WAIT

https://www.suse.com/security/cve/CVE-2017-5715/

 WAIT

https://www.suse.com/security/cve/CVE-2017-5754/
Linux Archlinux WAIT

https://security.archlinux.org/CVE-2017-5753

 WAIT

https://security.archlinux.org/CVE-2017-5715

 DONE

https://security.archlinux.org/CVE-2017-5754
Linux OpenVZ DONE

https://openvz.org/Download/kernel/rhel6/042stab127.2

 DONE

https://openvz.org/Download/kernel/rhel6/042stab127.2

 DONE

https://openvz.org/Download/kernel/rhel6/042stab127.2
Linux Proxmox 3. x WAIT WAIT WAIT
Linux Proxmox 4. X DONE

https://forum.proxmox.com/threads/meltdown-and-spectre-linux-kernel-fixes.39110/

 DONE

(/!\ partial /!\)

https://forum.proxmox.com/threads/meltdown-and-spectre-linux-kernel-fixes.39110/

 DONE

(/!\ partial /!\)

https://forum.proxmox.com/threads/meltdown-and-spectre-linux-kernel-fixes.39110/
Linux Proxmox 5. X DONE

https://forum.proxmox.com/threads/meltdown-and-spectre-linux-kernel-fixes.39110/

 DONE

(/!\ partial /!\)

https://forum.proxmox.com/threads/meltdown-and-spectre-linux-kernel-fixes.39110/

 DONE

(/!\ partial /!\)

https://forum.proxmox.com/threads/meltdown-and-spectre-linux-kernel-fixes.39110/
Linux CoreOS Container Linux (channels Stable/Beta/Alpha) WAIT

https://coreos.com/releases

 WAIT

https://coreos.com/releases

 DONE

https://coreos.com/releases
BSD DragonFlyBSD WAIT

 

 WAIT DONE

https://lists.dragonflybsd.org/pipermail/users/2018-January/313758.html
BSD FreeBSD WAIT

https://www.freebsd.org/fr/news/newsflash.html

 WAIT

https://www.freebsd.org/fr/news/newsflash.html

 WAIT

https://www.freebsd.org/fr/news/newsflash.html
BSD OpenBSD WAIT WAIT WAIT
BSD NetBSD WAIT WAIT WAIT

You can find more information regarding Meltdown and Spectre at:

7 thoughts on

Multiple Critical Security Vulnerabilities | Exploits Meltdown and Spectre – Emergency Security Updates

  • Divya Sehgal

    Hey Atiq,

    You have shared a very priceless Information in this post. But i did not understand the title cause i am from india so do not have enough good english. :p

    Thanks for sharing Information about Security Vulnerabilities.

    Reply
  • Atiq

    Kernel Side-Channel Attacks – CVE-2017-5754 CVE-2017-5753 CVE-2017-5715
    Redhat released updates :
    Take Action

    Red Hat customers running affected versions of the Red Hat products are strongly recommended to update them as soon as errata are available. Customers are urged to apply the appropriate updates immediately. All impacted products should apply fixes to mitigate all 3 variants; CVE-2017-5753 (variant 1), CVE-2017-5715 (variant 2), and CVE-2017-5754 (variant 3).

    For details please visit: https://access.redhat.com/security/vulnerabilities/speculativeexecution

    Reply
  • Joy Healey

    Gosh Atiq,

    That sounds scary but I wouldn’t even know how to find out what my processor is and whether it is vulnerable!

    I obviously still have a lot to learn 🙁

    Joy Healey – Blogging After Dark

    Reply
    • Oleg Kaluger

      Hey Joy,

      Thank you for the comment,
      No worries about keeping track of Technical Specifications, the Tech team here at Temok does all that for you,

      thanks,
      – Oleg

      Reply
  • Owin Joseph

    This is a very helpful post, nothing is ioo % safe nowadays, we have to be careful and vigilant which. Means installing updates as soon as they become available, and soon as you see any abnormality check it out. Get advice, also install a good firewall and malware software on your computer.

    Reply
    • Oleg Kaluger

      Hey Owin,

      Thank you for the comment,
      Yes, the best action that you can take to protect yourself is to be careful,

      Stay safe, keep everything updated and have a firewall and anti-virus software,

      thanks,
      – Oleg

      Reply
  • bhavik aherwal

    great post keep it up

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Make Your Website Live Today

Choose one of your required Web Hosting Plan at market competitive prices

Web Hosting Plans

Managed Cloud Services

Managed Hosting

Company

Newsletter

Sign up for special offers:

Temok IT Services
© Copyright TEMOK 2024. All Rights Reserved.